Is there a way to implement a cross browser single sing on using CAS? I'm aware that this isn't a standard workflow and that SSO workflows work on a single browser using session cookies, but we have a specific need that would require to automatically sign in in another browser (e.g. MS Edge instead of Mozilla) via some kind of URL parameter. We would use a custom protocols on OS level to be able to open a link in a different browser.
One thing that slipped my mind that you could use service token (ST) which you get in CAS callback of app1 and use it to open another application (app2) in a different browser. I guess you would also have to fake a client ID, i.e. use the one that retrieved a ST. And of course, ST would need to be valid for a long time, i.e. it shouldn't quickly expire.
Is there some kind by-the-book alternative for this in CAS?
Thanks a lot! Igor
CAS provides support for token-based authentication on top of JWTs, where an authentication request can be granted an SSO session based on a form of credentials that are JWTs. CAS expects a token parameter (or request header) to be passed along to the /login endpoint as the credential. The parameter value must of course be a JWT. You can create this JWT and pass it to any browser, and you'll get a session back. See this for more info.