Ok cool. That's the premise I was working on.
Cheerio,
Michael Johnston
[EMAIL PROTECTED]
On 22-Sep-08, at 6:41 PM, Scott Battaglia wrote:
The only thing that has access to the TGT is the CAS server. The
user's browser has access to a thing unfortunately named TGC which
is really just the identifier for the TGT (i.e. if you called
ticketGrantingTicket.getId()).
If a user has initiated a single sign on session with CAS then if
they go to site B and the SSO session is still valid they will not
be asked to log back in.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Mon, Sep 22, 2008 at 9:30 PM, Michael Johnston
<[EMAIL PROTECTED]> wrote:
However, TGTs and TGCs are connected, correct? So if site a gets a
TGT and site b has a cas client, the user will not see a login
screen unless they logout or site a deletes the TGT? I'm going to
find out the answer to this in about 10 more minutes of work I
guess...I HOPE that is the way it works.
Cheerio,
Michael Johnston
[EMAIL PROTECTED]
On 20-Aug-08, at 7:31 PM, Scott Battaglia wrote:
Jason,
Ticket Granting Tickets are the SSO session while Service Tickets
are the one time use tickets to allow a service to validate a user
with the CAS server. So each service that a user attempts to
access would need its own service tickets (which can only be
validated once). If your applications maintain their own session
its up to them to ensure that they always know someone is logged in
to that application. If an application is stateless (i.e. doesn't
use sessions), then you would need a Service Ticket for each
request to the application.
TGTs are a way of making sure the user isn't prompted to provide
their credentials each time they log in.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Aug 20, 2008 at 7:35 PM, Jason Roscoe <[EMAIL PROTECTED]>
wrote:
Yeah, I just read that. So for single sign on, we need to generate
a new service ticket using the TGT? For example, I have a site at www.sitea.com
. I login to this site, so I have a TGT ticket and a service
ticket. I go to site that is at yyy.sitea.com. They can validate
the service ticket. If the user comes back to www.sitea.com, then
they need to generate a new service ticket?
Right now, we are storing the service ticket and the TGT ticket in
a cookie. How would we do SSO using an external site, say a site
at www.siteb.com?
Thanks again for all the help. It is greatly appreciated!!
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On
Behalf Of Adam Rybicki [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2008 7:01 PM
To: Yale CAS mailing list
Subject: Re: validating service ticket
You can't. Service tickets are single-use only.
Jason Roscoe wrote:
I have successfully generated a service ticket using CAS 3.3 and
the RESTful API. Now, when I try to validate that ticket, calling http://localhost:9009/cas/serviceValidate?service=http://localhost:8082/xxx/login.jsf&ticket=ST-1-CfHBK93WV7kbR4U6PFfI-cas
, the first time it returns my user. If I try to validate the
ticket a second time, it says:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_TICKET'>
ticket 'ST-1-
CfHBK93WV7kbR4U6PFfI-cas' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
How do I validate a ticket more than once?
Thanks.
Disclaimer: This e-mail message is intended only for the personal
use of
the recipient(s) named above. If you are not an intended
recipient, you
may not review, copy or distribute this message. If you have
received this
communication in error, please notify us immediately by e-mail and
delete
the original message.
This e-mail expresses views only of the sender, which are not to be
attributed to Rite Aid Corporation and may not be copied or
distributed
without this statement.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
Disclaimer: This e-mail message is intended only for the personal
use of
the recipient(s) named above. If you are not an intended recipient,
you
may not review, copy or distribute this message. If you have
received this
communication in error, please notify us immediately by e-mail and
delete
the original message.
This e-mail expresses views only of the sender, which are not to be
attributed to Rite Aid Corporation and may not be copied or
distributed
without this statement.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
