You should protect your remote web services with a CAS client such as the JASIG CAS Client for Java or a more robust security library such as Spring Security.
You'll want to pass your protected web services a CAS proxy ticket which the web service can validate and receive the username as well as the url of the application that made the remote call. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Oct 1, 2008 at 10:57 AM, Danilo Levantesi < [EMAIL PROTECTED]> wrote: > Hi to all! > I'm a totally newbie in CAS world, so please forgive me if my question is > so > trivial. > > My scenario is composed by many subsystems accessed by means of web > services, > using SOAP; moreover, I have many web application accessing those web > services. > > I understood I can use CAS to provide SSO between web applications, and it > works like a charm (the wiki guides were very useful!!!). > > The problem arises when these web application must access remote web > services. > Those web services (most of them implemented using EJBs 3.0) must be > protected (the user must provide credentials), and at present it is done by > means of basic http authentication. In this way the container can provide > the > principal to the web service (it is a key requirement). > > Here my misunderstood comes: how can I use CAS (if I can) to provide > authentication to web services? I have a couple of obfuscated ideas, but I > don't know if they are right, so I hope someone can help me. > > First of all: is it possible to achieve? And if it is, is SAML the correct > keyword? In this case, can someone suggest me a guide and a starting point, > because I couldn't find anything? > > And is Java Client 3.1.3 the correct library to use? > > Or have I to implement a custom Glassfish authentication module? > > Or am I totally wrong? > > Many thanks in advance > > Danilo > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
