Comments in-line. On 10/10/07, tedzo <[EMAIL PROTECTED]> wrote: > > I need to figure out a way to pass the session info to CAS when I make a > remote method call using xFire. Someone has to have needed to do > this...Anyone? > > ----- Original Message ---- > From: tedzo <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Monday, October 8, 2007 3:03:52 PM > Subject: Re: Authenticating web service calls via CAS.. > > Ok, a bit of digging around- > I found the remoteCentralAuthenticationService and > xFireCentralAuthenticationService beans defined and commented. The comment > asked for the bean to be uncommented in order to allow access as a web > service (using xFire, which is good). Here is what I was thinking- > 1. From client stub (of my web service that is to be exposed), pass > credentials and query remoteCAS for a ticket. > 2. Pass the ticket to my web service. > 3. Validate the ticket from my web service (the actual implementation of > the service to be exposed). If the ticket validates, then go ahead with the > service. ELse fail. > > Does this seem to make sense? >
Yes, this makes sense. Though if your user has already authenticated to your application I recommend you just obtain a proxy ticket. Questions- > 1. Once a ticket is used/validated, it is no longer recognized by CAS. So, > this essentially means my web service stub needs to validate everytime the > client accesses the web service. So, how do I obtain a ticket that lasts > longer than 1 call? > There are no service tickets that last longer than one call. You either need to get a new service ticket each time, or use a framework such as Acegi to secure the application. Acegi utilizes the existing ticket to maintain a session locally for a defined period of time. -Scott
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
