Results 1 to 5 of 5

Thread: Programmatic authentication

  1. Dec 8th, 2011, 09:52 AM #1
    psubrownie
    psubrownie is offline Junior Member
    Join Date
    Dec 2011
    Posts
    3

    Default Programmatic authentication

    I'm trying to consume a REST service protected by Spring Security/CAS programmatically. Can anyone tell me what header to put the username/password in or how to get the correct ticket to set as a cookie?
    So far the only solution that I've found plossible is to make a REST request which redirects me to login; then parse the 'lt' (login ticket) param from the page and post to cas/login; get the cookie back to put in a REST request again to the rest service, but that doesn't seem like its the correct way of doing this.
    I am a 3rd party consumer of this service and can not modify CAS.

    Please help.
    Reply With Quote Reply With Quote
  2. Dec 8th, 2011, 11:18 AM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,834

    Default

    This sounds like something better to ask on the CAS forums. PS: If you haven't found it here is the Rest documentation for the CAS Server
    Rob Winch
    Twitter @rob_winch
    Spring Security Lead
    Spring by Pivotal
    Reply With Quote Reply With Quote
  3. Dec 8th, 2011, 11:56 AM #3
    psubrownie
    psubrownie is offline Junior Member
    Join Date
    Dec 2011
    Posts
    3

    Default

    I am posting the question there also, since spring security is protecting the service and using CAS where does the question belong....
    I did see that but the current CAS protecting the service does not have the REST API exposed. As an experiment I did enable it and got it to work, however CAS isn't really under my control.
    Reply With Quote Reply With Quote
  4. Dec 8th, 2011, 01:06 PM #4
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,834

    Default

    Quote Originally Posted by psubrownie View Post
    I am posting the question there also, since spring security is protecting the service and using CAS where does the question belong....
    I did see that but the current CAS protecting the service does not have the REST API exposed. As an experiment I did enable it and got it to work, however CAS isn't really under my control.
    It sounded like you were having problems using the the CAS REST API (since that is what accepts the username/password). It sounds as though I was mistaken on what you needed.

    Are you able to use proxy ticket authentication? There is a sample application included in Spring Security 3.1 that demonstrates how to do proxy ticket authentication (for both the service and the client). You can also read about setting up the configuration in the reference.
    Rob Winch
    Twitter @rob_winch
    Spring Security Lead
    Spring by Pivotal
    Reply With Quote Reply With Quote
  5. Dec 9th, 2011, 11:08 AM #5
    psubrownie
    psubrownie is offline Junior Member
    Join Date
    Dec 2011
    Posts
    3

    Default

    yes the CAS Rest API in this situation is not enabled. I've tested that code with another CAS that has REST enabled and got it working. I've also written a hack to retrieve the login page and get the lt and login that way.
    I think thats going to have to be my answer.
    Thanks, the proxy information is pointing me in a direction to solve another problem though.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules