Tõnis, I strongly discourage you from asking a user for credentials; security, break SSO, etc., etc,.
There is a proxy option in CAS, https://apereo.github.io/cas/6.0.x/installation/Configuring-Proxy-Authentication.html If the proxy option does not meet your needs the surely something else under https://apereo.github.io/cas/6.0.x/index.html Authentication | Methods (JWT or PAC4J might be good). You could also try OIDC, https://apereo.github.io/cas/6.0.x/protocol/OIDC-Protocol.html#openid-connect-protocol Ray On Thu, 2019-05-16 at 03:32 -0700, Tõnis Ostrat wrote: Hey, everybody. To preface this, I've tried both googling and looking through the discussions here but still haven't found an answer for the following situation. I'm currently building a back-end service with no web-based nor native GUI and I'm having trouble coming up with a proper way to secure it with CAS (5.3, if that matters). My plan right now is to have an endpoint in my API where the user can POST their credentials which I will forward to CAS's REST API (with the ID of my service) .I will then return the TGT that CAS gives me to the user and on any subsequent data request I will try to extract the same TGT (header, cookie, whatever) and validate it by requesting a ST for my own service from CAS. It works but it sounds a bit stupid because I don't actually do anything with ST, it's just a confirmation call to make sure the TGT is valid. This flow is the one I've managed to piece together basically on my own as the REST API portion of the official documentation is really lacking in my opinion. Is there a better solution to this problem? -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4a291bd5f14ef0711ed0f9d9d3d22a520c0490de.camel%40uvic.ca.
