How to configure CAS to recognize REST-Clients already authenticated via CAS RESTful API?

594 views

Skip to first unread message

mdottavi

unread,

Dec 5, 2016, 1:37:40 PM12/5/16

to CAS Community

Hi,

I have the following problem:

I already have several web apps already integrated with CAS and spring-security-cas-filter. It works fine for user (browser based) connections.

I now need to provide some of those webapps' REST Endpoints for machine-to-machine connection

and I want to rely on CAS for Authentication of those REST calls.

So I want my REST-Clients to call the CAS-RESTful API (/cas/v1/tickets) to get authenticated ...

This works fine and they get the TGT as result...

But when the REST-Clients call the webapps REST endpoint they get redirected (by the cas-spring-sec-filter)

to the cas login page that does not recognize the client is already authenticated and sends the html page...

So how to configure CAS to set in the REST-Client the proper cookies after issuing the TGT so that next calls of such client will be recognized by CAS as authenticated and issue directly the service ticket for the required webapps?

Note: After the TGT Request the REST Clients don't call the CAS-REST API for ServiceTicket because I want a seamless integration (no special handling from REST-Clients: they get redirected if not Authenticated by the spring-sec-filter).

I'm currently using CAS 4.1.0 but plan to move to CAS 5.x

Thank you so much for your help.

Ray Bon

unread,

Dec 5, 2016, 3:10:07 PM12/5/16

to cas-...@apereo.org

Look at CAS proxy: https://apereo.github.io/cas/4.1.x/installation/Configuring-Proxy-Authentication.html

Ray

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/afae9b29-0ba3-4e37-ac88-a60516e1ed05%40apereo.org.

-- 
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE C023 | rb...@uvic.ca

Reply all

Reply to author

Forward

0 new messages