Ok then does it then make sense what I have proposed from a security
perspective? That instead of /login generating cas ticket that a redirect of
browser to a cas url with service ticket could then cause cookie to be
generated from a pre existing service ticket passed to redirect with query
parameter?
-----Original Message-----
From: Scott Battaglia <[email protected]>
Sent: Monday, January 12, 2009 1:34 PM
To: Yale CAS mailing list <[email protected]>
Subject: Re: Is it possible to return SSO cookie using ticket generated
usingRestful Api?
The only way you can do anything is if the browser handles the the url (which
is why /login generates a CAS ticket).
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Fri, Jan 9, 2009 at 11:56 AM, Keith Garry Boyce <[email protected]>
wrote:
What CAS implementation classes would I have to change to allow this? Basically
I suppose it would be a url like /cas/issueCookie?ticket=xyz
Also what would be the security risks involved in allowing this to be possible?
From: [email protected] [mailto:[email protected]] On
Behalf Of Scott Battaglia
Sent: Friday, January 09, 2009 12:38 PM
To: Yale CAS mailing list
Subject: Re: Is it possible to return SSO cookie using ticket generated
usingRestful Api?
You can't. They are mutually exclusive.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn:
[The entire original message is not included]
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
