RESTful CAS: Leveraging CAS to Protect RESTful Resources and Support Non-browser Clients

A session at Open Apereo 2013 Conference (Jasig & Sakai)

Wednesday 5th June, 2013

10:00am to 10:45am (PST)

CAS has a wonderfully simply protocol for delegated authentication and single-signon for browser based access to web applications. However, the same protocol may stymie the non-browser and programmatic clients commonly found in RESTful architectures. The CAS login form is fine for humans behind a browser, but programmatic clients and human users using non-browser interfaces such as a CLI (Command Line Interface) and, to some degree, AJAX clients will face difficulties. Such clients may avail themselves of the CAS RESTful login interface, but only if they know in advance to exactly when pre-authenticate; otherwise they will be unexpectedly and unwittingly be forwarded to the CAS login screen and fail.

Our approach transforms some CAS protocol 200 and 302 responses to 401 responses and makes navigating CAS protected REST interfaces a cinch. We prove this with a demonstration: accessing a CAS-protected REST endpoint with a single cURL command.

About the speakers

This person is speaking at this event.
David Ohsie

Software Architect at EMC Computer Systems bio from LinkedIn

This person is speaking at this event.
Vijayanand Bharadwaj

Software Architect

Vijayanand Bharadwaj is a Sr. Research Scientist at EMC Corporation. After obtaining his PhD in Computer Science from West Virginia University he joined the CTO at EMC. He has been working on advanced development in Cloud Computing, Security, REST, SOA and Systems Resource Management. As part of the Advanced Architecture Group at the CTO he works on devising solutions for EMC?s customers. His interests include Enterprise Integration Patterns, Virtualization, CSCW and anything technology-related. Before joining EMC he was a lecturer and researcher at West Virginia Univ. He spends his spare time with his family and tries to catch up on the latest movies and interesting reads. Though a home body he has travelled quite a bit on the insistence of his wife and has come to enjoy it.

This person is speaking at this event.
John Field

Consultant Scientist

John Field has more than 20 years experience in information security. He is presently a Consultant Scientist and security architect in the EMC office of the CTO, where he is a member of the Architecture and Applied Research group. In this capacity, he does cutting edge security research, security analysis, and advanced development, as well as strategic consulting.

Next session in Opal

11am Identity Management and the Academic & Research Community by Seth Theriault and Benjamin Oshrin

14 attendees

  • Andrew Petro
  • John Field
  • Benito J. Gonzalez
  • Bill Thompson
  • David Ohsie
  • David Horwitz
  • Martin Smith
  • Mike Grady
  • Misagh Moayyed
  • Mitch
  • Nagai Takayuki
  • Bob Walters
  • Ray Walker
  • Vijayanand Bharadwaj

4 trackers

  • Aaron Grant
  • Dave Derderian
  • Konstantin Makarov
  • Sean Horner

Coverage of this session

Sign in to add slides, notes or videos to this session

Sign in to track this session

Tell your friends!


Time 10:00am10:45am PST

Date Wed 5th June 2013


Opal, The Westin San Diego

Short URL


Official event site


View the schedule



See something wrong?

Report an issue with this session