Re: CAS + OpenFire

Thu, 24 May 2007 13:26:57 -0700 

Hey Bill,
Openfire looks cool -- I'd love to hear how it works out for you. Thoughts below. 

On May 23, 2007, at 9:56 AM, Bill Bailey wrote:

There are a couple of things I still have questions about.


First, although OpenFire allows the authentication to be  
customized, it appears that it still expects the username to be  
passed in as part of the login. I do not see any way to inform  
OpenFire of the username AFTER the authentication occurs and if I  
understand CAS correctly you do not know the actual username until  
the ticket is validated.
How hard would it be to customize CAS to return the username to the  
browser (e.g. in the form of another cookie) so that the client can  
pass in the real username rather than a placeholder or null? Is  
there some security reason that is not obvious to me that this  
should not be done?

An alternative approach would be to have your FLEX webapp validate  
the proxyticket, get the NetID, and then obtain a proxy ticket. You  
could then pass the username and the proxy ticket directly to  
openfire. This has the advantage that you could then restrict  
Openfire to only accept CAS auth from that webapp (if so desired) --  
or all the other magic that proxy chains let you accomplish.

Second, when I write the custom authentication module, should it be  
as simple as just calling the ServiceValidate service and getting  
either an error response or a success response (with username)?  
What is the best Java client to look at for an example of what I  
need to do? Keep in mind that the chat server is not a web server  
so I don’t think (tell me if I’m wrong) any of the existing Java  
clients can be use as-is.



I know one of Scott's goals in the JA-SIG CAS Java Client 3.0 rewrite  
was improved modularity -- it sounds like this would be a great use- 
case for the new code.


Scott?

Jason

--

Jason Shao
Application Developer
Office of Instructional & Research Technology
Rutgers University
v. 732-445-8726 | f. 732-445-5539 | [EMAIL PROTECTED]



_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas






















					Reply via email to