JASIG-CAS debug trace
JASIG-CAS provide SSO for web application. CASify a web application could make your application enjoy SSO.
Debug trace a CAS session
- Getting the lt ticket from login screen, e.g.
curl --cookie-jar /tmp/c1.cookie -X GET -v https://cas.example.com/cas/login?service=http://www.abc.com|grep lt
Get the login ticket,LT-XXXXXX…, ready for the step.
- Provide username & password & the LT ticket
curl -X POST -d "username=usrsid&password=verysecret<=LT-XXXXX..." --cookie /tmp/c1.cookie --cookie-jar /tmp/c2.cookie -v https://cas.example.com/cas/login?service=http://www.abc.com
You may need to include execution & _eventId in the post data for recent version of CAS server
- Application use the service ticket to get the userid.
curl -X GET -v 'https://cas.example.com/cas/serviceValidate?service=http://www.abc.com&ticket=ST-XXXXX...'
- Using TGC ticket without providing username & password to do authentication
curl --cookie /tmp/c2.cookie -X GET -v https://cas.example.com/cas/login?service=http://www.abcd.com
Get the ST from the reply.
-
curl -X GET -v 'https://cas.example.com/cas/serviceValidate?service=http://www.abcd.com&ticket=ST-XXXX...'
Afterward, you should get the service ticket, ST-XXXXX…., now. Also, /tmp/c2.cookie contain the cookie of TGC. Laster, you could use the TGC to get the ST without providing username & password again.
UserID shoud be returned.