RE: [cas-user] Validating Service Tickets in POST requests - Securing WS

Tue, 15 Sep 2015 21:43:04 -0700 

Correct.



From: Manfredo Hopp [mailto:mhopp.coni...@gmail.com]
Sent: Tuesday, September 15, 2015 5:41 PM
To: cas-user@lists.jasig.org
Subject: Re:[cas-user] Validating Service Tickets in POST requests - 
Securing WS



I understand that post url shouldnt be registered as cas service. Is this 
correct?

El martes, 15 de septiembre de 2015, Misagh Moayyed <mmoay...@unicon.net 
<mailto:mmoay...@unicon.net> > escribió:

Sorry, I meant to respond to Jérôme with the message below.



To answer your question, you need to establish an authn session with GET 
request first before doing anything posts.



From: Misagh Moayyed [mailto:mmoay...@unicon.net 
<javascript:_e(%7B%7D,'cvml','mmoay...@unicon.net');> ]
Sent: Tuesday, September 15, 2015 8:41 AM
To: cas-user@lists.jasig.org 
<javascript:_e(%7B%7D,'cvml','cas-user@lists.jasig.org');>
Subject: RE: [cas-user] Validating Service Tickets in POST requests - 
Securing WS



Possible bug. Try adding:



<meta name="viewport" content="width=device-width, initial-scale=1">



to the html tag and test on the device. Post back results please.



From: Manfredo Hopp [mailto:mhopp.coni...@gmail.com 
<javascript:_e(%7B%7D,'cvml','mhopp.coni...@gmail.com');> ]
Sent: Tuesday, September 15, 2015 7:58 AM
To: cas-user@lists.jasig.org 
<javascript:_e(%7B%7D,'cvml','cas-user@lists.jasig.org');>
Subject: [cas-user] Validating Service Tickets in POST requests - Securing 
WS



Hi,





we are trying to  secure some of our Web Services with Cas, generating a 
Service Ticket for each access with a Jersey client.



There is no problem with GET requests since Service Ticket is validated from 
QueryParameter, but with POST requests this is not possible, since there are 
no QueryParameters.



Is this approach correct or should we go other way round?



Thank you Manfredo




-- 
You are currently subscribed to cas-user@lists.jasig.org 
<javascript:_e(%7B%7D,'cvml','cas-user@lists.jasig.org');>  as: 
mmoay...@unicon.net <javascript:_e(%7B%7D,'cvml','mmoay...@unicon.net');>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org 
<javascript:_e(%7B%7D,'cvml','cas-user@lists.jasig.org');>  as: 
mmoay...@unicon.net <javascript:_e(%7B%7D,'cvml','mmoay...@unicon.net');>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to cas-user@lists.jasig.org 
<javascript:_e(%7B%7D,'cvml','cas-user@lists.jasig.org');>  as: 
mhopp.coni...@gmail.com 
<javascript:_e(%7B%7D,'cvml','mhopp.coni...@gmail.com');>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org 
<mailto:cas-user@lists.jasig.org>  as: mmoay...@unicon.net 
<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to