Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

CAS Sequence

 

REST Protocol

The REST protocol allows one to model applications as users, programmatically acquiring service tickets to authenticate to other applications. This means that other applications would be able to use a CAS client to accept Service Tickets rather than to rely upon another technology such as client SSL certificates for application-to-application authentication of requests. This is achieved by exposing a way to RESTfully obtain a Ticket Granting Ticket and then use that to obtain a Service Ticket.

Request a Ticket Granting Ticket (Step 1)

POST https://cas.apiit.edu.my/cas/v1/tickets HTTP/1.0
'Content-type': 'Application/x-www-form-urlencoded'
username=battags&password=password&additionalParam1=paramvalue
CAS REST Protocol step 1

Successful Response

201 Created
Location: http://www.whatever.com/cas/v1/tickets/{TGT id}

Unsuccessful Response

If incorrect credentials are sent, CAS will respond with a 400 Bad Request error (will also respond for missing parameters, etc.). If you send a media type it does not understand, it will send the 415 Unsupported Media Type.

Request For a Service Ticket (Step 02)

The below snippets show one might request a service ticket using the semantics of the CAS protocol:

POST /cas/v1/tickets/{TGT id} HTTP/1.0

service={form encoded parameter for the service url}

Successful Response

200 OK
ST-1-FFDFHDSJKHSDFJKSDHFJKRUEYREWUIFSD2132

 

Validate Service Ticket (Step 03)

Service ticket validation is handled through the CAS Protocol via any of the validation endpoints such as/p3/serviceValidate.

GET /cas/p3/serviceValidate?service={service url}&ticket={service ticket}

Sample XML output on successful ticket validation:

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user>TP012345</cas:user>
        <cas:attributes>
            <cas:isFromNewLogin>true</cas:isFromNewLogin>
            <cas:authenticationDate>2019-03-05T00:04:34.916Z[Zulu]</cas:authenticationDate>
            <cas:sAMAccountName>TP012345</cas:sAMAccountName>
            <cas:displayName>John Doe</cas:displayName>
            <cas:givenName>John Doe</cas:givenName>
            <cas:successfulAuthenticationHandlers>LdapAuthenticationHandler</cas:successfulAuthenticationHandlers>
            <cas:distinguishedName>CN=TP012345,OU=38000,OU=Students,DC=techlab,DC=apiit,DC=edu,DC=my</cas:distinguishedName>
            <cas:cn>TP012345</cas:cn>
            <cas:samlAuthenticationStatementAuthMethod>urn:oasis:names:tc:SAML:1.0:am:unspecified</cas:samlAuthenticationStatementAuthMethod>
            <cas:credentialType>RememberMeUsernamePasswordCredential</cas:credentialType>
            <cas:authenticationMethod>LdapAuthenticationHandler</cas:authenticationMethod>
            <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
            <cas:memberOf>CN=38000,OU=38000,OU=Students,DC=techlab,DC=apiit,DC=edu,DC=my</cas:memberOf>
            <cas:userPrincipalName>TP012345@mail.apu.edu.my</cas:userPrincipalName>
        </cas:attributes>
    </cas:authenticationSuccess>
</cas:serviceResponse>

Unsuccessful Response

CAS will send a 400 Bad Request. If an incorrect media type is sent, it will send the 415 Unsupported Media Type.

Logout

Destroy the SSO session by removing the issued ticket:

DELETE /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie HTTP/1.0

Ticket Status

Verify the status of an obtained ticket to make sure it still is valid and has not yet expired.

GET /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie HTTP/1.0

Successful Response

200 OK

Unsuccessful Response

404 NOT FOUND

  • No labels

Copyright © Asia Pacific University. All Rights Reserved.