Hi,
I'm not sure in what context you are implementing the logic you describe,
but:
CAS should be used as an authenticated session broker, not as an
intermediary for every request. So the logic is:
If (request has ticket) {
Validate ticket and create authenticated application session
} else if (request does not have ticket && user does not already have
session) {
redirect to CAS login page with service
} else {
Redirect to CAS login servlet
}
Your application should use the service ticket as a basis to establish an
application session (typically mediated by a session cookie) which it uses
to recognize the user on subsequent requests, rather than requiring each
page access to bounce through CAS to include a ticket parameter.
Andrew
> 2) Just want to know When the initial Authentication is successful
> (serviceValidate) How can we make sure subsequent requests would not go
> and
> do the serviceValidate.
>
> My basic logic is
> if (request does not have ticket) {
> redirect to cas login page with service
> }
>
>
> What happens currently is it ask for the password once and hits the CAS
> server and CAS generate ticket each time. to my understanding one (ST)
> ticket should be enough for that httpd session.
>
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
