org.jasig.cas

Interface CentralAuthenticationService

All Known Implementing Classes:

CentralAuthenticationServiceImpl, RemoteCentralAuthenticationService

public interface CentralAuthenticationService

CAS viewed as a set of services to generate and validate Tickets.

This is the interface between a Web HTML, Web Services, RMI, or any other request processing layer and the CAS Service viewed as a mechanism to generate, store, validate, and retrieve Tickets containing Authentication information. The features of the request processing layer (the HttpXXX Servlet objects) are not visible here or in any modules behind this layer. In theory, a standalone application could call these methods directly as a private authentication service.

Since:

3.0

Author:

William G. Thompson, Jr., Dmitry Kopylenko, Scott Battaglia, Marvin S. Addison

Method Summary

Methods

Modifier and Type	Method and Description
String	createTicketGrantingTicket(Credential... credentials) Create a TicketGrantingTicket by authenticating credentials.
String	delegateTicketGrantingTicket(String serviceTicketId, Credential... credentials) Delegate a TicketGrantingTicket to a Service for proxying authentication to other Services.
List<LogoutRequest>	destroyTicketGrantingTicket(String ticketGrantingTicketId) Destroy a TicketGrantingTicket and perform back channel logout.
String	grantServiceTicket(String ticketGrantingTicketId, Service service) Grants a ServiceTicket that may be used to access the given service.
String	grantServiceTicket(String ticketGrantingTicketId, Service service, Credential... credentials) Grant a ServiceTicket that may be used to access the given service by authenticating the given credentials.
Assertion	validateServiceTicket(String serviceTicketId, Service service) Validate a ServiceTicket for a particular Service.

Method Detail

createTicketGrantingTicket

String createTicketGrantingTicket(Credential... credentials)
                                  throws AuthenticationException,
                                         TicketException

Create a TicketGrantingTicket by authenticating credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.

Parameters:

credentials - One or more credentials that may be authenticated in order to create the ticket.

Returns:

Non-null ticket-granting ticket identifier.

Throws:

AuthenticationException - on errors authenticating the credentials

TicketException - if ticket cannot be created

grantServiceTicket

String grantServiceTicket(String ticketGrantingTicketId,
                        Service service)
                          throws TicketException

Grants a ServiceTicket that may be used to access the given service.

Parameters:

ticketGrantingTicketId - Proof of prior authentication.

service - The target service of the ServiceTicket.

Returns:

Non-null service ticket identifier.

Throws:

TicketException - if the ticket could not be created.

grantServiceTicket

String grantServiceTicket(String ticketGrantingTicketId,
                        Service service,
                        Credential... credentials)
                          throws AuthenticationException,
                                 TicketException

Grant a ServiceTicket that may be used to access the given service by authenticating the given credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.

The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.

Parameters:

ticketGrantingTicketId - Proof of prior authentication.

service - The target service of the ServiceTicket.

credentials - One or more credentials to authenticate prior to granting the service ticket.

Returns:

Non-null service ticket identifier.

Throws:

AuthenticationException - on errors authenticating the credentials

TicketException - if the ticket could not be created.

validateServiceTicket

Assertion validateServiceTicket(String serviceTicketId,
                              Service service)
                                throws TicketException

Validate a ServiceTicket for a particular Service.

Parameters:

serviceTicketId - Proof of prior authentication.

service - Service wishing to validate a prior authentication.

Returns:

Non-null ticket validation assertion.

Throws:

TicketException - if there was an error validating the ticket.

destroyTicketGrantingTicket

List<LogoutRequest> destroyTicketGrantingTicket(String ticketGrantingTicketId)

Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an IllegalArgumentException if the TicketGrantingTicket ID is null.

Parameters:

ticketGrantingTicketId - the id of the ticket we want to destroy

Returns:

the logout requests.

delegateTicketGrantingTicket

String delegateTicketGrantingTicket(String serviceTicketId,
                                  Credential... credentials)
                                    throws AuthenticationException,
                                           TicketException

Delegate a TicketGrantingTicket to a Service for proxying authentication to other Services.

Parameters:

serviceTicketId - The service ticket identifier that will delegate to a TicketGrantingTicket.

credentials - One or more credentials to authenticate prior to delegating the ticket.

Returns:

Non-null ticket-granting ticket identifier that can grant ServiceTicket that proxy authentication.

Throws:

AuthenticationException - on errors authenticating the credentials

TicketException - if there was an error creating the ticket