Mock CAS does not validate users but will behave in a similar way to a CAS server.
It will return valid CAS responses although actual authentication has not been achieved.
It does not implement any of the behaviour associated with single use tickets.
The CAS tickets are not true CAS tickets and are instead the Session Id with a CAS ticket prefix.
Initially a random username is returned, this username will be associated with the session id of the request.
If future request parameters for proxy access match that session id then a matching username will be returned.
The presence of the pgtUrl makes the CAS server call that URL with the request parameters; pgtId and pgtIou.
e.g. https://localhost:8443/cas-mock/pgtCallback?pgtIou=PGTIOU-E6518A5173225A1D262B47230DFCF7E0&pgtId=TGT-E6518A5173225A1D262B47230DFCF7E0
The "proxy" url is called by the service rather than within the user's SSO session.
This servlet has been modified to extract the Session Id from the "pgt" request parameter.
The "proxyValidate" url is called by the service rather than within the user's SSO session.
This servlet has been modified to extract the Session Id from the "ticket" request parameter.
This value is then used to lookup the username previously associated with that session id.