CAS Client help
Michael Remijan
Hello user community,
I am looking for some information on a CAS client and I haven’t been able to find it anywhere online.
All CAS Client references I’ve find have been for configuring a Web App so that user login integrates with CAS for authentication. Unfortunately, this is not what I need.
I have an REST API endpoint I need to integrate with in a headless/background process kind of way. Basic data integration stuff…periodically call the API throughout the day, get the data, process data. So I need an example of this kind of integration…having a background process pass the CAS authentication server what it needs to authenticate the request in a non-interactive, headless manner so my process can integrate with a REST API.
Any examples like this exist? Any help would be appreciated.
Mike
Petr Fišer
It is probably better to use this https://apereo.github.io/cas/6.6.x/protocol/REST-Protocol.html .
Cheers,
Fiisch
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM6PR06MB48902D25FA770FA95065FDB3D20D9%40DM6PR06MB4890.namprd06.prod.outlook.com.
Ray Bon
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Michael Remijan
>> If a user is logged in to the main app, you can use proxy protocol
There is no “user” to login. A background batch process needs to be able to authenticate by itself.
--
- Website:
https://apereo.github.io/cas
- Gitter Chatroom:
https://gitter.im/apereo/cas
- List Guidelines:
https://goo.gl/1VRrw7
- Contributions:
https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c17ee8d4b55125b31307132c437777a7a772caa0.camel%40uvic.ca.
Ray Bon
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Michael Remijan
>> Can you use a pre-shared key between the app and the API (and not involve cas)?
No, that will not be an option. The API is protected by CAS and that won’t change.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/90f17d12a284f4486ed12b7d8a7f6f4672875033.camel%40uvic.ca.
Michael Remijan
>> Client docs have examples, https://apereo.github.io/cas/6.6.x/integration/CAS-Clients.html (I have used php, java, and pac4j as clients)
I’ve looked at this project, and all the clients appear to be for Web-based applications which want to integrate with CAS to handle user authentication. Unfortunately, that’s not my use case.
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of
Ray Bon
Sent: Wednesday, November 23, 2022 10:41 AM
To: cas-...@apereo.org
Subject: Re: [cas-user] CAS Client help
Michael,
--
- Website:
https://apereo.github.io/cas
- Gitter Chatroom:
https://gitter.im/apereo/cas
- List Guidelines:
https://goo.gl/1VRrw7
- Contributions:
https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c17ee8d4b55125b31307132c437777a7a772caa0.camel%40uvic.ca.
Michael Remijan
I looked at the REST-Protocol and it looks interesting.
I don’t know the CAS instance I’ll be using has this available, but that’s a separate issue.
Looking at the REST-Protocol documentation, it seem like first you get a Ticket Granting Ticket, then you use that to get a Service Ticket, and then after you have the Service Ticket you are able to call the service? I didn’t see any example of what to do with the Service Ticket once you have it.
Thanks!
From: Petr Fišer <petr.f...@gmail.com>
Sent: Wednesday, November 23, 2022 1:27 AM
To: cas-...@apereo.org; Michael Remijan <mjre...@live.com>
Subject: Re: [cas-user] CAS Client help
Hello,
Ray Bon
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Petr Fišer
Other option would be to let CAS issue TGC as signed JWT and then using that JWT in API calls. API can issue ST for itself on the fly.
However this lets the API to completely impersonate the original user... so it has some caveats on its own.
Better to use what Ray suggested, if you can.
Some other thing that comes to mind is to employ OIDC with password grant. Your app can issue itself a signed JWT token. This token will be your authentication to the API. If you do it right, the API can validate the JWT even without contacting the CAS server on every request.
Cheers,
Fiisch
