Jasig › Jasig CAS › CAS Users

Proxied web service calls

2 messages

ttan

Proxied web service calls

Reply Threaded

Some javascript/style in this post has been disabled (why?)

Proxied web service calls Hi,

I have a set up where each GUI(php) call is actually a web service call to a server (Spring 2.0.1 CAS client) component. The PhP gui itself is authentication using PhPCAS. After authenthentication, each web service is a proxied call with _cas_stateless_ as user, and the PGT as password.

I see in CAS log:

First web service call to the same web-service

10.90.145.5 - - [09/Oct/2009:22:26:10 +0000] "GET /cas/proxy?targetService=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check&pgt=TGT-3-v4BcdVSPnbXVfxGLebFNeaB3sulG1dOCHRxu4fN0msEG9WoOVI-ttan-osx-lt.rwc.silverspringnet.com HTTP/1.1" 200 224
10.90.145.5 - - [09/Oct/2009:22:26:10 +0000] "GET /cas/proxyValidate?pgtUrl=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2FcasVerify.jsp&ticket=ST-12-OMlY90zXETbQ9gidOj0E-midtierhost&service=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check HTTP/1.1" 200 411

Subsequent web service call to the same web-service

10.90.145.5 - - [09/Oct/2009:22:26:49 +0000] "GET /cas/proxy?targetService=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check&pgt=TGT-3-v4BcdVSPnbXVfxGLebFNeaB3sulG1dOCHRxu4fN0msEG9WoOVI-midtierhost HTTP/1.1" 200 224
10.90.145.5 - - [09/Oct/2009:22:26:49 +0000] "GET /cas/proxyValidate?pgtUrl=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2FcasVerify.jsp&ticket=ST-13-ydObKnkhK5UZ1ivPluTj- midtierhost&service=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check HTTP/1.1" 200 412

I expect NOT to see the subsequent calls to CAS. Is my supposition correct?

I recalled reading somewhere that either the Java CAS client(3.1.3) or Spring may cache the PGT?

Thanks.

Theen-Theen

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Scott Battaglia-2

Re: Proxied web service calls

Reply Threaded

You're sending a new PT each time so its naturally going to validate each new one it receives.

PGTs have nothing to do with this. They stay with the main application and should not be passed to anyone else.

Cheers,
Scott

On Fri, Oct 9, 2009 at 6:43 PM, ttan <[hidden email]> wrote:

Hi,

I have a set up where each GUI(php) call is actually a web service call to a server (Spring 2.0.1 CAS client) component. The PhP gui itself is authentication using PhPCAS. After authenthentication, each web service is a proxied call with _cas_stateless_ as user, and the PGT as password.

I see in CAS log:

First web service call to the same web-service

10.90.145.5 - - [09/Oct/2009:22:26:10 +0000] "GET /cas/proxy?targetService=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check&pgt=TGT-3-v4BcdVSPnbXVfxGLebFNeaB3sulG1dOCHRxu4fN0msEG9WoOVI-ttan-osx-lt.rwc.silverspringnet.com HTTP/1.1" 200 224
10.90.145.5 - - [09/Oct/2009:22:26:10 +0000] "GET /cas/proxyValidate?pgtUrl=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2FcasVerify.jsp&ticket=ST-12-OMlY90zXETbQ9gidOj0E-midtierhost&service=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check HTTP/1.1" 200 411

Subsequent web service call to the same web-service

10.90.145.5 - - [09/Oct/2009:22:26:49 +0000] "GET /cas/proxy?targetService=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check&pgt=TGT-3-v4BcdVSPnbXVfxGLebFNeaB3sulG1dOCHRxu4fN0msEG9WoOVI-midtierhost HTTP/1.1" 200 224
10.90.145.5 - - [09/Oct/2009:22:26:49 +0000] "GET /cas/proxyValidate?pgtUrl=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2FcasVerify.jsp&ticket=ST-13-ydObKnkhK5UZ1ivPluTj- midtierhost&service=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check HTTP/1.1" 200 412

I expect NOT to see the subsequent calls to CAS. Is my supposition correct?

I recalled reading somewhere that either the Java CAS client(3.1.3) or Spring may cache the PGT?

Thanks.

Theen-Theen
-- 
You are currently subscribed to [hidden email] as: [hidden email]


To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user