Ändringar mellan två versioner
Här visas ändringar i "Autentisering mot API-tjänster" mellan 2011-04-18 11:18 av Fredrik Jönsson och 2015-03-24 12:15 av Lina Magdalinski.
Autentisering mot API-tjänster
Generally authentication is done by adding a Authorization HTTP header to the request. Access is authorized using CAS. Once authenticated a session key is returned which can be used instead to decrease round-trips to and load on the CAS server.
CAS Proxy authentication The format of the Authorization header for CAS proxy authentication is:
Authorization: X-KTH-VC (cas-proxy)<data>
Where <data> is the proxy ticket recieved from the CAS server.
Session authentication
The format of the Authorization header to use an existing session is
Authorization: X-KTH-VC (session)<data>
Where <data> is the session key previously recieved from the API server.