SSO with Central Authentication Service
You can check How to set up CAS Rest api with JDBC Authentication. for setting up CAS server for your application. Now if you want to test if your CAS server is working properly for REST calls then you can use the following code and you need to check for the following things.
- You need to make a GET or POST call depending on your CAS server setup.
- If the Username and Password are correct then you will get a TGT (Ticket Granting Token)
- Now we will make a call to the service url of our application to get the Service Ticket.
- On success you will get a Service Ticket
- If you have service the Service Token, then you have successfully authenticated the user.
- Save this service ticket in a cookie or session, since a service ticket can be used only once
Following the above steps, we have authenticated the user for say domain :
Now, to authenticate our another server say you need to share the TGT that we got in step-1, we will have to just validate the TGT and it will produce the Service Ticket.
Hence the user will not have to enter his credentials again. By sharing the TGT you can use Single Sign On for multiple applications, you can also use SSO by this approach for different domain, by sharing the TGT in header.
Use the following code to get TGT
String getTicketGrantingTicket(String server, String username, String password)
{
HttpClient client = new HttpClient()
PostMethod post = new PostMethod(server)
post.setRequestBody([new NameValuePair("username", username),new NameValuePair("password", password)].toArray(new NameValuePair[2]))
try
{
client.executeMethod(post)
String response = post.getResponseBodyAsString()
switch (post.getStatusCode())
{
case 201:
Matcher matcher = Pattern.compile(".*action=\".*/(.*?)\".*").matcher(response)
if (matcher.matches())
return matcher.group(1)
LOG.warning("Successful ticket granting request, but no ticket found!")
LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())))
break
default:
println("Invalid response code (${post.getStatusCode()}) from CAS server!")
LOG.info("Response: ${response}")
break
}
}
catch (final IOException e)
{
println "::::::::::::EXCEPTION ${e.printStackTrace()}"
LOG.warning(e.getMessage())
}
finally
{
post.releaseConnection()
}
return null
}
You can use the following code to get the Service Ticket
String getServiceTicket(String server, String ticketGrantingTicket, String service)
{
if (!ticketGrantingTicket)
return null
HttpClient client = new HttpClient()
PostMethod post = new PostMethod("$server/$ticketGrantingTicket")
post.setRequestBody([new NameValuePair("service", service)].toArray(new NameValuePair[1]))
try
{
client.executeMethod(post)
String response = post.getResponseBodyAsString()
switch (post.getStatusCode())
{
case 200:
return response
default:
LOG.warning("Invalid response code ( ${post.getStatusCode()} ) from CAS server!")
LOG.info("Response (1k): " + response.substring(0, Math.min(1024, response.length())))
break
}
}
catch (final IOException e)
{
LOG.warning(e.getMessage())
}
finally
{
post.releaseConnection()
}
return null
}