Can CAS server use jwt tokens insted of TGT or ST tokens to mantain SSO???
1,224 views
Skip to first unread message
Jorge Andres
Jan 23, 2017, 5:32:55 PM1/23/17
to CAS Community
In the company where I work we want to implement SSO in our web apps and desktop apps and we are thinking in CAS Server to accomplish it, but we are looking to use JWT tokens. The main idea is that a client authenticate an user against CAS with LDAP, when successful then CAS creates a JWT token and returns it to the user so the user can use that token for the next requests. This is to avoid to validate against CAS every time if the ticket sent by the user is a valid ticket.
can CAS server use a JWT token instead of TGTs and/or STs? if so, how to achieve that?
Thanks a lot.
Jorge Andres
Jan 25, 2017, 12:32:36 PM1/25/17
to CAS Community
Please somebody can to help me is a can achieve this with CAS or something else authentication server???? Thanks a lot.....
Waldbieser, Carl
Jan 25, 2017, 12:46:29 PM1/25/17
to cas-...@apereo.org
Jorge,
The idea is that a web application should authenticate a user against CAS, and then it should establish its own *application session*.
The CAS service ticket is no longer useful at this point (it is expired).
The CAS TGC stays active so if you want to authenticate to an entirely different web application that also uses CAS, you will be issued a new ST for that service, and once validated, that web application would establish its own application session.
The idea is not that a web application should authenticate ever HTTP request against CAS.
Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College
--
----
Si usted no es destinatario y recibió este correo por error, agradeceremos
que proceda a borrarlo. Por favor no copie, use ni divulge su contenido.
If you are not the intended recipient and receive this e-mail in error,
please delete it. Please do not copy, use and not disclose its contents.
Antes de imprimir... Piense en su compromiso con el medio ambiente.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e3723ea-468f-4166-8547-e2d4fb242048%40apereo.org.
The idea is that a web application should authenticate a user against CAS, and then it should establish its own *application session*.
The CAS service ticket is no longer useful at this point (it is expired).
The CAS TGC stays active so if you want to authenticate to an entirely different web application that also uses CAS, you will be issued a new ST for that service, and once validated, that web application would establish its own application session.
The idea is not that a web application should authenticate ever HTTP request against CAS.
Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College
----
Si usted no es destinatario y recibió este correo por error, agradeceremos
que proceda a borrarlo. Por favor no copie, use ni divulge su contenido.
If you are not the intended recipient and receive this e-mail in error,
please delete it. Please do not copy, use and not disclose its contents.
Antes de imprimir... Piense en su compromiso con el medio ambiente.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e3723ea-468f-4166-8547-e2d4fb242048%40apereo.org.
Reply all
Reply to author
Forward
0 new messages