Hi there well there are different options for you.
I've recently set up an web sso solution based on WS-Federation Passive Requestor Profile and SAML. This is described here: http://owulff.blogspot.com/2011/11/configure-tomcat-for-federation-part.html http://owulff.blogspot.com/2011/10/configure-and-deploy-identity-provider.html You can also attach an LDAP (but use a file based store for mock testing) http://owulff.blogspot.com/2011/10/configure-ldap-directory-for-cxf-sts.html This web application consumed then different kind of web services on behalf of the logged in user at the web session (SAML and custom BST). This could be an option for you as it supports RBAC and more fine grained authorization based on claims (WS-Trust, WS-Federation). If you want to use CAS, you could customize the CXF STS by addind a custom TokenProvider/Validator where a CXF service could delegate the validation of the BST to the STS. You can find more information about that here: http://coheigea.blogspot.com/2011/10/apache-cxf-sts-documentation-part-iii.html HTH Oli ------ Oliver Wulff http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: [email protected] [[email protected]]" im Auftrag von "Jason Pell [[email protected]] Gesendet: Mittwoch, 8. Februar 2012 11:39 Bis: [email protected] Betreff: samples of Cas ws-security, probably either STS or custom bst Hi, I am looking at using CAS (Central Authentication Service - www.jasig.org/cas) I can see that spring can support in the web layer I am looking for examples of cxf validating a proxy ticket or are there better SSO options that I could be prototyping my basic architecture is: A GWT front end with a SSO login page (hosted by CAS and triggered because of spring security filter) GWT rpc services delegate to soap webservicea these soap web services are to be authenticated with the cas ticket created as part of logging into gwt. both gwt and services layer and cas will all be pointing at same ldap. gwt and services only for authorisation and cas only for authentication.
