CAS Proxy vs CAS Rest protocol
109 views
Skip to first unread message
Gangadhar Vulpay
Jan 17, 2017, 11:29:06 AM1/17/17
to CAS Community
Hi All,
I going through CAS documentation to educate my self on CAS.
Can any one please help me with basic use case when to use CAS Proxy and CAS Rest Protocol.
What is the deference between both of them
Thanks,
Ganga
Gangadhar Vulpay
Jan 25, 2017, 3:40:14 PM1/25/17
to CAS Community
Could any one please help me to understand this?
Misagh Moayyed
Jan 25, 2017, 3:48:15 PM1/25/17
to cas-...@apereo.org
Could you be more specific? Which areas in the docs (which docs? where? when?) do you not understand?
--
Misagh
Misagh
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/08ac55cd-fad4-4f0f-b57d-334335d71991%40apereo.org.
Gangadhar Vulpay
Jan 25, 2017, 4:15:17 PM1/25/17
to CAS Community, mmoa...@unicon.net
Hi Misagh,
I vary sorry for not clear about by question.
I was trying to do a POC using CAS SSO provider and below is my use case
1. Application A (Web Application) - Assume we make this Cassify
2. Application B (Webservice)
3. Application C (Webservice)
"App-A" get the data from "App-B"(Webservice) but this internally calls App-C(Webservice)
I was trying to understand what is the best way to do above use case.
I was thinking how to use CAS REST Protocol in this case but not clear is this the right way to do this.
Thanks,
Ganga
On Wednesday, January 25, 2017 at 3:48:15 PM UTC-5, Misagh Moayyed wrote:
Could you be more specific? Which areas in the docs (which docs? where? when?) do you not understand?
--
Misagh
Gangadhar Vulpay
Jan 25, 2017, 5:31:56 PM1/25/17
to cas-...@apereo.org
Hi Misagh,
I vary sorry for not clear about by question.
I was trying to do a POC using CAS SSO provider and below is my use case
1. Application A (Web Application) - Assume we make this Cassify
2. Application B (Webservice)
3. Application C (Webservice)
"App-A" get the data from "App-B"(Webservice) but this internally calls App-C(Webservice)
I was trying to understand what is the best way to do above use case.
I was thinking how to use CAS REST Protocol in this case but not clear is this the right way to do this.
Thanks,
Ganga
On Wed, Jan 25, 2017 at 3:48 PM, Misagh Moayyed <mmoa...@unicon.net> wrote:
Could you be more specific? Which areas in the docs (which docs? where? when?) do you not understand?
--
Misagh
From: Gangadhar Vulpay <vulpay.g...@gmail.com>
Reply: cas-...@apereo.org <cas-...@apereo.org>
Date: January 26, 2017 at 12:10:19 AM
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Re: CAS Proxy vs CAS Rest protocol
Could any one please help me to understand this?--
On Tuesday, January 17, 2017 at 11:29:06 AM UTC-5, Gangadhar Vulpay wrote:Hi All,I going through CAS documentation to educate my self on CAS.Can any one please help me with basic use case when to use CAS Proxy and CAS Rest Protocol.What is the deference between both of themThanks,Ganga
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/08ac55cd-fad4-4f0f-b57d-334335d71991%40apereo.org.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.58890f06.66323f31.f2b8%40unicon.net.To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
Misagh Moayyed
Jan 25, 2017, 6:02:44 PM1/25/17
to CAS Community
Are applications B and C protected by CAS too?
Gangadhar Vulpay
Jan 25, 2017, 8:44:58 PM1/25/17
to CAS Community
Right now we are planning to protect Application B by CAS. But as part of initial changes we are trying not to change application C (I mean NO Not protected by CAS).
C. C. Tang
Jan 26, 2017, 12:33:19 AM1/26/17
to CAS Community
Hi, I have a similar use case that
App-A is an web page that use ajax to call App-B webservice.
How should I protect App-B webservice by CAS?
App-A is an web page that use ajax to call App-B webservice.
How should I protect App-B webservice by CAS?
Uxío
Jan 26, 2017, 1:44:36 AM1/26/17
to cas-...@apereo.org
Maybe you should try to think if you can route existing AJAX to B via A back again to B but letting the service A resolve calls in behalf of clients of A. You can authenticate calls to B from the A back end, or if B is replicable you could do an additonal private deployment of B not casified but with use restricted to A us using network configuration, routing or whitelisting.
Hope that helped,
Sent from my iPhone
Sent from my iPhone
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/56004070-75ce-4c7b-ae70-550e0c8a8e20%40apereo.org.
