proxy use

Scott Battaglia scott.battaglia at gmail.com
Wed Aug 23 13:33:32 EDT 2006 

We may have to bring this up on the phpCAS mailing list.  The official CAS
specification says that "ST-" is okay for a proxy ticket:

"Proxy tickets SHOULD begin with the characters, "PT-". Proxy tickets MUST
begin with either the characters, "ST-" or "PT-"."
http://www.ja-sig.org/products/cas/overview/protocol/index.html

For the short term, you can modify phpCAS locally to go to proxyValidate.

-Scott

On 8/23/06, Henrik Genssen <henrik.genssen at mediafactory.de> wrote:
>
> OK,
> thanks, now I see...
>
> on changing PT to ST you have lost phpCAS support for proxy, as they do
> switch between proxy- and serviceticket by the first 2 letters of the
> ticket.
> Will that stay and you give up backward-compability? If you do, you should
> at least notice that somewhere (I think,I read somewhere, that it is
> compatible to older versions).
> I will look into it, anyway..
>
> Hinnack
>
> >reply to message:
> >date: 23.08.2006 13:52:41
> >from: "Scott Battaglia" <scott.battaglia at gmail.com>
> >to: "Yale CAS mailing list" <cas at tp.its.yale.edu>
> >subject: Re: Re: proxy use
> >
> >If you're trying to validate a proxy ticket, you'll need to use the
> >proxyValidate and not the serviceValidate url.
> >
> >-Scott
> >
> >On 8/23/06, Henrik Genssen <henrik.genssen at mediafactory.de> wrote:
> >>
> >> Hi,
> >>
> >> i do not know, if this list allowes attachments, but I try:
> >> see my log in the attachment - maybe you can see here, why the ticket
> >> is  not accepted...
> >>
> >> - Hinnack
> >>
> >> >reply to message:
> >> >date: 22.08.2006 23:00:54
> >> >from: "Scott Battaglia" <scott_battaglia at rutgers.edu>
> >> >to: "Yale CAS mailing list" <cas at tp.its.yale.edu>
> >> >subject: Re: proxy use
> >> >
> >> >I meant CAS Server 3.  Both CAS2 and 3 use the version 2 protocol.
> >> >
> >> >Does your backend service trust the certificate?
> >> >
> >> >-Scott
> >> >
> >> >
> >> >Henrik Genssen wrote:
> >> >> Hi Scott,
> >> >>
> >> >> what do you mean by CAS3?
> >> >> Protocol version 3 or CAS Server Version 3.xx?
> >> >> I think php uses protocol version 2.
> >> >>
> >> >> Any idea, why the backend-service says, the ticket is invalid?
> (beckend
> >> service is again a web-site with php-cas).
> >> >>
> >> >> Hinnack
> >> >>
> >> >>
> >> >>> reply to message:
> >> >>> date: 22.08.2006 21:48:13
> >> >>> from: "Scott Battaglia" <scott_battaglia at rutgers.edu>
> >> >>> to: "Yale CAS mailing list" <cas at tp.its.yale.edu>
> >> >>> subject: Re: proxy use
> >> >>>
> >> >>> Henrik,
> >> >>>
> >> >>> In CAS3, we treat ProxyTickets as ServiceTickets which is why you
> see
> >> >>> the ST instead of PT.
> >> >>>
> >> >>> -Scott
> >> >>>
> >> >>> Scott Battaglia
> >> >>> Application Developer, Architecture & Engineering Team
> >> >>> Enterprise Systems and Services, Rutgers University
> >> >>> v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu
> >> >>>
> >> >>>
> >> >>>
> >> >>> Henrik Genssen wrote:
> >> >>>
> >> >>>> Hi,
> >> >>>>
> >> >>>> I am using the phpCAS 0.4.23-1 with CAS 3.0.5.
> >> >>>>
> >> >>>> in comparison to
> >> http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough
> >> >>>>
> >> >>>> everything works fine - except, that I get a
> >> ST-8-wXaVt7fHpgKzeX9BCibr9cLRp5T5OmHgbBX-20 in step 4 instead of a PT
> >> ticket.
> >> >>>>
> >> >>>> with this I can not authenticate with the backend!
> >> >>>>
> >> >>>> CASClient::retrievePT('
> >> http://192.168.1.2:8553/cas/source/examples/example_service.php', NULL,
> >> NULL) [client.php:1609]
> >> >>>> CASClient::readURL('
> >>
> https://io:8443/cas-db/proxy?targetService=http://192.168.1.2:8553/cas/source/examples/example_service.php&pgt=TGT-3-3eoMIKUKAHFwlSNTUWFuvpDnvoCcjaLWa1C-50
> ',
> >> '', NULL, NULL, '') [client.php:1420]
> >> >>>> <= true
> >> >>>> <= 'ST-8-wXaVt7fHpgKzeX9BCibr9cLRp5T5OmHgbBX-20'
> >> >>>>
> >> >>>>
> >> >>>> any hints?
> >> >>>>
> >> >>>> Hinnack
> >> >>>> _______________________________________________
> >> >>>> Yale CAS mailing list
> >> >>>> cas at tp.its.yale.edu
> >> >>>> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >>>>
> >> >>>>
> >> >>> _______________________________________________
> >> >>> Yale CAS mailing list
> >> >>> cas at tp.its.yale.edu
> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >>>
> >> >>>
> >> >> _______________________________________________
> >> >> Yale CAS mailing list
> >> >> cas at tp.its.yale.edu
> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >>
> >> >_______________________________________________
> >> >Yale CAS mailing list
> >> >cas at tp.its.yale.edu
> >> >http://tp.its.yale.edu/mailman/listinfo/cas
> >> >
> >>
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >>
> >>
> >>
> >
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060823/3da9ca70/attachment.html

More information about the cas mailing list