subject:"\[cas\-user\] where is CAS TGC cookie stored in brower\?"

Re: [cas-user] where is CAS TGC cookie stored in brower?

2018-12-04 Thread Paramvir Singh Karwal

Thanks Ray,
That clears my confusion.

On Tue, 4 Dec 2018 at 10:38 PM, Ray Bon  wrote:

> Paramvir,
>
> I assume that by session cookie you mean your client application's session
> cookie and not CAS's TGC.
> The client application is responsible for managing its own session. Once
> the user has been authenticated (service ticket validated), CAS is no
> longer required.
>
> Ray
>
> On Tue, 2018-12-04 at 03:22 -0800, Paramvir Singh Karwal wrote:
>
> Hi Andy,
>
> My question is regarding the validation of session cookie, though first
> time, the service ticket is validated by calling CAS's endpoint, but in
> subsequent calls from the browser to application only session cookie is
> sent, how does application validates session cookie, does application
> server makes a record of the session cookie which can be checked with the
> incoming calls containing session cookie. As depicted in the diagram there
> is no call to CAS's from application server to validate the cookie this
> time.
>
> On Saturday, October 22, 2016 at 3:17:39 AM UTC+5:30, Andrew Morgan wrote:
>
> On Fri, 21 Oct 2016, Yan Zhou wrote:
>
> > Hello,
> >
> > It was said that the TGT cookie (TGC) is hidden, so that we won't see
> it.
> >
> > I am curious how browser can send such hidden cookie to CAS, when user
> goes
> > to apps?  If browser can see it, there should be a way for us to see it.
> >
> > The reason I am asking is because I noticed that Ajax XhrRequest does
> not
> > seem to send TGC cookie in some circumstances, so I need to investigate.
>
> The TGC is set by the CAS server using the domain of the CAS server.  For
> example, my CAS server is at https://login.oregonstate.edu/cas/ and the
> TGC has a domain of "login.oregonstate.edu" and a path of "/cas".  The
> browser will only send the cookie to the CAS, not the CAS client.
>
> The TGC persists the SSO session.  It is not used by client applications.
> They receive a Service Ticket (ST) appended to the URL and validate the ST
> by calling CAS's /serviceValidate endpoint.
>
> A more complete description of this can be found at:
>
>https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html
>
> Thanks,
>  Andy
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543943315.2944.37.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJNOhayguXuysBwOGHS9EFroUsOO9MAf4H0__gim7EfnTZUzCg%40mail.gmail.com.

Re: [cas-user] where is CAS TGC cookie stored in brower?

2018-12-04 Thread Ray Bon

Paramvir,

I assume that by session cookie you mean your client application's session 
cookie and not CAS's TGC.
The client application is responsible for managing its own session. Once the 
user has been authenticated (service ticket validated), CAS is no longer 
required.

Ray

On Tue, 2018-12-04 at 03:22 -0800, Paramvir Singh Karwal wrote:
Hi Andy,

My question is regarding the validation of session cookie, though first time, 
the service ticket is validated by calling CAS's endpoint, but in subsequent 
calls from the browser to application only session cookie is sent, how does 
application validates session cookie, does application server makes a record of 
the session cookie which can be checked with the incoming calls containing 
session cookie. As depicted in the diagram there is no call to CAS's from 
application server to validate the cookie this time.

On Saturday, October 22, 2016 at 3:17:39 AM UTC+5:30, Andrew Morgan wrote:
On Fri, 21 Oct 2016, Yan Zhou wrote:

> Hello,
>
> It was said that the TGT cookie (TGC) is hidden, so that we won't see it.
>
> I am curious how browser can send such hidden cookie to CAS, when user goes
> to apps?  If browser can see it, there should be a way for us to see it.
>
> The reason I am asking is because I noticed that Ajax XhrRequest does not
> seem to send TGC cookie in some circumstances, so I need to investigate.

The TGC is set by the CAS server using the domain of the CAS server.  For
example, my CAS server is at https://login.oregonstate.edu/cas/ and the
TGC has a domain of "login.oregonstate.edu" and a 
path of "/cas".  The
browser will only send the cookie to the CAS, not the CAS client.

The TGC persists the SSO session.  It is not used by client applications.
They receive a Service Ticket (ST) appended to the URL and validate the ST
by calling CAS's /serviceValidate endpoint.

A more complete description of this can be found at:

   https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html

Thanks,
 Andy

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543943315.2944.37.camel%40uvic.ca.

Re: [cas-user] where is CAS TGC cookie stored in brower?

2018-12-04 Thread Paramvir Singh Karwal

Hi Andy, 

My question is regarding the validation of session cookie, though first 
time, the service ticket is validated by calling CAS's endpoint, but in 
subsequent calls from the browser to application only session cookie is 
sent, how does application validates session cookie, does application 
server makes a record of the session cookie which can be checked with the 
incoming calls containing session cookie. As depicted in the diagram there 
is no call to CAS's from application server to validate the cookie this 
time.

