Chris,

They don't need proxying.  Let's suppose the following exists:

Application A -> Utilizes CAS A
Application B -> Utilizes CAS B

If a user attempts to access Application A, he (or she) will be redirected
to CAS A to authenticate and then (assuming success) sent back to
Application A.

If the user then attempts to access Application A, the user will be
redirected to CAS B.  At this point, you can have CAS B either (a) ask for
credentials or (b) act as a client to CAS A.  What (b) means is that
following the basic protocol, CAS B will redirect to CAS A with a service
URL which would most likely be the URL that Application B redirected to.[1]
CAS A would recognize the existing session (or ask for credentials if they
session expired) and redirect back to CAS B.  CAS B would need to be
configured to look for service tickets and validate them.  We don't have any
built in support for that, but you would basically need to write a
NonInteractiveCredentialsAction and an AuthenticationHandler to process the
credentials.  From that point, the ticket is treated like any other form of
credentials.

-Scott

[1] The best way to do this may be to use the existing Java client which
would allow you to use the gateway feature which could allow you to check if
a session exists at A and use it if it does, otherwise go to B for the
credentials.

On Nov 26, 2007 5:03 PM, Chris Brooks <[EMAIL PROTECTED]> wrote:

> Hi,
>
> I'm trying to get trusted authentication to go between two CAS servers.
>  That is, a user might hit an application that uses the one server,
> then hit an application that uses the second server and I want that
> server to trust the session that is already in place.
>
> Can someone poke me in the right direction for this?  Do I set the
> servers up to proxy validate against one another?
>
> Thanks,
>
> Chris
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to