Hi,
I sent an email earlier on this topic I believe and did not receive any response. I thought I would try once more just to see if things have changed. Has anyone tried integrating the OpenFire (formerly WildFire) chat server with CAS? Basically, my plan is to write a custom chat client for OpenFire using Flex. I would require the user to log in first before they can get to the chat client. This should ensure that the cookie containing the CAS ticket is in the browser and I should be able to access that cookie from Flex. I could retrieve the cookie and pass the CAS ticket to the OpenFire server in lieu of a password. The OpenFire server allows you to plug in a custom authentication module to handle the authentication. It is passed the username and password and it returns true or false indicating whether the credentials are valid. So I think it should be relatively straightforward to write a module that accepts the CAS ticket and validates it by calling the CAS ServiceValidate service. There are a couple of things I still have questions about. First, although OpenFire allows the authentication to be customized, it appears that it still expects the username to be passed in as part of the login. I do not see any way to inform OpenFire of the username AFTER the authentication occurs and if I understand CAS correctly you do not know the actual username until the ticket is validated. How hard would it be to customize CAS to return the username to the browser (e.g. in the form of another cookie) so that the client can pass in the real username rather than a placeholder or null? Is there some security reason that is not obvious to me that this should not be done? Second, when I write the custom authentication module, should it be as simple as just calling the ServiceValidate service and getting either an error response or a success response (with username)? What is the best Java client to look at for an example of what I need to do? Keep in mind that the chat server is not a web server so I don't think (tell me if I'm wrong) any of the existing Java clients can be use as-is. I am interested in any thoughts, suggestions, or recommendations. Or if I'm crazy, please feel free to tell me that, too. :-) Bill Bailey Senior Developer / DBA Northland, A Church Distributed
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
