CAS Authentication in an iPhone App
March 20, 09 by cjgibbsWe use CAS here at ACU for our single sign-on service and it works great but trying to authenticate with it from an iPhone app can be a little tricky. Luckily the latest versions of CAS server can implement a RESTful protocol which can be used to programatically obtain a Ticket Granting Ticket and subsequent Service Tickets.
I’ve been able to successfully do this in a native iPhone app but the method still needs refinement. I’m posting this to see if anybody else is doing this or knows of a better method. If anyone else is interested I’d be glad to share code, just let me know.
Russ McBride Says: 14.07.09 at 7:30 pm
I’ve got to write a CAS client for my iPhone app for UCB. I’m not sure if your code is open or not, but I’m happy to help you try to polish it if it is instead of writing my rough code from scratch.
Cheers,
Russ
cjgibbs Says: 14.07.09 at 11:15 pm
Russ, I’d be glad for you to use/polish my code!
Here’s the project home: http://source.acu.edu/confluence/display/CAS/Objective-C+Client
Essentially it’s just an example app with two classes. CAS.m has all the auth logic and CAS_ClientAppDelegate demonstrates how to use it. Let me know how it goes and if you have any questions.
raaj reddy Says: 14.08.09 at 2:30 am
hi chris, i am very much interested in this code… in our work, we use kerberos authentication. I would like to try this code to see how we can use the TGT process…
do you know if this code works with User Identity Certificates, instead of username/password?
would you be able to help out?
thank you
Raajitha.
cjgibbs Says: 14.08.09 at 9:27 am
Hi Raaj, unfortunately I don’t really know much about how Kerberos works.
If it’s anything like CAS though, you should be able to modify my code to make it work with Kerberos. It sounds like you might be able to just change the authentication piece to use a certificate and the TGT code will be the same.
I’m pretty busy with other projects right now but if I get some time I’ll definitely take a look at it. Let me know how it goes!
Kevin Miller Says: 03.03.10 at 10:48 am
We use CAS at CSU Monterey Bay, and figured out the following:
1. If a user is not authenticated, an in-app browser opens, pointing users to the CAS login point, with a trusted site as the service point (like iphone.csumb.edu).
2. The service point gets the authentication request and token, verifies it like normal with CAS, and then generates a large key which expires after a while and stores it in a database. The page just says ‘you have been authenticated’ and tells the user how to continue, but it also has the key on the page, which the app grabs, along with the username, and stores locally.
3. In the future, the app uses that iphone authentication web service app to authenticate against. It submits the username and key it has on file, and the app returns if that is still current and if it is correct.