On Saturday, October 22, 2016 at 3:17:39 AM UTC+5:30, Andrew Morgan wrote:
>
> On Fri, 21 Oct 2016, Yan Zhou wrote: 
>
> > Hello, 
> > 
> > It was said that the TGT cookie (TGC) is hidden, so that we won't see 
> it. 
> > 
> > I am curious how browser can send such hidden cookie to CAS, when user 
> goes 
> > to apps?  If browser can see it, there should be a way for us to see it. 
> > 
> > The reason I am asking is because I noticed that Ajax XhrRequest does 
> not 
> > seem to send TGC cookie in some circumstances, so I need to investigate. 
>
> The TGC is set by the CAS server using the domain of the CAS server.  For 
> example, my CAS server is at https://login.oregonstate.edu/cas/ and the 
> TGC has a domain of "login.oregonstate.edu" and a path of "/cas".  The 
> browser will only send the cookie to the CAS, not the CAS client. 
>
> The TGC persists the SSO session.  It is not used by client applications. 
> They receive a Service Ticket (ST) appended to the URL and validate the ST 
> by calling CAS's /serviceValidate endpoint. 
>
> A more complete description of this can be found at: 
>
>https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html 
>
> Thanks, 
>  Andy 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ad135eff-675c-4602-a930-b2df38ef32bd%40apereo.org.

Re: [cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Andrew Morgan


On Fri, 21 Oct 2016, Yan Zhou wrote:


OK, thx for explanation.

I cannot see any TGC cookie in my browser.  Why is that?  If it is not
there, how does Browser send to CAS server?


You could try running something like Firefox's Live HTTP Headers add-on to 
view the headers sent and received when you interact with CAS.


Andy

Re: [cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Yan Zhou

OK, thx for explanation.

I cannot see any TGC cookie in my browser.  Why is that?  If it is not
there, how does Browser send to CAS server?

Yan

On Fri, Oct 21, 2016 at 5:47 PM, Andrew Morgan  wrote:

> On Fri, 21 Oct 2016, Yan Zhou wrote:
>
> Hello,
>>
>> It was said that the TGT cookie (TGC) is hidden, so that we won't see it.
>>
>> I am curious how browser can send such hidden cookie to CAS, when user
>> goes
>> to apps?  If browser can see it, there should be a way for us to see it.
>>
>> The reason I am asking is because I noticed that Ajax XhrRequest does not
>> seem to send TGC cookie in some circumstances, so I need to investigate.
>>
>
> The TGC is set by the CAS server using the domain of the CAS server.  For
> example, my CAS server is at https://login.oregonstate.edu/cas/ and the
> TGC has a domain of "login.oregonstate.edu" and a path of "/cas".  The
> browser will only send the cookie to the CAS, not the CAS client.
>
> The TGC persists the SSO session.  It is not used by client applications.
> They receive a Service Ticket (ST) appended to the URL and validate the ST
> by calling CAS's /serviceValidate endpoint.
>
> A more complete description of this can be found at:
>
>   https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html
>
> Thanks,
> Andy
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFSoZendeDth%3D1WW%3DS3c%2BR_6Gdw99pX%2Bn32gmpRAuBJz0Xfupg%40mail.gmail.com.

Re: [cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Andrew Morgan


On Fri, 21 Oct 2016, Yan Zhou wrote:


Hello,

It was said that the TGT cookie (TGC) is hidden, so that we won't see it.

I am curious how browser can send such hidden cookie to CAS, when user goes
to apps?  If browser can see it, there should be a way for us to see it.

The reason I am asking is because I noticed that Ajax XhrRequest does not
seem to send TGC cookie in some circumstances, so I need to investigate.


The TGC is set by the CAS server using the domain of the CAS server.  For 
example, my CAS server is at https://login.oregonstate.edu/cas/ and the 
TGC has a domain of "login.oregonstate.edu" and a path of "/cas".  The 
browser will only send the cookie to the CAS, not the CAS client.


The TGC persists the SSO session.  It is not used by client applications. 
They receive a Service Ticket (ST) appended to the URL and validate the ST 
by calling CAS's /serviceValidate endpoint.


A more complete description of this can be found at:

  https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html

Thanks,
Andy

[cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Yan Zhou

Hello,

It was said that the TGT cookie (TGC) is hidden, so that we won't see it. 

I am curious how browser can send such hidden cookie to CAS, when user goes 
to apps?  If browser can see it, there should be a way for us to see it. 

The reason I am asking is because I noticed that Ajax XhrRequest does not 
seem to send TGC cookie in some circumstances, so I need to investigate.

Thx!

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0d6acb1-cd01-45e0-9f7e-8cd30993c742%40apereo.org.

Re: [cas-user] where is CAS TGC cookie stored in brower?

Re: [cas-user] where is CAS TGC cookie stored in brower?

Re: [cas-user] where is CAS TGC cookie stored in brower?

Re: [cas-user] where is CAS TGC cookie stored in brower?

Re: [cas-user] where is CAS TGC cookie stored in brower?

Re: [cas-user] where is CAS TGC cookie stored in brower?

[cas-user] where is CAS TGC cookie stored in brower?

7 matches

Site Navigation

Mail list logo

Footer information