On Mon, Oct 12, 2009 at 9:15 PM, Jayson Ash <[email protected]> wrote:
> <snip /> > > That said, since reading the other emails about the subject still leaves me > confused with the browser never sending the cookie to the webapp but to CAS > instead. How does the webapp know when to redirect the browser to the CAS > login page? > The client redirects when there is no valid user in the session for the web application. > > > David Jefferson wrote: > >> Well... I have read those docs several times but it has not sunk in >> yet...<SIGH> >> >> So... If I'm starting to understand correctly... I can put aside for the >> moment questions about the cookie that CAS server generates for SSO support >> since I don't need to support SSO (yet) and the cookie does not come in to >> play for a single client app authenticating against CAS. >> >> In the CAS 1 arch doc it discusses setting up a jsp to accept the "ticket" >> attribute on the request from from CAS, and then I need to invoke the call >> to validate the ticket and inspect the response. Looking at the example >> given at >> >> >> http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml >> >> for integrating a client app with the CAS server, it seems to imply that >> the validation filter provided in the CAS client jar will handle this for >> me. >> Does the validation filter do what I assume it does or do I need to >> validate the ticket in my client code as described in the CAS 1 doc? >> Finally..., >> After validation the service ticket is removed from the ticket registry. >> When the authenticated user tries to navigate from page A to page B CAS >> client authentication filter sends a new request to CAS server, CAS server >> verifies that the service and netid are ones that it recognizes as current >> and that the user has been authenticated (if yes, how does CAS check this?), >> CAS server generates a new service ticket, CAS sends the new ticket back to >> the app service, CAS client validation filter validates the new ticket, if >> all is good the user is redirected to page B. Is this correct? >> >> >> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
