However, TGTs and TGCs are connected, correct? So if site a gets a TGT
and site b has a cas client, the user will not see a login screen
unless they logout or site a deletes the TGT? I'm going to find out
the answer to this in about 10 more minutes of work I guess...I HOPE
that is the way it works.
Cheerio,
Michael Johnston
[EMAIL PROTECTED]
On 20-Aug-08, at 7:31 PM, Scott Battaglia wrote:
Jason,
Ticket Granting Tickets are the SSO session while Service Tickets
are the one time use tickets to allow a service to validate a user
with the CAS server. So each service that a user attempts to access
would need its own service tickets (which can only be validated
once). If your applications maintain their own session its up to
them to ensure that they always know someone is logged in to that
application. If an application is stateless (i.e. doesn't use
sessions), then you would need a Service Ticket for each request to
the application.
TGTs are a way of making sure the user isn't prompted to provide
their credentials each time they log in.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Aug 20, 2008 at 7:35 PM, Jason Roscoe <[EMAIL PROTECTED]>
wrote:
Yeah, I just read that. So for single sign on, we need to generate
a new service ticket using the TGT? For example, I have a site at www.sitea.com
. I login to this site, so I have a TGT ticket and a service
ticket. I go to site that is at yyy.sitea.com. They can validate
the service ticket. If the user comes back to www.sitea.com, then
they need to generate a new service ticket?
Right now, we are storing the service ticket and the TGT ticket in a
cookie. How would we do SSO using an external site, say a site at www.siteb.com
?
Thanks again for all the help. It is greatly appreciated!!
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On
Behalf Of Adam Rybicki [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2008 7:01 PM
To: Yale CAS mailing list
Subject: Re: validating service ticket
You can't. Service tickets are single-use only.
Jason Roscoe wrote:
I have successfully generated a service ticket using CAS 3.3 and
the RESTful API. Now, when I try to validate that ticket, calling http://localhost:9009/cas/serviceValidate?service=http://localhost:8082/xxx/login.jsf&ticket=ST-1-CfHBK93WV7kbR4U6PFfI-cas
, the first time it returns my user. If I try to validate the
ticket a second time, it says:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_TICKET'>
ticket 'ST-1-
CfHBK93WV7kbR4U6PFfI-cas' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
How do I validate a ticket more than once?
Thanks.
Disclaimer: This e-mail message is intended only for the personal
use of
the recipient(s) named above. If you are not an intended recipient,
you
may not review, copy or distribute this message. If you have
received this
communication in error, please notify us immediately by e-mail and
delete
the original message.
This e-mail expresses views only of the sender, which are not to be
attributed to Rite Aid Corporation and may not be copied or
distributed
without this statement.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
Disclaimer: This e-mail message is intended only for the personal
use of
the recipient(s) named above. If you are not an intended recipient,
you
may not review, copy or distribute this message. If you have
received this
communication in error, please notify us immediately by e-mail and
delete
the original message.
This e-mail expresses views only of the sender, which are not to be
attributed to Rite Aid Corporation and may not be copied or
distributed
without this statement.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
