In that email thread, the issue is that the browser initially has no session with the proxy protecting the resouce. When the proxy redirects the user to the CAS service using a GET, the initial POST data is lost.
If this is analogous to what is happening in the original poster's case, the way to get around it is to make 2 requests. The first to a GETable resource. This establishes an authenticated session with the service by doing the CAS dance. The second request would need to use the session cookie from the first request when it made the POST and CAS would get out of the way. Strictly speaking, that is not a RESTful API. It would make more sense for a RESTful API to hand out an access token in response to a GET for a valid CAS service ticket. The access token could then be used to authenticate to the rest of the API without having to monkey around with cookies and sessions. Thanks, Carl Waldbieser On Aug 21, 2015 6:03 PM, "Andrew Morgan" <mor...@orst.edu> wrote: > Have a look at this email thread: > > https://groups.google.com/forum/#!topic/jasig-cas-user/if0SQ0gUbp8 > > It's an old problem. > > I'm not sure how CAS JASPIC works, but I've seen the Java cas client in > action. It seems to consume the ST, validate the ST, then redirect the > client to the original resource. Like this: > > GET /foo?ST=12345 > (processing happens to validate the ST) > RESPONSE: 302 REDIRECT /foo > GET /foo > > > When the redirect happens, the POST data is lost. > > It might work if you switched from POST to GET. > > You can read about some options and recommendations in the email thread > above. > > Andy > > On Fri, 21 Aug 2015, Mahantesh Prasad Katti wrote: > > >> Has anybody run into this problem? Do you think i need to explain this >> problem better or provide additional info? >> >> Regards >> Prasad >> >> From: Mahantesh Prasad Katti >> Sent: Friday, August 21, 2015 2:39 PM >> To: cas-user@lists.jasig.org >> Subject: [cas-user] problem with POST requests >> >> Hi , >> >> We have a casified java application. This application exposes a bunch of >> REST apis. When accessing POST APIs from another application by explicitly >> obtaining the service ticket and appending it to the target URL, the calls >> are failing. Apparently, the after the ticket validation happens >> successfully, the POST body data gets lost and the service call fails >> because of that. Do we need to modify the server auth module to handle this >> scenario? Note that this happens for POST calls only. The get calls work >> just fine. >> >> We are using the CAS JASPIC jar available from google groups. Any help is >> appreciated. >> >> Regards >> Prasad >> >> >> >> >> >> -- >> >> You are currently subscribed to cas-user@lists.jasig.org as: >> mahantesh.ka...@indecomm.net >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> mor...@orst.edu >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-user@lists.jasig.org as: > cwaldbie...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
