[thredds] [Fwd: TDS and CAS authentication]

Dear John,

I have tested further the CAS authentication provided with TDS, and I have noticed one problem. After the authentication, the first request is send to TDS with an additional parameter which is "ticket=...".
I think this is used for initializing the session with the server.
It works well if the first request is on the 'html' form which does not complain about extra parameters. It works with the 'das' request as well, but if the first request is a 'dds' or 'ascii' or 'dods' request, it fails because the ticket parameter is not understood.

Exemple of request :
http://www.ifremer.fr/thredds3/standard/dodsC/ARIVO-GLOBAL-ARIVO2002_07-OBS/FULL_TIME_SERIE.ascii?latitude&ticket=ST-72-FFr17wcSyYBaXIODlkof

What we did at IFREMER (in an extra tomcat filter), is to remove the ticket parameter from the URL before sending it to the TDS servlet.

Please could you see if you could add this function in the TDS built-in CAS authentication ?

Thanks,

Thomas

--


-------------------------------------------------------------
Thomas LOUBRIEU
IFREMER IDM/ISI
BP70
29280 Plouzane
FRANCE
email: Thomas.Loubrieu@xxxxxxxxxx
WWW  : http://www.coriolis.eu.org/cdc
Tel.:  (+33) (0)2 98 22 48 53
Fax: (+33) (0)2 98 22 46 44
-------------------------------------------------------------


--- Begin Message ---
Hi John,

Just a few words to let you know that I've finally moved our authentication/authorization system to the CAS system you provided with the TDS release. It works well and for the moment it is the best way for us to handle the authorization in TDS.

Do you have feedback on the usage of it through OPeNDAP client API (ferret, python, matlab, java, ...) ? We will focus on python and java to be able to request our restricted datasets and I am confident, we'll be able to do so (even if some minor adaptations of API may be required).

One of our restricted dataset is :
http://www.ifremer.fr/thredds3/subcatalogs/DATA_CENTERS/LPO/ARIVO-GLOBAL-ARIVO2002_07-OBS/ARIVO-GLOBAL-ARIVO2002_07-OBS_FULL_TIME_SERIE.html?dataset=ARIVO-GLOBAL-ARIVO2002_07-OBS_FULL_TIME_SERIE
(your login 'jc1eed0' should be still working).

Thanks you for having provided this CAS authentication within TDS.

Best regards,

Thomas

--


-------------------------------------------------------------
Thomas LOUBRIEU
IFREMER IDM/ISI
BP70
29280 Plouzane
FRANCE
email: Thomas.Loubrieu@xxxxxxxxxx
WWW  : http://www.coriolis.eu.org/cdc
Tel.:  (+33) (0)2 98 22 48 53
Fax: (+33) (0)2 98 22 46 44
-------------------------------------------------------------




--- End Message ---
  • 2008 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: