No, it does not. The SSO session only indicates the user is logged into CAS-- it does not facilitate communication between the service providers.
Thanks, Carl ----- Original Message ----- From: "Swapnil Admulwar" <swapniladmul...@gmail.com> To: jasig-cas-...@googlegroups.com Cc: cas-dev@lists.jasig.org, cas-dev@lists.jasig.org, cas-dev@lists.jasig.org, waldb...@lafayette.edu Sent: Friday, December 12, 2014 8:32:43 AM Subject: Re: [cas-dev] How 'isAuthenticated' api works internally? Hi, To give you some context, at a high level, we are wanting to implement Cross Domain SSO We have some sense of CAS SSO Authentication, however we cannot comprehend how Cross Domain SSO works with CAS What we would want to achieve is as follows : User authenticates using CAS on www.D1.com. Then in a new browser tab, user navigates to www.D2.com. Now we would want www.D2.com to know that the user already signed-in into www.D1.com and hence www.D2.com should display Page1.PHP, and if the user is found to be unauthenticated user should display Page2.PHP Would you know, if the PHP CAS client exposes such an API that www.D2.com can call to verify if user is already authenticated on www.D1.com ? Thanks!!! On Friday, 12 December 2014 17:43:38 UTC+5:30, Waldbieser, Carl wrote: > > when the user attempts to use your php app that calls > forceAuthrntication(), the program checks its local session and sees the > user is not authenticated. So it issues a redirect to the CAS server. > > At the CAS server the user logs in. The browser gets a cookie (TGC) for > the CAS server domain. The CAS server alsi redirects the user back to your > webapp with a random string (ST) as a url parameter. The ST is only valid > for ~10 seconds. > > The forceAuthenticate() call sees the ST in the url, so it makes an HTTPS > request (server to server- not via the user's browser) to CAS. CAS > validates the ST and returns the user id and optionally some attributes for > the user. > > Thanks, > Carl > > > Swapnil Admulwar <swapnil...@gmail.com <javascript:>> wrote: > > Hi, > > You mean to say that, when CAS server authenticate any user it store it's > ST at client side. > > If yes then where it stored it? > > I want to say that, from where this ST is available for the > 'phpCAS::forceAuthentication()' api? > > On Friday, 12 December 2014 00:17:22 UTC+5:30, Waldbieser, Carl wrote: >> >> >> phpCAS::forceAuthentication() is going to validate the ST presented to >> the page or redirect the user's browser to CAS to authenticate. >> When the ST is validated, the user ID is returned as part of the >> validation process. You can access it via `phpCAS::getUser()`. >> >> Thanks, >> Carl Waldbieser >> ITS Systems Programmer >> Lafayette College >> >> ----- Original Message ----- >> From: "Swapnil Admulwar" <swapnil...@gmail.com> >> To: cas...@lists.jasig.org >> Sent: Thursday, December 11, 2014 11:57:59 AM >> Subject: [cas-dev] How 'isAuthenticated' api works internally? >> >> Hi, >> I know if we call "static phpCAS::isAuthenticated ()" it will return me >> 'True' >> if user is authenticated otherwise 'False'. >> But how this api knows that which user need to be authenticated? >> also how it do the authentication. >> >> Please Can any one tell me which API should I call >> before calling 'isAuthenticated' api? >> >> So any help would be greatly appreciated. >> Thanks!!! >> >> -- >> You are currently subscribed to cas...@lists.jasig.org as: >> wald...@lafayette.edu >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> -- >> You are currently subscribed to cas...@lists.jasig.org as: >> jasig-cas-dev+...@googlegroups.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> > -- > You are currently subscribed to cas...@lists.jasig.org <javascript:> as: > jasig-cas-dev+...@googlegroups.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
