Hi to all! I'm a totally newbie in CAS world, so please forgive me if my question is so trivial.
My scenario is composed by many subsystems accessed by means of web services, using SOAP; moreover, I have many web application accessing those web services. I understood I can use CAS to provide SSO between web applications, and it works like a charm (the wiki guides were very useful!!!). The problem arises when these web application must access remote web services. Those web services (most of them implemented using EJBs 3.0) must be protected (the user must provide credentials), and at present it is done by means of basic http authentication. In this way the container can provide the principal to the web service (it is a key requirement). Here my misunderstood comes: how can I use CAS (if I can) to provide authentication to web services? I have a couple of obfuscated ideas, but I don't know if they are right, so I hope someone can help me. First of all: is it possible to achieve? And if it is, is SAML the correct keyword? In this case, can someone suggest me a guide and a starting point, because I couldn't find anything? And is Java Client 3.1.3 the correct library to use? Or have I to implement a custom Glassfish authentication module? Or am I totally wrong? Many thanks in advance Danilo _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
