Dec 8th, 2011, 09:52 AM
I'm trying to consume a REST service protected by Spring Security/CAS programmatically. Can anyone tell me what header to put the username/password in or how to get the correct ticket to set as a cookie?
So far the only solution that I've found plossible is to make a REST request which redirects me to login; then parse the 'lt' (login ticket) param from the page and post to cas/login; get the cookie back to put in a REST request again to the rest service, but that doesn't seem like its the correct way of doing this.
I am a 3rd party consumer of this service and can not modify CAS.
Dec 8th, 2011, 11:18 AM
This sounds like something better to ask on the CAS forums. PS: If you haven't found it here is the Rest documentation for the CAS Server
Dec 8th, 2011, 11:56 AM
I am posting the question there also, since spring security is protecting the service and using CAS where does the question belong....
I did see that but the current CAS protecting the service does not have the REST API exposed. As an experiment I did enable it and got it to work, however CAS isn't really under my control.
Dec 8th, 2011, 01:06 PM
It sounded like you were having problems using the the CAS REST API (since that is what accepts the username/password). It sounds as though I was mistaken on what you needed.
Originally Posted by psubrownie
Are you able to use proxy ticket authentication? There is a sample application included in Spring Security 3.1 that demonstrates how to do proxy ticket authentication (for both the service and the client). You can also read about setting up the configuration in the reference.
Dec 9th, 2011, 11:08 AM
yes the CAS Rest API in this situation is not enabled. I've tested that code with another CAS that has REST enabled and got it working. I've also written a hack to retrieve the login page and get the lt and login that way.
I think thats going to have to be my answer.
Thanks, the proxy information is pointing me in a direction to solve another problem though.