SMallik wrote: > What all I want to know is that how does CAS know about different > applications that use CAS. Let's say I login to one Casified application , > after authentication and authorization I can see the secured page of that > application . Now I want to access the 2nd application on some other server > in any other machine, my question is how CAS ensures that this user will not > be forced to authenticate and authorize himself again .
The CAS server sends a cookie to the user's web browser which that returns whenever redirected to the CAS server again: the CAS ticket granting cookie. You might want to observe that by taking a closer look at the HTTP headers. http://livehttpheaders.mozdev.org is a nice tool for Mozilla-based browser (Firefox, Seamonkey, etc.). Since it's running as a browser plugin you can also observe SSL connections from your browser to the CAS server. Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
