API User Authentication using CAS
CAS Sequence
REST Protocol
The REST protocol allows one to model applications as users, programmatically acquiring service tickets to authenticate to other applications. This means that other applications would be able to use a CAS client to accept Service Tickets rather than to rely upon another technology such as client SSL certificates for application-to-application authentication of requests. This is achieved by exposing a way to RESTfully obtain a Ticket Granting Ticket and then use that to obtain a Service Ticket.
Request a Ticket Granting Ticket (Step 1)
POST https://cas.apiit.edu.my/cas/v1/tickets HTTP/1.0
'Content-type': 'Application/x-www-form-urlencoded'
username=battags&password=password&additionalParam1=paramvalueSuccessful Response
201 Created
Location: http://www.whatever.com/cas/v1/tickets/{TGT id}Unsuccessful Response
If incorrect credentials are sent, CAS will respond with a 400 Bad Request error (will also respond for missing parameters, etc.). If you send a media type it does not understand, it will send the 415 Unsupported Media Type.
Request For a Service Ticket (Step 02)
The below snippets show one might request a service ticket using the semantics of the CAS protocol:
POST /cas/v1/tickets/{TGT id} HTTP/1.0
service={form encoded parameter for the service url}
Successful Response
Validate Service Ticket (Step 03)
Service ticket validation is handled through the CAS Protocol via any of the validation endpoints such as/p3/serviceValidate.
Sample XML output on successful ticket validation:
Unsuccessful Response
CAS will send a 400 Bad Request. If an incorrect media type is sent, it will send the 415 Unsupported Media Type.
Logout
Destroy the SSO session by removing the issued ticket:
Ticket Status
Verify the status of an obtained ticket to make sure it still is valid and has not yet expired.
Successful Response
Unsuccessful Response
Copyright © Asia Pacific University. All Rights Reserved.