Reputation: 63
How to check whether exists CAS token
everyone , i want to ask is that possible to check whether exist token in the CAS I have 2 app , and when login it will both login from CAS then can SSO from app1 to app2 or app2 to app1
app1: www.test.com
app2: www.test.com/main
CAS: www.test.com/cas
what i want is that if the app1 or app2 is redirect to the CAS login page , how can i check whether it login into CAS , such as how to check whether exist a token by using springboot , any CAS api could check for this , thanks for your help
Upvotes: 1
Views: 615
Answers (1)
Reputation: 4318
A more traditional approach would be to try to take advantage of the gateway feature of the CAS protocol:
If this parameter is set, CAS will not ask the client for credentials. If the client has a pre-existing single sign-on session with CAS, or if a single sign-on session can be established through non-interactive means (i.e. trust authentication), CAS MAY redirect the client to the URL specified by the service parameter, appending a valid service ticket…If the client does not have a single sign-on session with CAS, and a non-interactive authentication cannot be established, CAS MUST redirect the client to the URL specified by the service parameter with no “ticket” parameter appended to the URL.
The basic premise is receiving a ticket back from CAS indicates a valid SSO session and its absence indicates otherwise. In this scenario, CAS does attempt to validate and verify the SSO session tied to the CAS cookie to determine whether or not a ticket should be issued.
While this works for certain scenarios, it is quite chatty and does involve quite of bit of back and forth. As an alternative, another approach would be to build a special endpoint inside CAS that would be more REST friendly to check on the status of SSO without involving the browser as much with 302 redirects and without the implicit assumption of the CAS protocol as the mediator. Note that one caveat with this new approach would be that the caller, our application, would need to have access to the CAS special cookie to pass it onto our endpoint for follow-up processing and reporting on the SSO session status.
Reference: https://fawnoos.com/2019/06/14/cas53x-userlogin-ssostatus/
Upvotes: 1
Related Questions
- Is there any way to validate token before execution of rest api using spring
- Check if bearer token is jwt or not
- How to validate tokens received from authorization server
- How to check for Authorization Token in every Rest API in a rest controller without rewriting a method
- Spring Security with CAS rest (Direct login)
- How to implement token verification via token introspection endpoint in Spring Boot?
- Restful CAS client and Proxy Granting Tickets
- Spring Boot Security how to check/verify access token
- Securing Spring boot Rest services with CAS
- Authenticate user for secure spring service with CAS RESTful API ticket