Hi everyone! CAS proxy stuff addresses communications between services on behalf of user who initiates them. However it does not say anything about cases of asynchronous requests.
When asynchronous request is made there is no user session available so I don't see how they can be done on behalf of particular user. Maybe there is some way, please explain it then. Another option I can suggest is making such calls on behalf of service itself. Are there any recomendations about how such calls should be authenticated? Creating service accounts on CAS and storing service login/password in plaintext on services doesn't seem to be very secure. Additionally, making call on behalf of service grants it pretty many privileges (it has access to all user accounts on target service because we do not have any knowledge about whose account is being processed during this request. Waiting for your reply -- Marat Radchenko, Dev Lead at Pronto-Moscow _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
