Bill, If you plan on launching the application from the web browser, you should be able to provide it with a proxy ticket (The page that launches the application would need to ask the CAS server for one and then hand it off to the application). Here's some information on proxy authentication:
http://www.ja-sig.org/products/cas/overview/proxy_auth/index.html Acegi supports providing tickets to it via the HTTP Basic Authentication headers (we've done this at Rutgers). You pass in the ticket as the password and "_cas_stateless_" as the username. The Acegi documentation I believe has more details on it. -Scott On 2/20/07, Bill Bailey <[EMAIL PROTECTED]> wrote:
Thanks, Scott. Assuming the non-web-based application is at least launched from the same browser (e.g. a java applet or a flash or flex application), does it seem reasonable that I could retrieve the cookie used to store the session identifier, get the identifier, and reuse it in my application? Can you think of any reason this couldn't be done? I do expect all the applications to at least be launched from the browser and I do expect to have the ability to modify their source (both client and server). I just don't think they will all be such that they can be redirected per se to the CAS login page. On a related note, do you have any experience with using CAS to authenticate web services? I know the new Spring Web Services initiative integrates with ACEGI, but haven't had time to research it yet. Do you know if there is any inherent support there for authenticating a web service against an existing CAS session? Thanks again for your help. Bill ------------------------------ *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Scott Battaglia *Sent:* Monday, February 19, 2007 10:46 PM *To:* Yale CAS mailing list *Subject:* Re: CAS Server Management Bill, CAS currently provides mechanisms to publish events about certain actions (i.e. authentications, logouts, etc.). If one wants to do something with one of these events, they should implement an "EventHandler" that knows how to handle that event. You can find out more about the events here: http://developer.ja-sig.org/source/browse/jasig/cas3/cas-server-core/src/main/java/org/jasig/cas/event Currently we don't offer an explicit mechanism for applications to register an interest in the events. However, an EventHandler you implement can do anything you want it to (write to a database that others read, make a web service call, etc.). You can currently use CAS to provide authentication to non-web applications. However, they will not be able to participate in any single sign on session enabled by the web browser as the session identifier is only sent to the browser securely. -Scott On 2/16/07, *Bill Bailey* <[EMAIL PROTECTED]> wrote: Hi, I am a relative CAS newbie and have a number of initial questions as part of my evaluation of the software for our project. 1) Does CAS expose any API or other mechanism to allow one to monitor and manage the server? For example, to list open sessions, determine which services have been logged into by a session, forcibly terminate a session, and/or change any of the configuration parameters of the server at runtime? 2) Is it possible to find out when new sessions are created or deleted? For example, is it possible for another application to register an interest in these events and be notified when they occur? 3) Has anyone had any experience CAS-ifying a non-web application? For example, we are thinking of integrating Wildfire (an open source chat solution) into our system and would like to have it participate in single sign-on along with all the other applications, but it is not strictly a web application. Any comments on the feasibility, difficulty, or ease of doing this type of integration? I'm sure I'll have more questions as I get deeper into this, but that is enough for now. Thanks in advance for any information you may provide. Bill Bailey Senior Developer / DBA Northland, A Church Distributed _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
