If you're curious how CAS works check out: http://www.ja-sig.org/products/cas/overview/cas1_architecture/index.html http://www.ja-sig.org/products/cas/overview/protocol/index.html
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Jun 23, 2008 at 5:55 PM, Michael Ströder <[EMAIL PROTECTED]> wrote: > SMallik wrote: > > What all I want to know is that how does CAS know about different > > applications that use CAS. Let's say I login to one Casified application > , > > after authentication and authorization I can see the secured page of that > > application . Now I want to access the 2nd application on some other > server > > in any other machine, my question is how CAS ensures that this user will > not > > be forced to authenticate and authorize himself again . > > The CAS server sends a cookie to the user's web browser which that > returns whenever redirected to the CAS server again: the CAS ticket > granting cookie. > > You might want to observe that by taking a closer look at the HTTP > headers. http://livehttpheaders.mozdev.org is a nice tool for > Mozilla-based browser (Firefox, Seamonkey, etc.). Since it's running as > a browser plugin you can also observe SSL connections from your browser > to the CAS server. > > Ciao, Michael. > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
