Using RESTFUL interface of CAS to log CS system into BS system

Keywords: Apache curl REST xml

Get ready

First, refer to the previous article to configure CAS and RESTFUL. Refer to:

http://blog.csdn.net/happyteafriends/article/details/7450120

The scenario is as follows,

CAS address: http://10.1.81.223:8080/cas-server-webapp

Two WEB application addresses: http://10.1.81.223:8080/webapp2

http://10.1.81.223:8080/webapp1

Objective: the program of CS architecture calls REST to get ST and log in webapp1

Steps are as follows

Get ticket

curl -i -X POST -d "username=admin&password=admin&service=http://10.1.81.223:8080/webapp1" http://10.1.81.223:8080/cas-server-webapp/v1/tickets/

Result:

HTTP/1.1 201 Created  
Server: Apache-Coyote/1.1  
Date: Tue, 07 Jan 2014 01:24:30 GMT  
Location: http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-sof0YkUAyxSBOWcIFI6lZRmpBmOBgmmNlwL7xvKWbfir4J7hMH-cas  
Accept-Ranges: bytes  
Server: Noelios-Restlet-Engine/1.1..1  
Content-Type: text/html;charset=ISO-8859-1  
Content-Length: 444  
  
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>201 The request has been fulfilled and resulted in a new resource being created</title></head><body><h1>TGT Created</h1><form action="http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-sof0YkUAyxSBOWcIFI6lZRmpBmOBgmmNlwL7xvKWbfir4J7hMH-cas" method="POST">Service:<input type="text" name="service" value=""><br><input type="submit" value="Submit"></form></body></html>

So TGT has been generated here

The second step is to generate ST through TGT + SERVICE

curl -i -X POST -d "service=http%3A%2F%2F10.1.81.223%3A8080%2Fwebapp1%2F" http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-sof0YkUAyxSBOWcIFI6lZRmpBmOBgmmNlwL7xvKWbfir4J7hMH-cas

Note that the service here must be encoded, otherwise an error will be reported later:

Ticket root XXX does not meet the target service
Result:

HTTP/1.1 200 OK  
Server: Apache-Coyote/1.1  
Date: Tue, 07 Jan 2014 02:05:53 GMT  
Accept-Ranges: bytes  
Server: Noelios-Restlet-Engine/1.1..1  
Content-Type: text/plain;charset=ISO-8859-1  
Content-Length: 29  
  
ST-1-iTyUm4scimR6UlaVFGbM-cas

You can see here that you can directly open the browser and use this ST to log in to WEBAPP1

Step 3, log in

Open browser input

http://10.1.81.223:8080/webapp1/?ticket=ST-1-iTyUm4scimR6UlaVFGbM-cas

Discovery can log in. This ST failed once.

Sign out

Exit is mainly to disable TGT, as follows:

curl -i -X DELETE http://10.1.81.223:8080/cas-server-webapp/v1/tickets/TGT-1-1fPYM6FWvLX9ZIRqtp1eF9nQAypB79VdyyYG29Bef6iFvyCnwT-cas  
HTTP/1.1 200 OK  
Server: Apache-Coyote/1.1  
Date: Tue, 07 Jan 2014 02:20:39 GMT  
Accept-Ranges: bytes  
Server: Noelios-Restlet-Engine/1.1..1  
Content-Length: 0

Other

If the error is reported: the error of this ticket root cannot be found, the expiration time may be too short

Modify in WEB-INF/ticketExpirationPolicies.xml

<!-- This argument is the time a ticket can exist before its considered expired.  -->  
        <constructor-arg  
            index="1"  
            value="1000000" />

The value can be increased a little. I changed it a little too much here. Maybe it's changed to 1000 seconds

Error reporting: ticket root XXX does not meet the target service

As mentioned above, pay attention to the coding of service, which is similar to:

http%3A%2F%2F10.1.81.223%3A8080%2Fwebapp1%2F

Reference: https://wiki.jasig.org/display/casum/restful+api

Posted by royalsolo on Tue, 31 Mar 2020 13:00:56 -0700

Programmer Group