How does CAS and Facebook authentication work for SSO?

Question

How does CAS and Facebook authentication work for SSO?

I have a question, to a lesser extent, related to the actual implementation, to "how does it work." We have a CAS server that performs SSO authentication for several web protols (sister protons). How CAS checks cookies on portals and how it turns out that a user has been registered on a partner site.

The same question also extends to; can someone clarify or point me to some kind of documentation; What does FACEBOOK Connect do with third-party cookies? My question is: 1. Can you really read third-party cookies? 2. How does your site know (if it implements a connection to facebook) that a user is logging in to facebook? 3. I assume that the JS provided by Facebook is likely to confirm this; but can he read these cookies left by facebook, although this JS is included in my portal?

Maybe I do not understand, but this is because I really do not get "Single Sign on Funda". If someone can explain to me how these things work interchangeably; I would be very grateful.

Greetings

+3

facebook cas single-sign-on

Priyank Jan 12 '10 at 14:27

source share

1 answer

Luke sampson · Accepted Answer · 2010-01-13T23:27:48+0000

I'm not sure about Facebook Connect, but with CAS, the CAS server in the cookie is used only for the CAS server itself. The process works something like this:

The site request redirects the user's browser to the CAS server.
The CAS server performs its task, authenticates the user (if it has not yet been authenticated), then send the user's browser back to the requesting site using the CAS ticket in the request.
The site request executes the HTTP request back to the CAS server to verify the ticket, if it is valid, then the user name is returned, and the requesting site can register this user.

The CAS protocol is relatively easy to understand if you want to know the details.

How does CAS and Facebook authentication work for SSO?

More articles: