can a service determine user identity without validating a service ticket?
Suganda Ekaputra
suganda.ekaputra at gmail.com
Thu May 24 23:22:37 EDT 2007
hi i am newbie to CAS
now i have liferay integrate with CAS
in the liferay application i create iframe which go to another
application using CAS
this is like scenario that is posted by scoot
service A --> Liferay
service B --> application in the liferay
i want to ask is there any possibility , if the CAS doesn't create a
new service ticket for service B ?
because in my liferay , i dont why after i go to application b and CAS
generate service ticket for application B in which application B in
the liferay portlet,
i cant use my portlet anymore. seems there is no more portlet lifecycle
just note application b is servlet not portlet
below i post the log
03:07:15,750 INFO [STDOUT] 2007-05-25 03:07:15,750 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-8-SLziQH9IMTE76WQVo
JzquoQpuMxQbYXla2F-20] for service
[http://localhost:8080/c/portal/login] for user [admin]>
03:07:36,031 INFO [STDOUT] 2007-05-25 03:07:36,031 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-9-Ynh9gWCEWLcPMAiAv
CxvXAqKBJeF1Ac2Tsg-20] for service
[http://localhost:18080/survey/index.jsp] for user [admin]>
after the application b (/survey) granted ticket , i can't access any
portlet in the liferay
but when i still in the "for service
[http://localhost:8080/c/portal/login] for user [admin]>" , i can
access all of the portlet in the liferay
any explanation about this?
thanks in advance
ganda:)
>* Thanks for your reply, Scott.
*>*
*>* If I've gotten this correct. (with renew = false)
*>*
*>* 1. Client successfully logs into Service A.
*>* 2. Ticket Granting Ticket is created, added to Ticket Registry.
*>* 3. Client moved to Service B.
*>* 4. Service B redirects to CAS, sending Ticket Granting Cookie.
*>* 5. CAS checks Ticket Registry for Ticket Granting Ticket.
*>* 6. If Ticket is found and has not expired.
*>* creates a new Service Ticket for Service B.
*>* 7. CAS redirects client to Service B without asking for credentials.
*>*
*>* If this is correct
*>* can Service B determine the user name without asking the client for it?
*>*
*>*
*>*
*>* _______________________________________________*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070525/66503d1b/attachment.html
More information about the cas
mailing list