What CAS really needs is the true, stateless JWT implementation - that would
solve the problem of authentication for RESTful resources once and for all, but
that's a discussion for another day :-)
Cheers,
D.
Sent from my iPhone
> On Aug 21, 2015, at 18:42, Carl Waldbieser wrote:
>
> In that email thread, the issue is that the browser initially has no session
> with the proxy protecting the resouce. When the proxy redirects the user to
> the CAS service using a GET, the initial POST data is lost.
>
> If this is analogous to what is happening in the original poster's case, the
> way to get around it is to make 2 requests. The first to a GETable resource.
> This establishes an authenticated session with the service by doing the CAS
> dance. The second request would need to use the session cookie from the
> first request when it made the POST and CAS would get out of the way.
>
> Strictly speaking, that is not a RESTful API. It would make more sense for a
> RESTful API to hand out an access token in response to a GET for a valid CAS
> service ticket. The access token could then be used to authenticate to the
> rest of the API without having to monkey around with cookies and sessions.
>
> Thanks,
> Carl Waldbieser
>
>> On Aug 21, 2015 6:03 PM, "Andrew Morgan" wrote:
>> Have a look at this email thread:
>>
>> https://groups.google.com/forum/#!topic/jasig-cas-user/if0SQ0gUbp8
>>
>> It's an old problem.
>>
>> I'm not sure how CAS JASPIC works, but I've seen the Java cas client in
>> action. It seems to consume the ST, validate the ST, then redirect the
>> client to the original resource. Like this:
>>
>> GET /foo?ST=12345
>> (processing happens to validate the ST)
>> RESPONSE: 302 REDIRECT /foo
>> GET /foo
>>
>>
>> When the redirect happens, the POST data is lost.
>>
>> It might work if you switched from POST to GET.
>>
>> You can read about some options and recommendations in the email thread
>> above.
>>
>> Andy
>>
>> On Fri, 21 Aug 2015, Mahantesh Prasad Katti wrote:
>>
>>>
>>> Has anybody run into this problem? Do you think i need to explain this
>>> problem better or provide additional info?
>>>
>>> Regards
>>> Prasad
>>>
>>> From: Mahantesh Prasad Katti
>>> Sent: Friday, August 21, 2015 2:39 PM
>>> To: cas-user@lists.jasig.org
>>> Subject: [cas-user] problem with POST requests
>>>
>>> Hi ,
>>>
>>> We have a casified java application. This application exposes a bunch of
>>> REST apis. When accessing POST APIs from another application by explicitly
>>> obtaining the service ticket and appending it to the target URL, the calls
>>> are failing. Apparently, the after the ticket validation happens
>>> successfully, the POST body data gets lost and the service call fails
>>> because of that. Do we need to modify the server auth module to handle this
>>> scenario? Note that this happens for POST calls only. The get calls work
>>> just fine.
>>>
>>> We are using the CAS JASPIC jar available from google groups. Any help is
>>> appreciated.
>>>
>>> Regards
>>> Prasad
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> mahantesh.ka...@indecomm.net
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as: mor...@orst.edu
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> cwaldbie...@gmail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
