Is my question clear?
_____ From: [email protected] [mailto:[email protected]] On Behalf Of Keith Garry Boyce Sent: Monday, January 12, 2009 6:12 PM To: Yale CAS mailing list Subject: RE: Is it possible to return SSO cookie using ticket generatedusingRestful Api? Ok then does it then make sense what I have proposed from a security perspective? That instead of /login generating cas ticket that a redirect of browser to a cas url with service ticket could then cause cookie to be generated from a pre existing service ticket passed to redirect with query parameter? _____ From: Scott Battaglia <[email protected]> Sent: Monday, January 12, 2009 1:34 PM To: Yale CAS mailing list <[email protected]> Subject: Re: Is it possible to return SSO cookie using ticket generated usingRestful Api? The only way you can do anything is if the browser handles the the url (which is why /login generates a CAS ticket). -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Fri, Jan 9, 2009 at 11:56 AM, Keith Garry Boyce <[email protected]> wrote: What CAS implementation classes would I have to change to allow this? Basically I suppose it would be a url like /cas/issueCookie?ticket=xyz Also what would be the security risks involved in allowing this to be possible? _____ From: [email protected] [mailto:[email protected]] On Behalf Of Scott Battaglia Sent: Friday, January 09, 2009 12:38 PM To: Yale CAS mailing list Subject: Re: Is it possible to return SSO cookie using ticket generated usingRestful Api? You can't. They are mutually exclusive. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: <http://www.linkedin.com/in/scottbattaglia> [The entire original message is not included]
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
