Guimaraes, Patricia (NIH/NLM) [C] escribió: > Did you mean this instead:
Indeed. Sorry for the typos. > That is, if I go to http://app2/, shouldn’t I be redirected to > http://cas/login?service=http://app2/ and after authentication, be > redirected to* *http://app2/?ticket=ST instead of > http://app/?ticket=ST? If that is the case, then I guess the TGT is > really not tied to the service passed as a parameter to the /cas/login > URL. It is only used to redirect the user to that service after > authentication is complete. Is that correct? The TGT is stored in the user's session cookie for the CAS domain in order to grant new STs when needed. TGT is not tied to a service and if you pass it as the 'service' parameter it won't validate (at least in my setup using mod_auth_cas) -- you need a ST for that. > Also, when you say “if SSO is enabled”, isn’t SSO enabled by default > unless the renew parameter is specified and set to true? Yes. And also unless you disable SSO in a per-service basis on the service management interface (/cas/services) > I apologize if these seem like basic questions, but I’m really trying to > get a better understanding of how CAS works. I'm not an expert in CAS myself, but I hope to be helpful. -- José Miguel Parrella Romero (bureado.com.ve) PGP: 0×88D4B7DF Debian Developer Caracas, VE/Quito, EC -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
