Dec 18th, 2011, 08:05 PM
CAS Check Authentication
I have 2 web apps, Site A and Site B. User goes to a secure page on Site A and is sent to CAS and successfully logs in and sees the secure page on Site A. Then the user goes to Site B. They are not authenticated under Site B yet so it just says "Hello Anonymous". They aren't authenticated until they try and hit a secure page under Site B. How can I check to see if they are authenticated when they get to Site B and perhaps auto authenticate them into Site B? Thanks!
Dec 19th, 2011, 12:24 AM
Would what you're trying to accomplish be better done by enabling CAS's Single Sign On functionality?
Dec 19th, 2011, 11:46 PM
I am using CAS's single sign on functionality. When you hit a page in your app that requires authentication, it goes out to the CAS server and authenticates the user either by showing the login page (if the user isn't authenticated already in cas) or sends back the credentials right away (if the user is already authenticated in cas).
So if I'm not authenticated in CAS yet and I visit Site A and access a secure page in Site A, I get tossed to the CAS login page. I login and get redirected back to Site A and everything is fine. Now I go to Site B. If I'm on a public non-secure page in Site B, it hasn't tried to see if I'm authenticated so it shows me as anonymous. But once I hit a secure page it authenticates me without having to go enter my login credentials again. I would like a method I can hit to just check to see if the current user is authenticated in CAS already or not. Does that exist?
Dec 20th, 2011, 12:39 AM
You can check if the current user is authenticated after the cas ticket goes to your webapp (through sso or not) - but not before. The reason being that you don't (and shouldn't) have access to the cas server's cookies.