This is helpful for clearing up a bit of my confusion, but I'm wondering how exactly the webapp could validate a CAS-enabled webapp session. I understand that the browser receives a "Ticket Granting Cookie", TGC, of which is mentioned little about in the architecture docs and is also an optional component of a CAS system. To present the appearance of SSO, the TGC is required. The Service ticket, the thing that expires as soon as it is used, validates the session on the CAS-enabled webapp. Upon success with the validation of the service ticket, a TGC is sent to the browser. The existence of the TGC seems to be a clue into the world of validating a CAS-enabled webapp session. Is this how an CAS SSO solution is supposed to work?
Quoting Marvin Addison <[email protected]>: >>> Perhaps unnecessary redirects, redirects that >>> happen when a user is logged in already, could be avoided by storing data >>> via the session with the webapp? > > I think we need to clarify what session you mean. The SSO session or > the session of the CAS-enabled Web application? Assuming you mean the > webapp session, then most CAS clients do store authenticated state to > prevent unnecessary redirects to CAS every time. Note that this > client feature is entirely optional; CAS has full support for > stateless authentication scenarios. > >> I think a better question would have been: Where in the CAS architecture >> does session validation take place? > > Again, assuming you mean validating the authenticated state of a > CAS-enabled webapp, then it's not formally part of either the protocol > or the CAS architecture per se. Most CAS clients store the > authenticated state to prevent redirects other than on session > creation. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
