I'm trying to get more info on how I would use CAS SOAP APIs to
programmatically access authentication information...

What I'm trying to accomplish is a web service handler that will
programmatically check whether the current session is valid and if not
issue an exception SOAP or any other way that will notify the client
of the issue and allow them to handle the redirect to the CAS url.

The problem that I have is that though I can have the client store the
ticket on the client side and/or keep it within the stateful
serverside session, the ticket is only valid for one validation,
though what's a good pattern of handling such situations.

Should I issue a new ticket to the client on each response and though
each subsequent response would send it the ticket.  The problem with
this approach is the fact that service invocations can be done in a
clustered environment and also asynchronously and this drives the
complexity up.

I've read the lifecycle of validating sessions and have a good
understanding of how this would work, but can someone give me some
insight of accomplishing the task above.  How can each web service
request on the server side validate the client?  I'm having issues
finding programmatic implementation documentation on the site and
though some exists, it's not really detailed, as I'm sure most just
use cas with it's current servlet filter.

The basic idea is that I need to write my own plugin/filter
implementation and need some advice.

Thanks.

Ilya Sterin
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to