Thanks, Andrew. It's comforting to know I understood after all. If only I had understood that I understood. :-)
Bill ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Petro Sent: Monday, June 04, 2007 12:28 PM To: Yale CAS mailing list Subject: Re: Proxy Granting Ticket IOU Bill, > Is it purely a method of allowing the application to correlate the ticket received > via the callback to the a specific request it made to /serviceValidate or /proxyValidate? Yes. Applications desiring to acquire a proxy granting ticket are sent a proxy granting ticket to the https:// URL of their choice, with that URL identifying the recipient of the PGT to subsequent recipients of proxy tickets generated from it. In the response to the ticket validation request in which the application notified CAS of the https:// callback URL and so requested a PGT, CAS issues a "PGTIOU". CAS: "You asked for a PGT. I can't give that to you in this response, because I'm not convinced of your identity. If you're who you say you are, IOU a PGT. You can cash in this IOU at the place where you cached the PGT I called you back with. I paired that PGT with this same PGT IOU so you'll find the right one. If you're who you say you are." Bill Bailey wrote: Hello, I am trying to fully understand how proxy validation works and I think I almost have it. The proxy validation walkthrough on the WIKI was very helpful. But I do have one question. Can someone more fully explain the purpose of the Proxy Granting Ticket IOU? When I was reading the protocol document and the walkthrough, it wasn't obvious to me how it is used. I notice that it is returned in the response from /serviceValidate or /proxyValidate and I saw that it is included in the HTTP GET call to the pgtUrl callback (along with pgtId which is the Proxy Granting Ticket), but I didn't see where it was actually used. Is it purely a method of allowing the application to correlate the ticket received via the callback to the a specific request it made to /serviceValidate or /proxyValidate? Thanks in advance. Bill Bailey Senior Developer / DBA Northland, A Church Distributed ________________________________ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
