Yan, CAS creates a TGC (ticket granting cookie) that it uses to look up the SSO session. It is (typically) not available to client application.
Ray On Thu, 2019-05-02 at 15:38 -0700, Yan Zhou wrote: Hello, CAS has a nice diagram explains CAS protocol, how it achieves SSO, by using cookie. With CAS5, I can achieve SSO with two clients, one speaking CAS protocol, the other speaking OpenID Connect. How did CAS do that, is that by the use of cookie as well? I do not think OpenID Connect itself uses cookie. Any idea? Similarly, if two clients both speak OpenID Connect, is cookie support still required for CAS to support SSO between them? Thx! Yan -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/04fb4e2e07de1d8ae03590870b973b7a9befa028.camel%40uvic.ca.