...
Columbia University has done this. So has University of Delaware.
| Panel | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Since CAS has become a service that can authenticate via may tiers (web, web service, etc.), it is no longer appropriate to merely monitor the service parameter. In CAS 3, in order to provide the same functionality, the CAS Core is wrapped via AOP. Any method in CentralAuthenticationService that provides access for a service (such as grantServiceTicket) is intercepted and checked against the whitelist. Additionally, one may provide a list of services that are allowed to proxy. On delegateTicket, this list is checked. If the service is not allowed access, an UnauthorizedServiceException is thrown, which can be caught by the tier that called the core. |
...
Campus Crusade for Christ distributes a CAS server modified to implement this feature.
| Panel | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Building on the ServicesRegistry, CAS allows the service to register a SSO callback with CAS. Using AOP we monitor the Ticket registry for the addition of Service Tickets (so we can keep track of the services for a TicketGrantingTicket and the removal of TicketGrantingTickets. On removal of a TicketGrantingTicket, we look to see if there are any entries in our map. We then match the service tickets to the service and execute its callback handler. |
...