Closed adamfranco closed 12 years ago
akinspe
commented
12 years ago This has been integrated into the master branch. We probably want to talk with you about creating a DataRetriever in addition to a DataController. Please let me know if you want to talk about it.
adamfranco
commented
12 years ago I'd be happy to work on adding a matching DataRetriever. Is this list post the only info outside of the source-code?
akinspe
commented
12 years ago Some of the documentation has been updated and thankfully github is pretty good at rendering RST
https://github.com/modolabs/Kurogo-Mobile-Web/blob/master/doc/mw/dataretriever.rst https://github.com/modolabs/Kurogo-Mobile-Web/blob/master/doc/mw/urldataretriever.rst
I would not consider it complete, but it should give you a good start. It will be flushed out closer to 1.4 release.
The CAS 2.0 protocol supports proxy-authentication of web-service requests. Proxy authentication allows one web application to access resources (e.g. web services) of another web application on behalf of a user, but without the username or password transmitted between the applications. https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
In a proxy-authentication configuration, phpCAS with Kurogo is given a proxy-granting-ticket (PGT) which it can use to obtain a proxy-ticket (PT) that it passes off to underlying web-services secured by CAS. The underlying web-service will validate the PT with the CAS server and obtain the user id and information about the user who logged in to Kurogo without ever seeing the user's password or having to trust that Kurogo authenticated the user correctly.
This patch set includes configuration additions to the
CASAuthenticationclass that allow Kurogo to configure the phpCAS library in "proxy" mode. As well, it includes an abstractCASProxyAuthenticatedDataControllerthat can be extended to provide access to webservices protected by CAS.