validating service ticket

Scott Battaglia scott.battaglia at gmail.com
Wed Aug 20 22:31:57 EDT 2008 

Jason,

Ticket Granting Tickets are the SSO session while Service Tickets are the
one time use tickets to allow a service to validate a user with the CAS
server.  So each service that a user attempts to access would need its own
service tickets (which can only be validated once).  If your applications
maintain their own session its up to them to ensure that they always know
someone is logged in to that application.  If an application is stateless
(i.e. doesn't use sessions), then you would need a Service Ticket for each
request to the application.

TGTs are a way of making sure the user isn't prompted to provide their
credentials each time they log in.

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia


On Wed, Aug 20, 2008 at 7:35 PM, Jason Roscoe <jroscoe at riteaid.com> wrote:

>  Yeah, I just read that.  So for single sign on, we need to generate a new
> service ticket using the TGT?  For example, I have a site at www.sitea.com.
> I login to this site, so I have a TGT ticket and a service ticket.  I go to
> site that is at yyy.sitea.com.  They can validate the service ticket.  If
> the user comes back to www.sitea.com, then they need to generate a new
> service ticket?
>
> Right now, we are storing the service ticket and the TGT ticket in a
> cookie.  How would we do SSO using an external site, say a site at
> www.siteb.com?
>
> Thanks again for all the help.  It is greatly appreciated!!
> ------------------------------
> *From:* cas-bounces at tp.its.yale.edu [cas-bounces at tp.its.yale.edu] On
> Behalf Of Adam Rybicki [arybicki at unicon.net]
> *Sent:* Wednesday, August 20, 2008 7:01 PM
> *To:* Yale CAS mailing list
> *Subject:* Re: validating service ticket
>
>  You can't.  Service tickets are single-use only.
>
> Jason Roscoe wrote:
>
>  I have successfully generated a service ticket using CAS 3.3 and the RESTful API.  Now, when I try to validate that ticket, calling http://localhost:9009/cas/serviceValidate?service=http://localhost:8082/xxx/login.jsf&ticket=ST-1-CfHBK93WV7kbR4U6PFfI-cas, the first time it returns my user.  If I try to validate the ticket a second time, it says:
>
>
>
> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>
>                <cas:authenticationFailure code='INVALID_TICKET'>
>
>                                ticket &#039;ST-1-CfHBK93WV7kbR4U6PFfI-cas&#039; not recognized
>
>                </cas:authenticationFailure>
>
> </cas:serviceResponse>
>
>
>
> How do I validate a ticket more than once?
>
>
>
> Thanks.
>
>
>
> ------------------------------
> Disclaimer: This e-mail message is intended only for the personal use of
> the recipient(s) named above. If you are not an intended recipient, you
> may not review, copy or distribute this message. If you have received this
> communication in error, please notify us immediately by e-mail and delete
> the original message.
>
> This e-mail expresses views only of the sender, which are not to be
> attributed to Rite Aid Corporation and may not be copied or distributed
> without this statement.
>
> ------------------------------
>
> _______________________________________________
> Yale CAS mailing listcas at tp.its.yale.eduhttp://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> Disclaimer: This e-mail message is intended only for the personal use of
> the recipient(s) named above. If you are not an intended recipient, you
> may not review, copy or distribute this message. If you have received this
> communication in error, please notify us immediately by e-mail and delete
> the original message.
>
> This e-mail expresses views only of the sender, which are not to be
> attributed to Rite Aid Corporation and may not be copied or distributed
> without this statement.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080820/12dacbd2/attachment.html

More information about the cas mailing list