I have a question related to Web Filters and re-use of tickets. What we are trying to set up is to have the user issue a call to our Web Servlet and the servlet will call a series of Web Services via SOAP calls.
The CAS Web Filter is in front of our Web Servlet and communicates to CAS to provide a valid user. It appears that the ticket is placed on the URL and the session variable is set with the authenticated user. We need to call the Web Service. The Service requires to know that the caller is the authenticated user. We extended our SOAP APIs to accept Proxy Tickets. (* Is this the right approach when making SOAP calls or is WS-Security the right approach? If so, does CAS work with WS-Security?) If we are to pass the proxy ticket from the Web Servlet to the Service via SOAP, is the proxyTicket passed from the Web filter to the Web Servlet? If so, then is the Web Serlvet required to generate a ProxyTicket to pass to the Web Service via SOAP? Thank you for your help. Kind Regards, Randy Baiad
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
