|
Hi, I had misunderstood the problem the other
day. I wanted my CAS protected service to obtain a PGT so it could then access
a back end service, also protected by CAS. After further reading I realised I
was not using the ProxyTicketReceptor with a proxy call back. Now I am using
this it works great. I pick out the PGTIOU from my acegi CasAuthenticationToken
and then use ProxyTicketReceptor.getProxyTicket (String pgtIou, String target) to obtain my proxy ticket. Cheers, Ian From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Which service will be
attempting to access the backend service? The "CAS-protected"
service or are you trying to use the CAS web service directly obtain a PGT and
ST? In the former case, you should look at the CAS Client documentation
on what methods to call to obtain a PT (and for how to configure it to get a
PGT). In the latter case, the " delegateTicketGrantingTicket"
would grant you a PGT and the " grantServiceTicket" using the PGT
would give you a PT. On 10/19/06, Hi, I
have CAS set up and exposed via Xfire to allow me to use my own secured web
services. I have re-written CentralAuthenticationService interface so I pass
UsernamePasswordCredentials rather than Credentials interface and this is what
CAS exposes for me. My
client application wishing to gain access to my service runs the following
calls…. //Construct
web service interface UsernamePasswordCentralAuthenticationService
authService = (UsernamePasswordCentralAuthenticationService)factory.create(casModel,
"http://localhost:8080/cas/CentralAuthenticationService");
//
Construct a credentials object UsernamePasswordCredentials
creds = new UsernamePasswordCredentials(); creds.setUsername("admin"); creds.setPassword("admin"); //
Get a TGT for the supplied creds String
ticketGrantingTicket = authService.createTicketGrantingTicket(creds); //Get
an ST for the TGT and service I want to access String
serviceTicket = authService.grantServiceTicket(ticketGrantingTicket, "http://localhost:8080/j_acegi_cas_security_check"); //Supply
the credentials to the service I wish to access UsernamePasswordCredentials
serviceCreds = new UsernamePasswordCredentials(); creds.setUsername(CasProcessingFilter.CAS_STATELESS_IDENTIFIER); creds.setPassword(serviceTicket); …..
the construct web service interface for the service I want to call and pass the
serviceCreds. All of this works just great and I can call my secured services. The
problem I have is I don't really understand how to get the service above to
authenticate with backend services. I'm assuming this is proxy authentication. The
CentralAuthenticationService interface provides me with the interface below. I
wonder which methods I need to call to obtain a PGT and an ST for that PGT (if
that's even correct). Any help would be greatly appreciated. public
interface CentralAuthenticationService {
/**
* Create a TicketGrantingTicket based on opaque credentials supplied by the
* caller.
*
* @param credentials The credentials to create the ticket for
* @return The String identifier of the ticket (may not be null).
* @throws TicketException if ticket cannot be created
*/
String createTicketGrantingTicket(Credentials credentials)
throws TicketException;
/**
* Grant a ServiceTicket for a Service.
*
* @param ticketGrantingTicketId Proof of prior authentication.
* @param service The target service of the ServiceTicket.
* @return the ServiceTicket for target Service.
* @throws TicketException if the ticket could not be created.
*/
String grantServiceTicket(String ticketGrantingTicketId, Service service)
throws TicketException;
/**
* Grant a ServiceTicket for a Service *if* the principal resolved from the
* credentials matches the principal associated with the
* TicketGrantingTicket.
*
* @param ticketGrantingTicketId Proof of prior authentication.
* @param service The target service of the ServiceTicket.
* @param credentials the Credentials to present to receive the
* ServiceTicket
* @return the ServiceTicket for target Service.
* @throws TicketException if the ticket could not be created.
*/
String grantServiceTicket(final String ticketGrantingTicketId,
final Service service, final Credentials credentials)
throws TicketException;
/**
* Validate a ServiceTicket for a particular Service.
*
* @param serviceTicketId Proof of prior authentication.
* @param service Service wishing to validate a prior authentication.
* @return ServiceTicket if valid for the service
* @throws TicketException if there was an error validating the ticket.
*/
Assertion validateServiceTicket(final String serviceTicketId,
final Service service) throws TicketException;
/**
* Destroy a TicketGrantingTicket. This has the effect of invalidating any
* Ticket that was derived from the TicketGrantingTicket being destroyed.
*
* @param ticketGrantingTicketId the id of the ticket we want to destroy
*/
void destroyTicketGrantingTicket(final String ticketGrantingTicketId);
/**
* Delegate a TicketGrantingTicket to a Service for proxying authentication
* to other Services.
*
* @param serviceTicketId The service ticket that will delegate to a
* TicketGrantingTicket
* @param credentials The credentials of the service that wishes to have a
* TicketGrantingTicket delegated to it.
* @return TicketGrantingTicket that can grant ServiceTickets that proxy
* authentication.
* @throws TicketException if there was an error creating the ticket
*/
String delegateTicketGrantingTicket(final String serviceTicketId,
final Credentials credentials) throws TicketException; } Cheers, Senior
Software Engineer CSW Group
Ltd
|
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
