You should protect your remote web services with a CAS client such as the
JASIG CAS Client for Java or a more robust security library such as Spring
Security.

You'll want to pass your protected web services a CAS proxy ticket which the
web service can validate and receive the username as well as the url of the
application that made the remote call.

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia


On Wed, Oct 1, 2008 at 10:57 AM, Danilo Levantesi <
[EMAIL PROTECTED]> wrote:

> Hi to all!
> I'm a totally newbie in CAS world, so please forgive me if my question is
> so
> trivial.
>
> My scenario is composed by many subsystems accessed by means of web
> services,
> using SOAP; moreover, I have many web application accessing those web
> services.
>
> I understood I can use CAS to provide SSO between web applications, and it
> works like a charm (the wiki guides were very useful!!!).
>
> The problem arises when these web application must access remote web
> services.
> Those web services (most of them implemented using EJBs 3.0) must be
> protected (the user must provide credentials), and at present it is done by
> means of basic http authentication. In this way the container can provide
> the
> principal to the web service (it is a key requirement).
>
> Here my misunderstood comes: how can I use CAS (if I can) to provide
> authentication to web services? I have a couple of obfuscated ideas, but I
> don't know if they are right, so I hope someone can help me.
>
> First of all: is it possible to achieve? And if it is, is SAML the correct
> keyword? In this case, can someone suggest me a guide and a starting point,
> because I couldn't find anything?
>
> And is Java Client 3.1.3 the correct library to use?
>
> Or have I to implement a custom Glassfish authentication module?
>
> Or am I totally wrong?
>
> Many thanks in advance
>
> Danilo
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to