A new CAS Adopter

[Geordie Carroll]

Hello!  I am in the process of implementing my very first CAS server.  I have not gotten very far in except to download the source and attempt to build it.  I asked this question elsewhere and figured I would kind of ask it here too!  In terms of building CAS this should be the first thing in production before the applications which will depend upon this service?  I have been visiting the various documentation sites and yet to wrap my head around this.  One of my major battles is fronting tomcat with apache over ajp and SSL!  I have a small of maybe at least 3 tomcat standalone servers which I want to do this with including the server.  My other part of this question is: do the apps reside on the same server as the CAS server or are separate servers recommended? in my situation, I have only one production server and now have a development environment I am building at this time! 

[David Curry]

You might find this helpful; it's the step-by-step documentation I've been building to record our development environment for posterity. It's not the only way to do it, but if you're completely new to everything, it will at least get you off the ground with something you can then start to experiment with on your own.

https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html

It's still a work in progress, so not everything is there, but you're welcome to what is.

To answer your specific questions:

1. Yes, you need the CAS server before you can "CAS-ify" an application.

2. The out-of-the-box CAS deployment will take care of Tomcat and SSL if you want to run in an embedded container. If you want to run with an external Tomcat instance, you have to do those things yourself. It's a trade-off, there are pros and cons to both approaches. The link above uses external Tomcat, so if you want all those steps, there they are.

3. The apps would normally reside somewhere other than the CAS server. You'll want to treat the CAS server as a key component of your security infrastructure, so it should be protected in much the same way as you protect your LDAP servers, etc.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

On Mon, Sep 25, 2017 at 11:20 AM, Geordie Carroll <interiortechnol...@gmail.com> wrote:

Hello!  I am in the process of implementing my very first CAS server.  I have not gotten very far in except to download the source and attempt to build it.  I asked this question elsewhere and figured I would kind of ask it here too!  In terms of building CAS this should be the first thing in production before the applications which will depend upon this service?  I have been visiting the various documentation sites and yet to wrap my head around this.  One of my major battles is fronting tomcat with apache over ajp and SSL!  I have a small of maybe at least 3 tomcat standalone servers which I want to do this with including the server.  My other part of this question is: do the apps reside on the same server as the CAS server or are separate servers recommended? in my situation, I have only one production server and now have a development environment I am building at this time! 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/46707cdd-f392-4aa6-bb88-d7b8a01ab405%40apereo.org.

[Tom O'Neill]

Dave,

 

Thanks for sharing this!

It’s always interesting to see someone else’s approach.

 

Thanks,

 

Tom O’Neill

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/46707cdd-f392-4aa6-bb88-d7b8a01ab405%40apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP9NDbkT0NmHeok976LE516vz-DSEC0acbt_PkacSATvA%40mail.gmail.com.