Menu
I tried to do SSO with web services with jasig CAS.
I did the security for web application using spring filters, but I don't know how to do it with web services on the server side.
243
asked Dec 31 '25 20:12
We do this with a combination of the rest client (https://wiki.jasig.org/display/CASUM/RESTful+API) and the CasLoginModule (https://wiki.jasig.org/display/CASC/CASLoginModule+for+JAAS+applications) through JAAS (https://wiki.jasig.org/display/CASUM/JAAS) . It works like this:
The client sends down a username and password to your web service who authenticates and validates this against the CAS server. After this, the CASLoginModule caches the resulting service ticket so that future requests that can provide a service ticket don't need to contact CAS again.
This is quite a long way out of the "normal" usage of CAS because essentially it makes the service ticket a long lived item. Normally the ST should last long enough for the resulting service to validate the client. In my case I figured that it doesn't matter too much because all of our communication is on the server-side behind a firewall but this may be different for you.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
