TGT and security
Scott Battaglia
scott.battaglia at gmail.com
Thu Apr 26 09:24:55 EDT 2007
No, that isn't what I said. Plenty of people have used CAS in an
environment with web and non-web applications. All applications need
ServiceTickets, not Ticket Granting Tickets. A TicketGrantingTicket is a
handle to your single sign on session and is used to obtain service tickets
to give to applications.
-Scott
On 4/26/07, Javier Leyba <xleyba at gmail.com> wrote:
>
> On 4/26/07, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> > Unless you've modified the MVC portion of the CAS Server, CAS can ONLY
> read
> > Ticket Granting Tickets from a cookie (it doesn't check anywhere else).
> > Furthermore, applications themselves only know how to process Service
> > Tickets. So giving a protected application a Ticket Granting Ticket
> should
> > have no effect. A protected application can only validate a Service
> Ticket.
> >
>
> Well, at the time I did changes in my CAs implementation I need to
> change a lot of things to adapt it to my needs (I want to normalize
> this now).
>
> Nevertheless, you mean I can't use SSOn in a non web environment ?
>
> J
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070426/2b53e026/attachment.html
More information about the cas
mailing list