I have given two scenario's in the former its just the ticket generation, validation and redirection, in the later its about SSL communication
This is what i understood about SSO using CAS (excluding proxy communication) pls. correct me if i am wrong, 1. User requests to contact the Service url (myapp) through https (Cas cant work without https) 2. Service creates a Ticket Granting Cookie and attaches a Ticket Granting Ticket and TGC is stored in the User's browser. 3. Then the Service "redirects" the browser to the CAS login page 4. User enters username and password ( login ticket is added to the post), presses submit button 5. If authentication is successful, CAS appends the Service ticket to the Service url (myapp) and "redirects" to Service (myapp) 6. Now the Service ticket is verified with the Ticket granting ticket if both are equal then user is "authorized" to use the Service Service ticket is verified with the Ticket granting ticket, if this is correct where does it happen i mean is it on the Service server or CAS server or user's computer (where TGT is stored in TGC) What happens to the login ticket once its generated does it stay in the CAS server or User's machine ? Wherever i have mentioned redirects in the above points, are those really redirects (ie., CAS --> browser --> Service) or it is CAS --> Service I think the service ticket will be valid till the time user uses the service, it would be invalid if the user navigates to other service or he closes the browser. I think SSL communication between user / Service / CAS works this way (again pls. correct me if i am wrong) a. User contacts the Service, he is thrown the certificate and he accepts it. b. Now the service redirects to CAS c. After successful login authentication, CAS requests the Service for public key d. Service sends the public key to CAS e. CAS checks the Service public key with its own key, if keys are equal the redirect to Service url which User requested in the beginning. If it fails it just redirects to a unknown page (as it is happening to me in the posts here) org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler does it use default trust store to authenticate with the service, if so the changes i have done should have worked. Thanks. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
