Thanks Bill. Let me give a few more details, because I still have questions.
My JS application is in a widget container secured by CAS which I have no control over. Each widget is an entirely separate web page. My web application is currently not secured by CAS, but I could certainly add that if it makes things easier. Essentially, the outer container provides the CAS Auth. So all of that being said if I am reading your response correctly my JS application would make a request to: https://foo.bar.com/is/cas/serviceValidate?ticket=ST-956-Lyg0BdLkgdrBO9W17bXS&service=http://localhost/bling but how do I obtain the ticket from my JS code? assuming I have the ticket, this will give me the username. next I make a request to https://foo.bar.com/is/cas/serviceValidate?ticket=ST-956-Lyg0BdLkgdrBO9W17bXS&service=http://localhost/bling&pgtUrl=https://foo.bar.com/pgtCallback which will result in a PGTIOU. The PGT will be delivered to https://foo.bar.com/pgtCallback. Using this I make a request to https://foo.bar.com/is/cas/proxy?targetService=http://localhost/bongo&pgt=PGT-330-CSdUc5fCBz3g8KDDiSgO5osXfLMj9sRDAI0xDLg7jPn8gZaDqS The client will then have a PT. It feels like I am missing something because I hadn't expected so many steps in order to be able to get the username and some token by which openfire could say that a user had been authenticated by cas. Reading http://www.jasig.org/cas/proxy-authentication the example of the email client seems synonymous with what I'm trying to do, but I suppose that's doing the same things just not providing the details since it says the portal takes it's PGT and to get a PT which it then gives to the IMAP server. If I have said something incorrectly or if there is something I am missing please let me know. Any information is appreciated. On Wed, May 11, 2011 at 9:05 PM, William G. Thompson, Jr. <wgt...@gmail.com>wrote: > Assuming the web page that is serving up the chat client is protected > with CAS... > * after authN and before you server up the chat client, obtain a proxy > ticket (PT) for openfire via the PGT > * pass the PT to the chat client > * the chat client sends the PT to openfire > * CASified openfire (CASAuthProvider) validates the PT and gets back > "valid ticket for username proxied thru chatclient" > > https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough > > Best, > Bill > > On Wed, May 11, 2011 at 4:52 PM, Jamie Johnson <jej2...@gmail.com> wrote: > > My organization is currently using CAS to provide SSO and are also using > a > > custom thin client chat application (developed using Strophe.js) to > > communicate to an openfire server. We have now been asked to look at > making > > the chat login also use SSO. I have googled a bit looking for solutions > and > > the only thing I have found seems to point at writing a custom > AuthProvider > > on the Openfire side and having the client pass the username and the > ticket > > to openfire for authentication. I can see how in theory how this would > work > > but I don't see how from the JavaScript side I can get access to the > > username and ticket to use to verify the user has been authenticated in > > CAS. Is there a way to do this from JavaScript? If not is there a more > > appropriate way to attempt this? > > > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > > wgt...@gmail.com > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > jej2...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user