The application should never have the TGT – that opens up a big security vulnerability.
Instead you should look into using Proxy CAS, with which a service can transmit identity to another service. https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough Best regards, -- Carlos. From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Yan Zhou Sent: Tuesday, 01 November, 2016 15:22 To: CAS Community Subject: [cas-user] Can application get TGT ticket? Hello, CAS protocol does not let the apps (CAS client) get TGT ticket. We have a need for that. We have two web apps, both are casified in CAS 4.1.X. One web app has AngularJS (Javascript) front end, and, the other webapp is UI-Less, it just offers REST services. Javascript code in App A wants to call REST API in App B. We run into problem with CORS, etc. But, even after CORS are enabled, still run into trouble. So, the thought is, if Javascript code can get hold of TGT after user login to the app. A, then, JS code call use CAS REST API to authenticate against the 2nd app (the UI-less REST Services). Is that a bad idea, and how is that possible? Yan -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html <http://spamburger.sju.edu/canit/urlproxy.php?_q=aHR0cHM6Ly9hcGVyZW8uZ2l0aHViLmlvL2Nhcy9NYWlsaW5nLUxpc3RzLmh0bWw%3D> - CAS documentation website: https://apereo.github.io/cas <http://spamburger.sju.edu/canit/urlproxy.php?_q=aHR0cHM6Ly9hcGVyZW8uZ2l0aHViLmlvL2Nhcw%3D%3D> - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60e5fea-2a9b-4515-8a92-a7c2c8769497%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60e5fea-2a9b-4515-8a92-a7c2c8769497%40apereo.org?utm_medium=email&utm_source=footer> . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/015e01d23478%2478465200%2468d2f600%24%40sju.edu.
