Extending Web SSO to External Script based process.
12 views
Skip to first unread message
Colin Ryan
Nov 8, 2019, 3:32:27 PM11/8/19
to CAS Community
Folks,
I'm not certain if the following falls into the Proxy Auth scenario or
not. Here is an outline of what I'm trying to accomplish.
I have some sensitive files that I need to have downloaded by a
Installer/Script style process.
* The Installer/script can support maintaining Session/Cookies but isn't
user interactive.
* The files are on one web resource/service/system
* The User Web interfaces is on another resource/service/system
* Both are protected by the same CAS infrastructure.
* Everything is on the same domain.
* Mod_auth_cas is the mechanism for protecting the sensitive files.
I would like to have the user log into a web interface via traditional
CAS login redirect and return.
I would like then to be able to pass arguments to the installer or
script that would allow it to share the authenticated and permitted
state of the users Web session into the context of the Script so that it
can access the sensitive files without having to interact with the user.
I.e. SSO between a Web interface and an external process.
Even just a hint of direction to look into would be appreciated.
Sincerely
Colin Ryan
I'm not certain if the following falls into the Proxy Auth scenario or
not. Here is an outline of what I'm trying to accomplish.
I have some sensitive files that I need to have downloaded by a
Installer/Script style process.
* The Installer/script can support maintaining Session/Cookies but isn't
user interactive.
* The files are on one web resource/service/system
* The User Web interfaces is on another resource/service/system
* Both are protected by the same CAS infrastructure.
* Everything is on the same domain.
* Mod_auth_cas is the mechanism for protecting the sensitive files.
I would like to have the user log into a web interface via traditional
CAS login redirect and return.
I would like then to be able to pass arguments to the installer or
script that would allow it to share the authenticated and permitted
state of the users Web session into the context of the Script so that it
can access the sensitive files without having to interact with the user.
I.e. SSO between a Web interface and an external process.
Even just a hint of direction to look into would be appreciated.
Sincerely
Colin Ryan
Ray Bon
Nov 14, 2019, 4:32:23 PM11/14/19
to cas-...@apereo.org
Colin,
That is a proxy auth configuration. Both services need proxying turned on in the service registry entry.
Ray
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Reply all
Reply to author
Forward
0 new messages