Hmm, I actually sent this on the 22nd not sure why it only arrived now.
Anyway, what I ended up doing was adding a loadTicket controller to my
CAS overlay. In my account management app I use the Restful API to
create a TGT with the new user credentials, and then I post that TGT
to my loadTicket controller which does
this.ticketGrantingTicketCookieGenerator.addCookie(request, response,
ticketGrantingTicketId);
The loadTicketController also takes a service param so CAS can
redirect the user on to whatever service they were signing up for.
Cheerio,
Michael Johnston
[EMAIL PROTECTED]
On 26-Sep-08, at 10:13 AM, Michael Johnston wrote:
Ok, but what if I want to auto login when I create an account? I had
thought to use the REST api to accomplish that.
IE, on site a a user can create a new account on site a. I want to
then log them in (programmatically) so that when they proceed to
site b (c, d, ...) they are logged in with the new account they just
created. What is the best way to accomplish that?
Cheerio,
Michael Johnston
[EMAIL PROTECTED]
On 22-Sep-08, at 6:41 PM, Scott Battaglia wrote:
The only thing that has access to the TGT is the CAS server. The
user's browser has access to a thing unfortunately named TGC which
is really just the identifier for the TGT (i.e. if you called
ticketGrantingTicket.getId()).
If a user has initiated a single sign on session with CAS then if
they go to site B and the SSO session is still valid they will not
be asked to log back in.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Mon, Sep 22, 2008 at 9:30 PM, Michael Johnston
<[EMAIL PROTECTED]> wrote:
However, TGTs and TGCs are connected, correct? So if site a gets a
TGT and site b has a cas client, the user will not see a login
screen unless they logout or site a deletes the TGT? I'm going to
find out the answer to this in about 10 more minutes of work I
guess...I HOPE that is the way it works.
Cheerio,
Michael Johnston
[EMAIL PROTECTED]
On 20-Aug-08, at 7:31 PM, Scott Battaglia wrote:
Jason,
Ticket Granting Tickets are the SSO session while Service Tickets
are the one time use tickets to allow a service to validate a user
with the CAS server. So each service that a user attempts to
access would need its own service tickets (which can only be
validated once). If your applications maintain their own session
its up to them to ensure that they always know someone is logged
in to that application. If an application is stateless (i.e.
doesn't use sessions), then you would need a Service Ticket for
each request to the application.
TGTs are a way of making sure the user isn't prompted to provide
their credentials each time they log in.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Aug 20, 2008 at 7:35 PM, Jason Roscoe
<[EMAIL PROTECTED]> wrote:
Yeah, I just read that. So for single sign on, we need to
generate a new service ticket using the TGT? For example, I have
a site at www.sitea.com. I login to this site, so I have a TGT
ticket and a service ticket. I go to site that is at
yyy.sitea.com. They can validate the service ticket. If the user
comes back to www.sitea.com, then they need to generate a new
service ticket?
Right now, we are storing the service ticket and the TGT ticket in
a cookie. How would we do SSO using an external site, say a site
at www.siteb.com?
Thanks again for all the help. It is greatly appreciated!!
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On
Behalf Of Adam Rybicki [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2008 7:01 PM
To: Yale CAS mailing list
Subject: Re: validating service ticket
You can't. Service tickets are single-use only.
Jason Roscoe wrote:
I have successfully generated a service ticket using CAS 3.3 and
the RESTful API. Now, when I try to validate that ticket,
calling http://localhost:9009/cas/serviceValidate?service=http://localhost:8082/xxx/login.jsf&ticket=ST-1-CfHBK93WV7kbR4U6PFfI-cas
, the first time it returns my user. If I try to validate the
ticket a second time, it says:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_TICKET'>
ticket 'ST-1-
CfHBK93WV7kbR4U6PFfI-cas' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
How do I validate a ticket more than once?
Thanks.
Disclaimer: This e-mail message is intended only for the personal
use of
the recipient(s) named above. If you are not an intended
recipient, you
may not review, copy or distribute this message. If you have
received this
communication in error, please notify us immediately by e-mail
and delete
the original message.
This e-mail expresses views only of the sender, which are not to be
attributed to Rite Aid Corporation and may not be copied or
distributed
without this statement.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
Disclaimer: This e-mail message is intended only for the personal
use of
the recipient(s) named above. If you are not an intended
recipient, you
may not review, copy or distribute this message. If you have
received this
communication in error, please notify us immediately by e-mail and
delete
the original message.
This e-mail expresses views only of the sender, which are not to be
attributed to Rite Aid Corporation and may not be copied or
distributed
without this statement.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
