RESTful API

140 views
Skip to first unread message

Marvin Addison

unread,
Nov 6, 2012, 11:11:33 AM11/6/12
to rubycas...@googlegroups.com
Hi. I'm a Jasig CAS server committer working on improving GitHub Enterprise CAS integration. In particular, we're attempting to provide an integration path for improving the HTTPS transport for git operations when CAS support is enabled. The RESTful API provided by the Jasig CAS server seems like the ideal integration path, but unfortunately they are interested in supporting publicly documented CAS APIs and the existing RESTful API, while commonly used, is not standardized and unique to Jasig CAS.

Have you considered an API that is suitable for service/tooling integration? Are you open to collaborating on a common solution? While I'd be thrilled if you were open to standardizing on existing Jasig CAS RESTful API, I'm open to alternatives.

Thanks,
M

t.pickett66

unread,
Nov 6, 2012, 3:03:58 PM11/6/12
to rubycas...@googlegroups.com
Marvin,

Which component of the system are you interested in having support for the RESTful API in? The client? The server? Both? I've been working to add some of the features that the Jasig implementation's server has but there is a long way to go.

Marvin Addison

unread,
Nov 6, 2012, 3:28:30 PM11/6/12
to rubycas...@googlegroups.com

Which component of the system are you interested in having support for the RESTful API in?

I'm interested in ticket granting and service access in the server, which is the scope of the Jasig CAS RESTful API. Any tool or service that can speak HTTP can therefore authenticate to CAS given user credentials. I'll walk through a putative git/GitHub use case since it's specific and hopefully familiar to this audience:

1. User configures CAS user/pass credentials to be used by git (e.g. git-credential-cache)
2. User pushes to remote repository, https://git.some.edu/repo, that is protected with CAS
3. GitHub CAS authentication backend posts user credentials to CAS RESTful API endpoint:

POST /cas/v1/tickets HTTP/1.0
 
username=marvin&password=wombats

4. CAS responds with TGT in Location header of response:

5. GitHub CAS authentication backend extracts the TGT and requests an ST for access to the repo URL:

POST /cas/v1/tickets/TGT-37-123456789-cas HTTP/1.0
 
service=https%3A%2F%2Fgit.some.edu%2Frepo

6. GitHub CAS authentication backend extracts ST from body of response:

200 OK
 
ST-102-0987654321-cas

7. Ticket is validated as usual and on success the git client operation is authenticated by the backend and operation proceeds.

The only points of configuration here should be the root URI of the RESTful API endpoint, in this case "/cas/v1". Please let me know if you have questions or comments. I'd be happy to collaborate with you on implementation and/or test cases to ensure interoperability between products.

Best,
M
Reply all
Reply to author
Forward
0 new messages