>From a security perspective, I wouldn't recommend an application accessing a users credentials and then create a TGT for them. The TGT should only be between the user and CAS (in this case, the browser and CAS).
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Jan 12, 2009 at 5:12 PM, Keith Garry Boyce <[email protected]>wrote: > Ok then does it then make sense what I have proposed from a security > perspective? That instead of /login generating cas ticket that a redirect of > browser to a cas url with service ticket could then cause cookie to be > generated from a pre existing service ticket passed to redirect with query > parameter? > > ------------------------------ > From: Scott Battaglia <[email protected]> > Sent: Monday, January 12, 2009 1:34 PM > To: Yale CAS mailing list <[email protected]> > Subject: Re: Is it possible to return SSO cookie using ticket generated > usingRestful Api? > > The only way you can do anything is if the browser handles the the url > (which is why /login generates a CAS ticket). > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Fri, Jan 9, 2009 at 11:56 AM, Keith Garry Boyce > <[email protected]>wrote: > >> What CAS implementation classes would I have to change to allow this? >> Basically I suppose it would be a url like /cas/issueCookie?ticket=xyz >> >> Also what would be the security risks involved in allowing this to be >> possible? >> >> ------------------------------ >> *From:* [email protected] [mailto:[email protected]] >> *On Behalf Of *Scott Battaglia >> *Sent:* Friday, January 09, 2009 12:38 PM >> *To:* Yale CAS mailing list >> *Subject:* Re: Is it possible to return SSO cookie using ticket generated >> usingRestful Api? >> >> You can't. They are mutually exclusive. >> >> -Scott >> >> -Scott Battaglia >> PGP Public Key Id: 0x383733AA >> LinkedIn: <http://www.linkedin.com/in/scottbattaglia> >> >> > > [The entire original message is not included] > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
