Jason, Ticket Granting Tickets are the SSO session while Service Tickets are the one time use tickets to allow a service to validate a user with the CAS server. So each service that a user attempts to access would need its own service tickets (which can only be validated once). If your applications maintain their own session its up to them to ensure that they always know someone is logged in to that application. If an application is stateless (i.e. doesn't use sessions), then you would need a Service Ticket for each request to the application.
TGTs are a way of making sure the user isn't prompted to provide their credentials each time they log in. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Aug 20, 2008 at 7:35 PM, Jason Roscoe <[EMAIL PROTECTED]> wrote: > Yeah, I just read that. So for single sign on, we need to generate a new > service ticket using the TGT? For example, I have a site at www.sitea.com. > I login to this site, so I have a TGT ticket and a service ticket. I go to > site that is at yyy.sitea.com. They can validate the service ticket. If > the user comes back to www.sitea.com, then they need to generate a new > service ticket? > > Right now, we are storing the service ticket and the TGT ticket in a > cookie. How would we do SSO using an external site, say a site at > www.siteb.com? > > Thanks again for all the help. It is greatly appreciated!! > ------------------------------ > *From:* [EMAIL PROTECTED] [EMAIL PROTECTED] On > Behalf Of Adam Rybicki [EMAIL PROTECTED] > *Sent:* Wednesday, August 20, 2008 7:01 PM > *To:* Yale CAS mailing list > *Subject:* Re: validating service ticket > > You can't. Service tickets are single-use only. > > Jason Roscoe wrote: > > I have successfully generated a service ticket using CAS 3.3 and the RESTful > API. Now, when I try to validate that ticket, calling > http://localhost:9009/cas/serviceValidate?service=http://localhost:8082/xxx/login.jsf&ticket=ST-1-CfHBK93WV7kbR4U6PFfI-cas, > the first time it returns my user. If I try to validate the ticket a second > time, it says: > > > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > > <cas:authenticationFailure code='INVALID_TICKET'> > > ticket > 'ST-1-CfHBK93WV7kbR4U6PFfI-cas' not recognized > > </cas:authenticationFailure> > > </cas:serviceResponse> > > > > How do I validate a ticket more than once? > > > > Thanks. > > > > ------------------------------ > Disclaimer: This e-mail message is intended only for the personal use of > the recipient(s) named above. If you are not an intended recipient, you > may not review, copy or distribute this message. If you have received this > communication in error, please notify us immediately by e-mail and delete > the original message. > > This e-mail expresses views only of the sender, which are not to be > attributed to Rite Aid Corporation and may not be copied or distributed > without this statement. > > ------------------------------ > > _______________________________________________ > Yale CAS mailing [EMAIL PROTECTED]://tp.its.yale.edu/mailman/listinfo/cas > > > ------------------------------ > Disclaimer: This e-mail message is intended only for the personal use of > the recipient(s) named above. If you are not an intended recipient, you > may not review, copy or distribute this message. If you have received this > communication in error, please notify us immediately by e-mail and delete > the original message. > > This e-mail expresses views only of the sender, which are not to be > attributed to Rite Aid Corporation and may not be copied or distributed > without this statement. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
