We are using CAS to provide authentication for a number of our Java and Ruby applications. Most of our Ruby applications are web applications with Java providing backend services with APIs. We authenticate all requests to the API by using Proxy Granting Tickets. This works great when a user logs into the web application, requests a proxy granting ticket and passes this along to the backend API. There is a good overview of the process here.
The problem is what happens when we have a daemon or rake task that wants to access an API? The daemon or rake task is able to authenticate against the CAS server via a login ticket and supplying valid credentials, but it is impossible to generate a Proxy Granting Ticket without the the daemon or rake task listening on a port for CAS to callback on. Has anyone faced this problem and how have you solved it? General suggestions are also welcome.
