CAS, Web services and Glassfish - Newbie question
Danilo Levantesi
danilo.levantesi at gmail.com
Wed Oct 1 10:57:38 EDT 2008
Hi to all!
I'm a totally newbie in CAS world, so please forgive me if my question is so
trivial.
My scenario is composed by many subsystems accessed by means of web services,
using SOAP; moreover, I have many web application accessing those web
services.
I understood I can use CAS to provide SSO between web applications, and it
works like a charm (the wiki guides were very useful!!!).
The problem arises when these web application must access remote web services.
Those web services (most of them implemented using EJBs 3.0) must be
protected (the user must provide credentials), and at present it is done by
means of basic http authentication. In this way the container can provide the
principal to the web service (it is a key requirement).
Here my misunderstood comes: how can I use CAS (if I can) to provide
authentication to web services? I have a couple of obfuscated ideas, but I
don't know if they are right, so I hope someone can help me.
First of all: is it possible to achieve? And if it is, is SAML the correct
keyword? In this case, can someone suggest me a guide and a starting point,
because I couldn't find anything?
And is Java Client 3.1.3 the correct library to use?
Or have I to implement a custom Glassfish authentication module?
Or am I totally wrong?
Many thanks in advance
Danilo
More information about the cas
mailing list