Alex, Though its name might fool you, the Cas20ProxyReceivingTicketValidationFilter¹s purpose can be misleading. This filter will interacts with a CAS server using the CAS2 protocol, however it doesn¹t necessarily mean it allows proxy authentication. The filter is intelligent enough to look at how you have configured it and determine whether it should both with proxy authentication. I believe it was thought that a single filter for both purposes would cut down on the amount of work for CAS administrators.
SUMMARY: Cas20ProxyReceivingTicketValidationFilter = CAS2 validation and MAYBE proxy authentication depending on the configuration. For more information, the JA-SIG wiki article on the JA-SIG CAS client will go into more detail about configuring the filter for proxy authentication. HTH, A- On 8/12/08 11:38 AM, "Scott Battaglia" <[EMAIL PROTECTED]> wrote: > The CAS2 protocol introduces a few things, one of which is proxy configuration > (and another is an XML response). To see a detailed description of the > protocol check out: > > http://www.ja-sig.org/products/cas/overview/protocol/index.html > > Proxying is useful in a portal environment but it is also becoming > increasingly important in any situation where a service needs to access > another service on behalf of a user. This could include portlets, mail > servers, or web services (RESTful or WS-*) > > Switching to the CAS2 protocol if you're not using proxying merely means that > you're retrieving the response as an XML response. > > Again, see the Protocol document for more details. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Tue, Aug 12, 2008 at 11:02 AM, Alex Johnson <[EMAIL PROTECTED]> wrote: >> >> Hi Andrew, >> >> Thank you for your quick answer. >> >> I am kind of confused with the proxy authentication >> >> You mentioned CAS 2 is for proxy authentication. In my CAS 2 configuration, I >> use Cas20ProxyReceivingTicketValidationFilter in my web.xml. You confirm that >> I am in CAS 2 architecture. I want to know if I am using proxy authentication >> when I use Cas20ProxyReceivingTicketValidationFilter in my web.xml. >> >> Also, if I am not in a portal environment, how do you explain CAS 2 benefits >> in a normal situation. For example, I have one or more than one Tomcat >> servers and several applications in each server. >> >> How this differentiate CAS 1? >> >> >> Thanks, >> >> Alex >> >> >> >> >> >> >> Date: Tue, 12 Aug 2008 07:11:26 -0500 >> Subject: Re: CAS 1 and CAS 2 >> From: [EMAIL PROTECTED] >> To: [EMAIL PROTECTED]; [email protected] >> >> >> CAS 1: Basic authentication; user requests service directly and receives it >> CAS 2: Proxy authentication; service requests another service on behalf of >> user and receives it >> >> An example where this is useful: your company / organization has a portal >> that everyone logs in. If you expect the portal to deliver your email for >> you, then it is requesting your email on behalf of you. If the email server >> is CAS protected, then this would never work, so the portal must request your >> email on your behalf. >> >> I wouldn't say proxy authentication is for a portal environment; it is useful >> whenever you want build some manner of web service. >> >> On 8/11/08 5:10 PM, "Alex Johnson" <[EMAIL PROTECTED] >> <http://[EMAIL PROTECTED]> > wrote: >> >> >>> >>> >>> Hi, >>> >>> Bother to bother all the experts. >>> >>> After I successfully configured both CAS 1 and CAS 2, I am still kind of >>> confused with the benefits by upgrading CAS 1 to CAS 2. >>> >>> It seems to me that there is no difference between CAS 1 and CAS 2 in the >>> front end. Using CAS 1 or using CAS 2 configuration can produce the same >>> output. If so, why bother to upgrade to CAS 2?? >>> >>> It seems to me that by distinguishing CAS 1 and CAS 2, it's just the >>> configuration difference and use most current version client, right?? >>> >>> It seems to me that CAS 1 is designed for SSO and CAS 2 is designed for a >>> portal environment, right? >>> >>> If you can tell me more about what the advantages/benefits/differences are >>> by upgrading CAS 1 to CAS 2, I will be very appreciated it >>> >>> Thanks, >>> >>> >>> Alex >>> >>> >>> >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] <http://[email protected]> >>> http://tp.its.yale.edu/mailman/listinfo/cas -- Andrew R. Feller, Analyst Information Technology Services 200 Fred Frey Building Louisiana State University Baton Rouge, LA 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax)
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
