CAS notes

  1. how CAS works

  2. I found the following diagram from here very elucidating:

    I believe I get all parts of the interaction except the setting of the MOD_AUTH_CAS_S cookie in the second access to the application (protected app #2) but I understand this is related to an Apache-specific module.

    In case this should ever go down here's a copy of the CAS protocol specification in pdf and HTML. And here's a nice high-level presentation.