Thanks so much for the clarification. Ok, so I have an idea how CAS works, but now the trick is somehow incorporating CAS SSO and my existing STS in my project. From what you're telling me, everything for CAS is done within the CAS server, and I can't retrieve 'stuff' from within my browser.
Because I'm not using CAS to login and create the service ticket, could I try to initially use the /VALIDATE (or /serviceValidate) url to see if one already exists? My thought is that if that doesn't work (no SSO cookie) then go through my normal STS authentication process. I'm really not that familiar with the things that are happening under the covers, so I don't know if this integration would be possible or not. Reading the CAS Protocol page, http://www.jasig.org/cas/protocol, I see that there are required parameters for /Validate, but if I'm redirecting to this url where would 'service' and 'ticket' come from? Can they be extracted from the browser cookie if the user has previously logged in? I see that if all of the above is possible, I would get an XML response. >From this I'd extract what I need. I'm not sure how I'd go about this yet, but if I have the info I know that I can get it somehow. Any thoughts or suggestions? Thanks! On Thu, Feb 27, 2014 at 2:39 PM, Clemens Stich <[email protected]>wrote: > Hi Richie, > > Here a first quick reply: > You cannot grab the CAS cookie in your application as CAS itself issues > this cookie with restriction to only the CAS server URL, meaning that the > cookie is not sent to your application. > Your CAS client authentication APIs make calls to the CAS server and > therefore this cookie is automatically sent to the CAS server as here the > cookie comain matches. > This behvaiour makes perfectly sense as it makes the CAS SSO secure. > Otherwise other applications / persons could grab this cookie and exploit > it. > > > > 2014-02-27 17:49 GMT+01:00 Richie <[email protected]>: > >> I'm hoping that someone will be able to point me in the correct direction. >> >> I have an existing project that uses .NET CAS (C#, framework 4), and >> everything works great with SSO for these other applications. I didn't >> have anything to do with the original building of this site, and those >> sites that use SSO. To make matters worse there doesn't seem to be anyone >> to talk with to find out how they're making this work, so I'm hoping the >> community can. >> >> My issue is that I'm trying to incorporate an existing Secure Token >> Server to read the CAS cookie/token/ticket (not sure what it's called) to >> determine the logged in user's name. That's it. I just need to know how >> to grab the CAS cookie using C# .NET, and decrypt it to get a >> username. Sounds easy enough, right? >> >> Here's what I've tried: When I authenticate with the CAS application on >> one browser tab, then open another and run my STS authenticated >> application. In code I try to grab all cookies in the browser, but I can't >> seem to locate the CAS cookie. Can someone provide a code example for how >> this would be done, or walk me through a high level explanation? >> >> Thanks for your time! >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
