CAS Server Management

Tue Feb 20 09:04:18 EST 2007

Bill,

If you plan on launching the application from the web browser, you should be
able to provide it with a proxy ticket (The page that launches the
application would need to ask the CAS server for one and then hand it off to
the application).  Here's some information on proxy authentication:

http://www.ja-sig.org/products/cas/overview/proxy_auth/index.html

Acegi supports providing tickets to it via the HTTP Basic Authentication
headers (we've done this at Rutgers).  You pass in the ticket as the
password and "_cas_stateless_" as the username. The Acegi documentation I
believe has more details on it.

-Scott

On 2/20/07, Bill Bailey <Bill.Bailey at northlandchurch.net> wrote:
>
>  Thanks, Scott.
>
>
>
> Assuming the non-web-based application is at least launched from the same
> browser (e.g. a java applet or a flash or flex application), does it seem
> reasonable that I could retrieve the cookie used to store the session
> identifier, get the identifier, and reuse it in my application? Can you
> think of any reason this couldn't be done? I do expect all the applications
> to at least be launched from the browser and I do expect to have the ability
> to modify their source (both client and server). I just don't think they
> will all be such that they can be redirected per se to the CAS login page.
>
>
>
> On a related note, do you have any experience with using CAS to
> authenticate web services? I know the new Spring Web Services initiative
> integrates with ACEGI, but haven't had time to research it yet. Do you know
> if there is any inherent support there for authenticating a web service
> against an existing CAS session?
>
>
>
> Thanks again for your help.
>
>
>
> Bill
>
>
>
>
>
>
>  ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Scott Battaglia
> *Sent:* Monday, February 19, 2007 10:46 PM
> *To:* Yale CAS mailing list
> *Subject:* Re: CAS Server Management
>
>
>
> Bill,
>
> CAS currently provides mechanisms to publish events about certain actions
> (i.e. authentications, logouts, etc.).   If one wants to do something with
> one of these events, they should implement an "EventHandler" that knows how
> to handle that event.  You can find out more about the events here:
>
> http://developer.ja-sig.org/source/browse/jasig/cas3/cas-server-core/src/main/java/org/jasig/cas/event
>
>
> Currently we don't offer an explicit mechanism for applications to
> register an interest in the events.  However, an EventHandler you implement
> can do anything you want it to (write to a database that others read, make a
> web service call, etc.).
>
> You can currently use CAS to provide authentication to non-web
> applications.  However, they will not be able to participate in any single
> sign on session enabled by the web browser as the session identifier is only
> sent to the browser securely.
>
> -Scott
>
> On 2/16/07, *Bill Bailey* <Bill.Bailey at northlandchurch.net> wrote:
>
> Hi,
>
>
>
> I am a relative CAS newbie and have a number of initial questions as part
> of my evaluation of the software for our project.
>
>
>
> 1)       Does CAS expose any API or other mechanism to allow one to
> monitor and manage the server? For example, to list open sessions, determine
> which services have been logged into by a session, forcibly terminate a
> session, and/or change any of the configuration parameters of the server at
> runtime?
>
> 2)       Is it possible to find out when new sessions are created or
> deleted? For example, is it possible for another application to register an
> interest in these events and be notified when they occur?
>
> 3)       Has anyone had any experience CAS-ifying a non-web application?
> For example, we are thinking of integrating Wildfire (an open source chat
> solution) into our system and would like to have it participate in single
> sign-on along with all the other applications, but it is not strictly a web
> application. Any comments on the feasibility, difficulty, or ease of doing
> this type of integration?
>
>
>
> I'm sure I'll have more questions as I get deeper into this, but that is
> enough for now. Thanks in advance for any information you may provide.
>
>
>
> Bill Bailey
>
> Senior Developer / DBA
>
> Northland, A Church Distributed
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070220/ca6d965c/attachment.html 