我可以使用Jasig CAS服务器为Android手机应用程序？ [英] Can i use Jasig CAS server for android mobile applications?

问题描述

我知道，CAS是一种单点登录协议的网络。它的目的是允许用户同时提供自己的凭据（如用户名和密码）来访问多个应用程序只有一次。它还允许web应用无需获得访问用户的安全凭证，例如密码来验证用户。

I know that CAS is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password.

所以，我该如何使用Jasig CAS服务器为Android手机应用程序？一些指引，将是非常有用的！

So, How can i use Jasig CAS server for android mobile applications ? some guidelines would be very useful!

推荐答案

其实存在着这样两种方式，他们每个人都有一些缺点。

Actually there exist two ways of doing this, each of them has some drawbacks.

1）暴露的REST接口（在这里你会发现一个简单的Java客户端消耗他们以及一个的iOS样品如何使用它上的移动）

1) Expose the REST interface (here you'll find a simple JAVA client that consumes them and a iOS sample how to use it on a mobile)

这里的问题是，如果有人从下载商店应用程序，并检查网络流量在它（或者干脆将其分解），他会发现你打的电话。有了这个，他可以创建一个不为你做同样的应用程序，并记录由用户输入的密码（如的中间人攻击）

The problem here is that if somebody downloads your application from the store and checks the network traffic in it (or simply decomposes it) he'll find the calls you make. With this he could create an APP that does the same as you do, and log the passwords entered by the users (like a man-in-the-middle attack)

2）打开一个网页视图中的真正的网站你的APP里面

2) Open the real website in a web view inside your APP

您需要将您的CAS服务器上创建一个MODLE登录页面，或可响应，使它看起来不错。显然，即使在这里，有人在理论上可以复制你的应用程序和网站在CAS假两个看起来像你的APP抓取用户名和密码，并在后台发送到您的CAS给用户的IM pression这一切都正确但它是复杂得多。 然而，即使在这里日子会把你需要调整CAS; CAS的目的是接受登录的服务，它会成功登录后重定向。因此，在这种情况下，你需要一个假的服务添加到CAS的配置，并检查web视图会重定向到它。当这种情况发生日子会把你找到TGT在CASTGC的cookie。

You'll need to create a modle login page, or a responsive one on your CAS server so that it looks nice. Obviously even here somebody could theoretically copy your APP and the Website on your CAS fake both to look like your APP grab the username and password and send it in background to your CAS to give to the user the impression that everything went right but it is much more complex. However even here u'll need to tweak the CAS; CAS is designed to accept a login for a service to which it would redirect after successful login. Therefore in this case you'll need to add a fake service to the CAS configuration and check if the webview will redirect to it. when that happens u'll find the TGT in the CASTGC cookie.

在我们的第一个今日我们所使用的REST版本，但后来因为我们用我们的CAS的网站太多，我们要限制的REST访问只在工厂的其他服务器，所以我们提出了第二个解决方案，这似乎符合更好，但总体CAS似乎并没有被prepared移动应用

In our first APPs we used the REST version, but then as we use our CAS for websites too we wanted to restrict the REST access only to other servers in the facility, so we came up with the second solution which seems to fit better, but overall CAS seems not to be prepared for mobile APPs

这篇关于我可以使用Jasig CAS服务器为Android手机应用程序？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！