Kevin M. wrote: > For example, if we have cas-server and app-server that may have app1, > app2, app3, etc. on it. If user starts the browser and goes to > http://app-server/app1, user will be redirected to the > cas-server/cas/login... to enter credentials and login, then (if > successful) be redirected back to app1. In this same browser session, > will future "http://app-server/app1"; go through this redirection again, > or will they cut straight through to the app1?
If app1 properly maintains a session after CAS login the next browser access to app1 will go straight through without a further redirect. Whenever the application session (also for app2 or app3) is closed/destroyed a new CAS service ticket will be needed to create a new application session. > Also, for app2, app3, etc: the redirect to the cas-server still occurs, > and then gets re-redirected without user intervention (because > cas-server found the CASTGC cookie?) back to the app-server. See above. > (2) This is a fuzzy (and perhaps not too sensical) question, because I > don't yet have an idea how to phrase it well -- it is related to if/how > CAS can be used to protect certain remote API (RPC?) calls from one > machine to another. Think about this yourself: For any protocol to be CAS-ified there has to be a mechanism for at least obtaining a CAS service ticket based on a CASTGC. > (3) This is something I noticed when playing around in the logout, is > the behavior as intended? > - go to http://app-server/app1. Get redirected to cas-server/cas/login, > enter credentials, get redirected back to app-server/app1. That's fine. > - go to https://cas-server/cas/logout. See the "logged out > successfully" message. Checked the cookies and the CASTGC is gone. > - go to http://app-server/app1. It runs again, without being redirected > to cas-server/cas/login ? app1 still has a valid application session (see above). If you want single sign-out you have to implement logout handlers in all your apps which are notified by CAS. For CAS Client for Java 3.1: http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
