How does CAS Authentication and Facebook connect for SSO works?

Question

I have a question, less pertaining to actual implementation more towards "how it works". We have a CAS server doing the SSO authentication for multiple web protals (sister protals). How does CAS validates the cookies across portals and how does it figure out that user was logged onto sister site.

Also extending same question to; can someone elaborate or point me to some documentation; that how does FACEBOOK Connect works with third party cookies? My question are: 1. Can you really read third party cookies? 2. How does your site know (if it implements facebook connect) that user is logged onto facebook? 3. I am guessing that JS provided by Facebook would probably validate it; but would it be able to read those cookies, left by facebook, even though that JS is included in my portal?

Maybe I am unclear, but it's because I am not really getting the hang of Single Sign on funda. If someone could explain me how these things interchangeably works; I'd be really grateful.

Cheers

Answer 1

I'm not sure about Facebook Connect, but with CAS the CAS server's log in cookie is only ever used by the CAS server itself. The process works something like:

1. Requesting site redirects user's browser to CAS server
2. CAS server does its thing, authenticates the user (if not already authenticated) then send the user's browser back to the requesting site with a CAS ticket in the querystring.
3. Requesting site does an HTTP request back to the CAS server to validate the ticket, if it's valid then the user's username is returned and the requesting site can log that user in.

The CAS protocol is relatively easy to understand if you want to know the details.