Is it possible to return SSO cookie using ticket generated usingRestful Api?
Keith Garry Boyce
garry at consultsure.com
Mon Jan 12 17:12:02 EST 2009
Ok then does it then make sense what I have proposed from a security perspective? That instead of /login generating cas ticket that a redirect of browser to a cas url with service ticket could then cause cookie to be generated from a pre existing service ticket passed to redirect with query parameter?
-----Original Message-----
From: Scott Battaglia <scott.battaglia at gmail.com>
Sent: Monday, January 12, 2009 1:34 PM
To: Yale CAS mailing list <cas at tp.its.yale.edu>
Subject: Re: Is it possible to return SSO cookie using ticket generated usingRestful Api?
The only way you can do anything is if the browser handles the the url (which is why /login generates a CAS ticket).
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Fri, Jan 9, 2009 at 11:56 AM, Keith Garry Boyce <garry at consultsure.com> wrote:
What CAS implementation classes would I have to change to allow this? Basically I suppose it would be a url like /cas/issueCookie?ticket=xyz
Also what would be the security risks involved in allowing this to be possible?
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
Sent: Friday, January 09, 2009 12:38 PM
To: Yale CAS mailing list
Subject: Re: Is it possible to return SSO cookie using ticket generated usingRestful Api?
You can't. They are mutually exclusive.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn:
[The entire original message is not included]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20090112/d0cedda8/attachment.html
More information about the cas
mailing list