Hello, I have a few ideas myself but i'd appreciate some high level pointers as to the things I need to do to implement the following feature.
A business partner wants to transfer their own authentication of a user to our CAS system. We are prepared to accept *their* auth of a user, we need to securely pass this information through to CAS to begin an SSO session. Our partner will encrypt the net id together with a timestamp. This data should be accepted by CAS in lieu of posting net id and password. I envisage that this information will be passed on the querystring in addition to the standard parameters, for example: https://cas.acme.com/cas/login?service=http%3A%2F%2Fapps.acme.com%2Findex.html&encrypted_user_data=AABBCC123DDACFGSSS1534DAFF If "encrypted_user_data" is present on the querystring, then it should be decrypted using an algorithm common between us and our partner. If the decryption process succeeds, we obtain net_id and timestamp. If the timestamp is within a certain window, then the user is authenticated and a TGT should be returned with the redirect back to the service. What classes do I need to implement in order to put this feature in place? Is this a relatively sane thing to do? Thanks! Dale -- View this message in context: http://www.nabble.com/Replace-login-POST-with-query-string-parameter-tp21425104p21425104.html Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
