Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does someone have a valid example on CAS Proxy Granting Ticket?

Tags:

authentication

single-sign-on

cas

I need to implement a CAS Proxy Granting Ticket System.

So I need to understand the system. There is a good doc here, but I have no idea about the proxyCallback I need.

Could someone explain me that ?

like image 585
Pierre-Gilles Levallois Avatar asked Sep 07 '09 13:09

Pierre-Gilles Levallois

People also ask

What is CAS in proxy?

CAS allows multi-tier authentication via proxy address. A cooperating back-end service, like a database or mail server, can participate in CAS, validating the authenticity of users via information it receives from web applications. Thus, a webmail client and a webmail server can all implement CAS.

How do you implement CAS authentication?

The following diagram illustrates the message flow of the CAS SSO process. 1 : User tries to access a CASified app called “sample-app”. 2 : Browser sends a GET request to “https://sample-app.com/”. 3, 4 : Access to the app is not authorized yet, so redirected to the CAS server for authentication.

How does CAS server work?

CAS web flowA user, via a web browser, requests a resource from a particular web application or service. The web application or service, via the application's security mechanism, determines if the user has already been authenticated (authN) and authorized (authZ) to use the application.

What is CAS protocol?

Central authentication service, or CAS, is a single sign-on (SSO) protocol that allows websites to authenticate users. Login credentials are only used once for multiple applications for authentication without revealing the secure password.

1 Answers

The CAS will invoke the pgtURL to provide a special ticket that will enable that application to acquire new tickets for other applications.
This is the setup in web.xml:

<servlet>
    <servlet-name>casproxy</servlet-name>
    <servlet-class>edu.yale.its.tp.cas.proxy.ProxyTicketReceptor</servlet-class>
    <load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
  <servlet-name>casproxy</servlet-name>
  <url-pattern>/casProxy/*</url-pattern>
</servlet-mapping>

To get a new ticket for another service with the special ticket: 

SecurityContext sc = SecurityContextHolder.getContext();
CasAuthenticationToken auth = (CasAuthenticationToken)sc.getAuthentication();
String pgtIOU = auth.getProxyGrantingTicketIou();
String newTicket = ProxyTicketReceptor.getProxyTicket(pgtIOU, anotherService);

Then you redirect to that service giving to it the new ticket.

like image 99
rodrigoap Avatar answered Jan 04 '23 07:01

rodrigoap
Sign in to Comment

Related questions

Turn off 2-Step Verification for a user via API as a Google Apps super admin
Custom user provider in laravel using OAuth2
Spring Cloud Zuul + OAuth Error CORS
How can I reach users' calendar information on server?
ASP.NET OWIN Custom Cookie Authentication
Devise_token_auth Reset Password Flow 401 Error
What is Auth'n'auth?
.Net Core ReportExecutionServiceSoapClient set credentials
IIS 500.0 AuthenticateRequest error for static files
devise vs. devise_token_auth: How to handle authentication for both a web app and API
passport js sessions does not work with Cors
Should I send the id token from my SPA to my rest backend?
Securing Node JS API with JWT Token + Shibboleth SSO
is it safe to use react js state to store token of authenticated user?
Best practice for first-party auth in a native app
using token based authentication for HTML5 video
Keycloak - Oauth-2 Authentication Flow
ASP.Net Core 2.2 SignInManager 'No sign-in authentication handler is registered for the scheme 'Identity.Application'
How to implement Auth0 server-side with Nuxtjs?
authentication token is encrypted but not signed - weakness?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!