How to check from the memcached ticket registry if a user already log in to CAS or not?

42 views

Skip to first unread message

casuser

unread,

Mar 28, 2019, 10:26:31 PM3/28/19

to CAS Community

We have applications that are using CAS protocol as well as CAS REST protocol. For applications that are using the CAS REST protocol (specially mobile application) we want to check if the user is already log in to CAS sso. If so then we want to let the user authenticate. We are using a memcached ticket registry. How can we check from memcached if the user has already log in to CAS or not?

I want to make a web service that will act as a proxy in between CAS and the applications that are using CAS REST protocol. This web service will check whether the user log in to CAS or not. For that I can connect to memcached and get the stats of the slabs and the items in memcached. From there I can get the value using items as key but It is encrypted using FNV1_64_HASH hash Algorithm and KRYO serialization. The value looks similar to a ticket granting cookie. Using the CAS Rest protocol I can get a ticket granting ticket and service ticket for a service, validate the service ticket and get the CAS response for a user. Now I want to check against the memcached whether that user is already logged in to CAS or not.

This is my memcached configuration for CAS

cas.ticket.registry.memcached.servers=mymemcached:11211
cas.ticket.registry.memcached.locatorType=CONSISTENT
cas.ticket.registry.memcached.failureMode=Redistribute
cas.ticket.registry.memcached.hashAlgorithm=FNV1_64_HASH
cas.ticket.registry.memcached.shouldOptimize=false
cas.ticket.registry.memcached.daemon=true
cas.ticket.registry.memcached.maxReconnectDelay=-1
cas.ticket.registry.memcached.useNagleAlgorithm=false
cas.ticket.registry.memcached.shutdownTimeoutSeconds=-1
cas.ticket.registry.memcached.opTimeout=-1
cas.ticket.registry.memcached.timeoutExceptionThreshold=2
cas.ticket.registry.memcached.maxTotal=20
cas.ticket.registry.memcached.maxIdle=8
cas.ticket.registry.memcached.minIdle=0
cas.ticket.registry.memcached.transcoder=KRYO
cas.ticket.registry.memcached.transcoderCompressionThreshold=16384
cas.ticket.registry.memcached.kryoAutoReset=false
cas.ticket.registry.memcached.kryoObjectsByReference=false
cas.ticket.registry.memcached.kryoRegistrationRequired=false

cas.ticket.registry.memcached.crypto.signing.key=mykey
cas.ticket.registry.memcached.crypto.signing.keySize=512
cas.ticket.registry.memcached.crypto.encryption.key=mykey
cas.ticket.registry.memcached.crypto.encryption.keySize=16
cas.ticket.registry.memcached.crypto.alg=AES
cas.ticket.registry.memcached.crypto.enabled=true

I want to know how memcached is actually storing the tickets so that I can check for users if there is a ticket already present for them or not

Ray Bon

unread,

Mar 29, 2019, 11:42:25 AM3/29/19

to cas-...@apereo.org

You might find it easier (and more secure) to use the proxy capabilities of CAS.

https://apereo.github.io/cas/5.3.x/installation/Configuring-Service-Proxy-Policy.html

https://apereo.github.io/cas/5.3.x/protocol/CAS-Protocol.html#proxy-web-flow-diagram

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

Reply all

Reply to author

Forward

0 new messages