Hi, I'm willing to implement the possibility for users to delegate their authentication to another CAS server.
Thinking of it, I wonder which is the , I wanted to have you point of view on the implementation of all this. _Use case :_ Two CAS servers : myCASServer and partnrCASServer 1- When asked for login/pass on myCASServer, the user click on "Use [partnrCASServer] authentication instead" 2- We save his 'service' parameter in his context and redirect him to https://[partnrCASServer]/login?service=https://[myCASServer]/stValidator 3- When he comes back on /stValidator with a ServiceTicket, myCASServer validates this ST on partCASServer, gets the NetID of the user, and create the Authentication object on myCASServer. _Implementations ideas :_ 1- /stValidator is protected with a CAS authentication filter. 2- Rely on PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction for getting a Principal from the authentication filter. 3- If we receive ST from different CAS servers, a specific URL will be used for each of them (/stPartnr1Validator, /stPartnr2Validator etc...) But then, I'm wondering the best way to implement it in the Spring framework. As I'm not an expert in Spring there might be a better way... : - Do I define another web flow for /stValidator with an <action> bean : on="success" to="sendTicketGrantingTicket", just like the login-webflow ? or - Do I declare a controller bean that will call a PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction and then interact with the centralAuthenticationService...? or - better idea?? Romain _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