Uxío
Jan 26, 2017, 1:52:30 AM1/26/17
to cas-...@apereo.org
However it should just work out of the box by only CASifying B to the same CAS service protecting A because that is the whole point of SSO (e.g. Apereo CAS).
Sent from my iPhone
Sent from my iPhone
Misagh Moayyed
Jan 26, 2017, 2:42:42 AM1/26/17
to cas-...@apereo.org
And did you get a chance to read this, which describes exactly what you’re explaining here?
--
Misagh
Misagh
From: Gangadhar Vulpay <vulpay.g...@gmail.com>
Reply: cas-...@apereo.org <cas-...@apereo.org>
Date: January 26, 2017 at 5:15:03 AM
To: CAS Community <cas-...@apereo.org>
Subject: Re: [cas-user] Re: CAS Proxy vs CAS Rest protocol
C. C. Tang
Jan 26, 2017, 3:10:09 AM1/26/17
to CAS Community
Thank you very much. I didn't notice that the 5.x manual page is having a use case description since I am using 4.2.x and keep reading the 4.2.x documentation. (and google always show me doc pages of old CAS website)
I think this matches Gangadhar's use case.
However for my case, it is not App-A consuming App-B but the client contacting App-B directly by client side ajax request to get data. Is CAS covering this kind of use case?
Thanks a lot.
C.C.
I think this matches Gangadhar's use case.
However for my case, it is not App-A consuming App-B but the client contacting App-B directly by client side ajax request to get data. Is CAS covering this kind of use case?
Thanks a lot.
C.C.
On Thursday, January 26, 2017 at 3:42:42 PM UTC+8, Misagh Moayyed wrote:
And did you get a chance to read this, which describes exactly what you’re explaining here?
--
Misagh
Misagh Moayyed
Jan 26, 2017, 3:51:02 AM1/26/17
to CAS Community
Yes, it's the same thing. You can use proxying, or the REST API, or OAuth2/OpenID Connect.
Gangadhar Vulpay
Jan 26, 2017, 11:26:39 AM1/26/17
to CAS Community
Thanks Misagh and All for your inputs.
I am Sorry if I am asking basic questions limited knowledge after reading the documentation, but will be vary helpful if I get experts inputs on this.
Solution-1 : Use CAS Proxy
------------------------------------
If I use CAS Proxying does this impact any performance due to multiple redirects?
Solution-2: Use CAS REST API
------------------------------------------
If App-A backend calls App-B using REST API how can APP-A pass TGT to CAS (I mean initial Cookie which CAS gave back as initial authentication)?
Thanks,
Ganga
Gangadhar Vulpay
Jan 26, 2017, 4:39:35 PM1/26/17
to cas-...@apereo.org
Thanks Misagh and All for your inputs.
I am Sorry if I am asking basic questions limited knowledge after reading the documentation, but will be vary helpful if I get experts inputs on this.
Solution-1 : Use CAS Proxy
------------------------------------
If I use CAS Proxying does this impact any performance due to multiple redirects?
Solution-2: Use CAS REST API
------------------------------------------
If App-A backend calls App-B using REST API how can APP-A pass TGT to CAS (I mean initial Cookie which CAS gave back as initial authentication)?
Thanks,
Ganga
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f645e0fa-f03c-4502-9396-6adb6ac2acec%40apereo.org.To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
Misagh Moayyed
Jan 27, 2017, 5:37:48 PM1/27/17
to cas-...@apereo.org
Solution-1 : Use CAS Proxy------------------------------------If I use CAS Proxying does this impact any performance due to multiple redirects?
Nope. There is going to be more chatter on the wire, but I don’t foresee any perf issues. Post back if you find any.
Solution-2: Use CAS REST API------------------------------------------If App-A backend calls App-B using REST API how can APP-A pass TGT to CAS (I mean initial Cookie which CAS gave back as initial authentication)?
My apologies for not being clearer. Your App A is nonetheless going to obtain a proxy ticket for app B anyway. That is never going away. It is going to involve proxying either way. The deal with the REST API is, you [app A] is going to hold onto the TGT and effectively maintain SSO, rather than letting CAS do that. You are to NEVER EVER share the TGT with anyone. Remember that the REST API deals with no cookie business. It’s a stateless call. This is really more a question of who receives the user credentials. You either use CAS to submit credentials and ask for a PT for app B, or App A gets credentials and submits them to CAS and then asks for a PT for app B. The former is more common and in some cases easier to maintain/understand/implement. Occam’s razor.
Other options other than proxying would be to let app B authenticate via non-interactive authn means, such as basic authn or JWTs, etc. Or you leverage an OIDC profile that essentially is very similar to proxying in concept which is designed to handle non-browser authn scenarios.
HTH.
Reply all
Reply to author
Forward
0 new messages