I have own Jasig CAS server:
https://cas.example.com Also, I have two subdomains(applications) connected to this CAS server, for example:
https://ui.example.com https://api.example.com I can successfully create ST ticket for https://ui.example.com with a following request:
https://cas.example.com/login?service=https://ui.example.com response:
https://cas.example.com/?ticket=ST-5-p5rVK3OWBKPzwAAZteNw-cas.example.com/ but I'm unable to use this ticket for https://api.example.com
https://api.example.com/api/v1.0/account?ticket=ST-5-p5rVK3OWBKPzwAAZteNw-cas.example.com with a following error:
access to this resource is forbidden","errors":[{"field":"BadCredentialsException","message":"\n Ticket \u0027ST-5-p5rVK3OWBKPzwAAZteNw-cas-dev.cfwdev.com\u0027 does not match supplied service. The original service was \u0027https://ui.example.com/\u0027 and the supplied service was \u0027https://api.example.com/api/v1.0/account This is my service configuration:
{ "@class" : "org.jasig.cas.services.RegexRegisteredService", "serviceId" : "^(http?|https?)://.*example.com/.*", "name" : "example.com dev "theme" : example "id" : 20000002, "description" : "example.com dev environment", "proxyPolicy" : { "@class" : "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy", "pattern" : "^(http?|https?)://.*example.com/.*" }, "evaluationOrder" : 2, "usernameAttributeProvider" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" }, "logoutType" : "BACK_CHANNEL", "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" }, "authorizedToReleaseCredentialPassword" : false, "authorizedToReleaseProxyGrantingTicket" : false }, "accessStrategy" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true } } Is it possible to issue one ST ticket that will be accepted by both of these subdomains https://ui.example.com and https://api.example.com ?