[cas-dev] CAS 2.0.x
Scott Battaglia
scott_battaglia at rutgers.edu
Fri May 5 09:01:31 EDT 2006
Velpi wrote:
>
> Oh, I thought it was done on purpose. Isn't it easier to understand that
> everything uses the same tickets (ST), only some clients can be allowed to
> request tickets themselves (TGT/TGC).
>
Yes, it was done on purpose :-) In CAS 3.x there are only Ticket
Granting Tickets and Service Tickets (Proxy Granting Tickets are you
know them are Ticket Granting Ticket's that have a parent Ticket
Granting Ticket). In CAS 2.x there logically are four types of
Tickets. The modification I was suggesting was that we merely change
the Ticket prefix to what people were expecting. (in actuality,
prefixes are useless and merely there to make people "feel better" about
the ticket they receive anyway. CAS 3 doesn't actually do any checks
like "this is a TGT because it starts with TGT).
> Since a TGC is the cookie version of a TGT I don't see why creating a PT is
> useful, and the 2.0 version has proven that, I think.
>
A TGC is actually merely a container for the TicketGrantingTicket. :-)
In CAS we never grant you access to the actual ticket, just a way to
identify which Ticket you want to work with.
> > Or are we just not getting the message out that PT's are ST's?
> If my vote counts, I suggest doing that. Though it is a little confusing for
> upgraders at first, they probably won't mind a change which is that logical (at
> least we don't).
>
I'm okay with not changing it too. I just noticed that we were seeing
some confusion from people expecting the "PT" instead of the "ST" and I
think technically the CAS 2.0 protocol specification states it should be
a "PT" prefix.
-Scott
More information about the cas-dev
mailing list