Announcement Announcement Module
Collapse
No announcement yet.
Programmatic authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Programmatic authentication

    I'm trying to consume a REST service protected by Spring Security/CAS programmatically. Can anyone tell me what header to put the username/password in or how to get the correct ticket to set as a cookie?
    So far the only solution that I've found plossible is to make a REST request which redirects me to login; then parse the 'lt' (login ticket) param from the page and post to cas/login; get the cookie back to put in a REST request again to the rest service, but that doesn't seem like its the correct way of doing this.
    I am a 3rd party consumer of this service and can not modify CAS.

    Please help.

  • #2
    This sounds like something better to ask on the CAS forums. PS: If you haven't found it here is the Rest documentation for the CAS Server

    Comment


    • #3
      I am posting the question there also, since spring security is protecting the service and using CAS where does the question belong....
      I did see that but the current CAS protecting the service does not have the REST API exposed. As an experiment I did enable it and got it to work, however CAS isn't really under my control.

      Comment


      • #4
        Originally posted by psubrownie View Post
        I am posting the question there also, since spring security is protecting the service and using CAS where does the question belong....
        I did see that but the current CAS protecting the service does not have the REST API exposed. As an experiment I did enable it and got it to work, however CAS isn't really under my control.
        It sounded like you were having problems using the the CAS REST API (since that is what accepts the username/password). It sounds as though I was mistaken on what you needed.

        Are you able to use proxy ticket authentication? There is a sample application included in Spring Security 3.1 that demonstrates how to do proxy ticket authentication (for both the service and the client). You can also read about setting up the configuration in the reference.

        Comment


        • #5
          yes the CAS Rest API in this situation is not enabled. I've tested that code with another CAS that has REST enabled and got it working. I've also written a hack to retrieve the login page and get the lt and login that way.
          I think thats going to have to be my answer.
          Thanks, the proxy information is pointing me in a direction to solve another problem though.

          Comment


          • #6
            Is the CAS-Example still somewhere around? I asked a similar question on StackOverflow, but got no response.
            I'd need to consume a REST service created and secured with spring. I have the PGT-PGTIOU combination stored on the server, and PGTIOU, PGT, PT on my client.
            Now I'm stuck because I don't know which ticket I need to pass to the spring server in my REST calls and how I need to include it in my calls.

            Comment

            Working...
            X