Hi Mark, I have a similar case as yours, but I am not familiar with proxy tickets. What I did in the previous version of CAS 3.0.6, I did some tricky things to bypass the authentication.
Let's make the External (prepackaged) part to be CAS-1 and the internal (new, self-controlled) part to be CAS-2 What I did is to change the login-webflow of CAS-2, so that immediately after the start-state, I will check whether the request is redirected from a CAS-1 authenticated service. If yes, I will do something like CentralAuthenticationService which generates the ticket granting ticket in CAS-2 and also the service ticket. Then the service will be finally authenticated by both CAS-1 and CAS-2. If no, the webflow will go back to the orginal flow, which just like the service requests for authentication in CAS-2 alone. I would like to make note that this method is highly NOT recommended, since it breaks the normal flow of CAS and provides not enough security, but at least it works in our situation. By the way, I am also investigating in moving the implementations to CAS 3.1, and also using proxy tickets (if feasible) instead. Let's further the discussion and I will appreciate if others could join. Regards, Harry Mark McCoy wrote: > > Hey all, > > In case you may not have seen my posts earlier this month, we are trying > to get > our CAS 3.1 server to trust and/or proxy the tickets generated by an > older CAS > server that we are unable to modify or replace (it's built into some > prepackaged > software). Most of the time, the user will login to that software > first, so we > wish them to be then automatically logged into any application that the > CAS 3.1 > server protects. > > The solution proposed by this list and the (unofficial) support list for > the > other software was to proxy the tickets. The problem is that even after > digging > through various bits of documentation on the CAS wiki, I still have > absolutely > no idea of how the ticket proxying between 2 servers (and not > server->client) > really works or how to set it up! > > Please point me in the right direction to documentation or how-to's on > this subject. > > Thanks in advance! > Mark > > ---- > Mark McCoy > Enterprise Services (Unix Group) > Office of Information Technology > The University of Texas at San Antonio > (210) 458-5871 > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- View this message in context: http://www.nabble.com/Trusting-a-CAS-server-not-under-my-control-tf4628913.html#a13235461 Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
