SSO with Central Authentication Service

18 / Nov / 2015 by Ekansh Rastogi 0 comments

You can use this How to set up CAS Rest api with JDBC Authentication. for setting up CAS server for your application. Now if you want to test if your CAS server is working properly for REST calls then you can use the following code and you need to check for the following things.

  • You need to make a GET or POST call depending on your CAS server setup.
  • If the Username and Password are correct then you will get a TGT (Ticket Granting Token)
  • Now we will make a call to the service url of our application to get the Service Ticket.
  • On success you will get a Service Ticket
  • If you have service the Service Token,  then you have successfully authenticated the user.
  • Save this service ticket in a cookie or session, since a service ticket can be used only once

Following the above steps, we have authenticated the user for say domain : http://a.domain.com

Now, to authenticate our another server say http://b.domain.com you need to share the TGT that we got in step-1, we will have to just validate the TGT and it will produce the Service Ticket.

Hence the user will not have to enter his credentials again. By sharing the TGT you can use Single Sign On for multiple applications, you can also use SSO by this approach for different domain, by sharing the TGT in header.

Use the following code to get TGT

 String getTicketGrantingTicket(String server, String username, String password)
    {
        HttpClient client = new HttpClient()
        PostMethod post = new PostMethod(server)
        post.setRequestBody([new NameValuePair("username", username),new NameValuePair("password", password)].toArray(new NameValuePair[2]))
        try
        {
            client.executeMethod(post)
            String response = post.getResponseBodyAsString()
            switch (post.getStatusCode())
            {
                case 201:
                    Matcher matcher = Pattern.compile(".*action=\".*/(.*?)\".*").matcher(response)
                    if (matcher.matches())
                        return matcher.group(1)
                    LOG.warning("Successful ticket granting request, but no ticket found!")
                    LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())))
                    break
                default:
                    println("Invalid response code (${post.getStatusCode()}) from CAS server!")
                    LOG.info("Response: ${response}")
                    break
            }
        }
        catch (final IOException e)
        {
            println "::::::::::::EXCEPTION ${e.printStackTrace()}"
            LOG.warning(e.getMessage())
        }
        finally
        {
            post.releaseConnection()
        }
        return null
    }

You can use the following code to get the Service Ticket

String getServiceTicket(String server, String ticketGrantingTicket, String service)
    {
        if (!ticketGrantingTicket)
            return null
        HttpClient client = new HttpClient()
        PostMethod post = new PostMethod("$server/$ticketGrantingTicket")
        post.setRequestBody([new NameValuePair("service", service)].toArray(new NameValuePair[1]))
        try
        {
            client.executeMethod(post)
            String response = post.getResponseBodyAsString()
            switch (post.getStatusCode())
            {
                case 200:
                    return response
                default:
                    LOG.warning("Invalid response code ( ${post.getStatusCode()} ) from CAS server!")
                    LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())))
                    break
            }
        }
        catch (final IOException e)
        {
            LOG.warning(e.getMessage())
        }
        finally
        {
            post.releaseConnection()
        }
        return null
    }

 

 

 

Tag -

CAS SSO
FOUND THIS USEFUL? SHARE IT

Leave a comment -