I have a use case where I need to get Proxy Granting Ticket directly in /p3/serviceValidate response. See here -> Apereo Documentation
My response example:
<cas:serviceResponse
xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>jleleu</cas:user>
<cas:attributes>
<cas:credentialType>UsernamePasswordCredential</cas:credentialType>
<cas:clientIpAddress>192.168.0.15</cas:clientIpAddress>
<cas:isFromNewLogin>true</cas:isFromNewLogin>
<cas:authenticationDate>2024-02-28T10:54:06.574818300Z</cas:authenticationDate>
<cas:authenticationMethod>Static Credentials</cas:authenticationMethod>
<cas:geoLocation>unknown</cas:geoLocation>
<cas:successfulAuthenticationHandlers>Static Credentials</cas:successfulAuthenticationHandlers>
<cas:proxyGrantingTicket>dHSWhcO9Ks35tg10...RestOfEncodedPGT</cas:proxyGrantingTicket>
<cas:serverIpAddress>192.168.0.175</cas:serverIpAddress>
<cas:userAgent>PostmanRuntime/7.36.3</cas:userAgent>
<cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>
It is somehow different from default approach where we handle the callback defined by pgtCallback url and make use of pgtIou. Here pgtIou wouldn't be used at all.
Final goal is to request for Proxy Ticket in my JEE App and call a RestAPI which is secured by the same CAS Server.
I was thinking of using DirectRestClient to validate a service but it uses different API methods.
Is there something available in Pac4J library to handle that case? Or should I build something custom on my own?
To get a proxy ticket, you need to call the
getProxyTicketFormethod of theCasProxyProfile. ThisCasProxyProfileis returned in a regular proxy flow (pgtIou). In your case, you should override the defaultCasProfileDefinitionof theCasAuthenticatorof theCasClientto read the encrypted pgt from the response.