Essentially, what you would need to do to implement this is create: * a custom credentials class to hold your data * a noninteractive credential to construct the credential * auth. handler to validate credential * resolver to create the principal
That should be all you need. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Jan 12, 2009 at 5:18 PM, dale77 <[email protected]> wrote: > > Hello, > > I have a few ideas myself but i'd appreciate some high level pointers as to > the things I need to do to implement the following feature. > > A business partner wants to transfer their own authentication of a user to > our CAS system. We are prepared to accept *their* auth of a user, we need > to > securely pass this information through to CAS to begin an SSO session. > > Our partner will encrypt the net id together with a timestamp. This data > should be accepted by CAS in lieu of posting net id and password. I > envisage > that this information will be passed on the querystring in addition to the > standard parameters, for example: > > > https://cas.acme.com/cas/login?service=http%3A%2F%2Fapps.acme.com%2Findex.html&encrypted_user_data=AABBCC123DDACFGSSS1534DAFF > > If "encrypted_user_data" is present on the querystring, then it should be > decrypted using an algorithm common between us and our partner. If the > decryption process succeeds, we obtain net_id and timestamp. If the > timestamp is within a certain window, then the user is authenticated and a > TGT should be returned with the redirect back to the service. > > What classes do I need to implement in order to put this feature in place? > Is this a relatively sane thing to do? > > Thanks! > > Dale > > -- > View this message in context: > http://www.nabble.com/Replace-login-POST-with-query-string-parameter-tp21425104p21425104.html > Sent from the CAS Users mailing list archive at Nabble.com. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
