I'm new to Jasig CAS and my task is to implement Mobile SSO for several internal applications of our company and I really need your help on this.
The current status is that my company:
Already has a Jasig CAS for SSO of web apps and we would like to customize it for Mobile SSO as well (my senior insists of utilizing this system; rather than implementing other Mobile SSO solutions).
We had our own local CA:
Every mobile device that is in this system has their device certificate signed by local CA.
These device certs can be accessed via a cert database service from server side as well.
What I have in mind is that:
For mobile client side (just take Android as default OS): I would like to create a service (Token Agent) that native apps connects to authenticate (sending device cert or encrypted info that can be decrypted from server); receives Authorization Code (or TGT in Jasig CAS' world) and Access Token (Service Ticket)
For server side: I would like to customize Jasig CAS so that it can authenticate client; generate Tokens (Tickets) and send them back to Client's Token Agent.
My current solutions:
- For client side: I'm implementing a service that consumes RESTful API of Jasig CAS (following these posts: Can I use Jasig CAS server for Android App and Working Java REST Client Example. Plus, the service has other functions so that native applications can call the service to get/check Authorization Code (TGT) and Access Token (Service Ticket).
- For server side, I'm confused.
- What should I do: customizing RESTful API or X509 support module of Jasig CAS.
- How can I config the address that the client agent will send the request to ... I really hope that someone can help me with my problem, and please be as specific as possible because I'm really new to Jasig CAS. Thank you in advance.
