Hi Arjohn, On Dec 2, 2009, at 12:34 PM, Arjohn Kampman wrote:
> Hi Rhett, others, > > Thanks for your suggestion. Since I'm fairly new to the subject, I > hope > you (and others) can help me a bit to get things clear. > > If I understand you correctly, you are suggesting to use a CAS proxy > ticket as an authentication token. However, such a token can only be > sent once to a CAS server for verification. This very much looks > like a > problem for (preemptive) authentication in consecutive requests. Or am > I overlooking something? That's correct. When the client application is using proxy tickets for authentication, it needs to get a new proxy ticket from the CAS server for each request. This was intentional in the design of CAS. Rhett > > Regards, > > Arjohn > > > Rhett Sutphin wrote: >> If I were adding support for just CAS, I would define a new challenge >> scheme (call it something like cas_proxy_ticket) and define a Guard >> and AuthenticationHelper pair which handle this scheme. This would >> mean that a client would need to acquire a proxy ticket and then >> include it in the HTTP request as the Authentication header, >> something >> like >> >> Authentication: cas_proxy_ticket PT-123456789 >> >> Rhett > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2426434 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2426475