Hi, I have received a lot of questions about OAuth server support in the CAS server.
OAuth v2.0 is an authorization protocol with severel possible flows. The main one is certainly the ability for an application to access some ressources on a server on behalf of a user, which requires the user to authenticate and authorize the access. Though, the current support in CAS is pretty simple: the OAuth access token is in fact a TGT, which makes various access from various OAuth applications completely indistinguishable. Which is in fact not a problem, as the resource accessed is the complete user profile. Moreover, the only possible flow is the authorization code grant type, which means that the user will go through a regular web CAS login process. That said, if you have an android app, the best way is to authenticate using the REST API, the credentials will be check against a CAS server to get a TGT, and then ST for services. Using the OAuth protocol support would require to display a web login page... Best regards, Jérôme 2014-04-05 14:16 GMT+02:00 fnkb <[email protected]>: > Hi! > I am new in CAS and i need your opinion about the following. > > I have created a Jasig CAS server by following the Maven WAR Overlay > Method. In this CAS server i have the restful api, the LDAP and the > OAuth2.0 protocol, configured. > > I have read a lot of stuff about rest, oauth and cas but i am a little bit > confused. > > I want to do to log in to CAS via an android app. I'm considering of > making a rest service that uses the OAuth2.0 protocol for logging in to > CAS. This service will be called from the android application. > > So is it possible to log in to CAS with this method? > > If yes, are there any references for understading this better? > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
