I understand the docs perfectly, aside from the nitty gritty details
involving how the TGC comes into play, it only took two hours of
pondering, reading, reconsidering, and rereading. The record of the
chronological sequence of events is lost in the shuffle of details, but
with tenacious patience, years of experience with careful meticulous
training in the arts of reading documents for open source projects, and
plenty of time to sweep up the lost hair from the top of one's head,
anyone can easily overcome the ominous resistance for those documents to
be understood.
That said, since reading the other emails about the subject still leaves
me confused with the browser never sending the cookie to the webapp but
to CAS instead. How does the webapp know when to redirect the browser
to the CAS login page?
David Jefferson wrote:
Well... I have read those docs several times but it has not sunk in yet...<SIGH>
So... If I'm starting to understand correctly... I can put aside for the moment
questions about the cookie that CAS server generates for SSO support since I
don't need to support SSO (yet) and the cookie does not come in to play for a
single client app authenticating against CAS.
In the CAS 1 arch doc it discusses setting up a jsp to accept the "ticket"
attribute on the request from from CAS, and then I need to invoke the call to validate
the ticket and inspect the response. Looking at the example given at
http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
for integrating a client app with the CAS server, it seems to imply that the validation filter provided in the CAS client jar will handle this for me.
Does the validation filter do what I assume it does or do I need to validate
the ticket in my client code as described in the CAS 1 doc?
Finally...,
After validation the service ticket is removed from the ticket registry. When the authenticated user tries to navigate from page A to page B CAS client authentication filter sends a new request to CAS server, CAS server verifies that the service and netid are ones that it recognizes as current and that the user has been authenticated (if yes, how does CAS check this?), CAS server generates a new service ticket, CAS sends the new ticket back to the app service, CAS client validation filter validates the new ticket, if all is good the user is redirected to page B. Is this correct?
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
