Marat, I'm not sure I understand your issue. If you want access to a CASified resource, you give it a ticket. If its session-less, if you want to gain access again, you'd have to supply it with another ticket. This can be accomplished by CASifiying the asynchronous resource and then not having it store any state in the session, just in the request.
-Scott On 9/26/07, Marat Radchenko <[EMAIL PROTECTED]> wrote: > > Hi everyone! > > CAS proxy stuff addresses communications between services on behalf of > user who initiates them. However it does not say anything about cases > of asynchronous requests. > > When asynchronous request is made there is no user session available > so I don't see how they can be done on behalf of particular user. > Maybe there is some way, please explain it then. > > Another option I can suggest is making such calls on behalf of service > itself. Are there any recomendations about how such calls should be > authenticated? Creating service accounts on CAS and storing service > login/password in plaintext on services doesn't seem to be very > secure. Additionally, making call on behalf of service grants it > pretty many privileges (it has access to all user accounts on target > service because we do not have any knowledge about whose account is > being processed during this request. > > Waiting for your reply > > -- > Marat Radchenko, > Dev Lead at Pronto-Moscow > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
