[cas-dev] fixing Gateway mode in mod_auth_cas
Earl Fogel
earl.fogel at usask.ca
Tue May 6 17:59:29 EDT 2008
On Tue, 6 May 2008, Matt Smith wrote:
> Does the cookie tell the app *which* CAS server to contact, or, does it
> simply flag *whether* the config-specified CAS server already deemed
> this session "gateway'd"?
It's the latter. The name of the CAS server is already in the CASLoginURL
parameter to mod_auth_cas. The contents of the "NecessaryCookie" don't
matter. If the cookie is present then the user *may* have a CAS session.
If the cookie is not present, then the user *can't* have a CAS session.
The code that I gave you only deals with gateway authentication to a
single CAS server. We use this to set up a trust relationship between
our central JA-SIG CAS server and our Luminis Portal.
There is a more complicated problem that our Computer Science department
wants to solve, where CAS applications trust multiple CAS servers.
To do this, we'd make each server set a different cookie. The client would
then check to see if any of these cookies is present, and redirect to the
appropriate CAS server. With this approach, the client needs to know the
names of all the cookies that might be used, and which CAS server to use
for each. They're not planning to do this with mod_auth_cas though, so
I don't think we need to worry about it.
Earl
-------------- next part --------------
Thanks for the details Earl. One more question:
> CAS applications can check this cookie to see which server(s) they
> need to contact to determine if the user has an existing CAS session.
Does the cookie tell the app *which* CAS server to contact, or, does it
simply flag *whether* the config-specified CAS server already deemed
this session "gateway'd"?
-Matt
--
Matthew J. Smith
University of Connecticut ITS
matt.smith at uconn.edu
PGP KeyID: 0xE9C5244E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080506/6bb7f1e2/attachment.bin
-------------- next part --------------
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
More information about the cas-dev
mailing list