Tips for changing Google Apps 3rd-party SSO - CAS 5.3.x

23 views
Skip to first unread message

Mike Osterman

unread,
Jan 8, 2020, 9:02:06 PM1/8/20
to cas-...@apereo.org
We're finally getting up to CAS 5.3.x, and for a variety of reasons, we built a new server with a different host name. As part of the transition, we'll be updating the "Third-party identity provider" settings in Google Apps with the new URL and keys. 

As I'm sure others have gone through this, so I thought I'd ask a few questions here:
  1. Did you reuse the X509 certificates from your previous CAS instance?
  2. The CAS side seems pretty well-documented and straightforward: https://apereo.github.io/cas/5.3.x/integration/Google-Apps-Integration.html 
    Is there anything you'd add to this? For example, does your service registry entry match that on the documentation, or did you need to add more attributes?
  3. Were there any gotchas you didn't foresee, such as all users' OAuth tokens being expired due to the changes? (I'm not certain this will happen, just trying to think of things that might happen as an unintended byproduct.)
  4. Are there additional preparations you wish you'd done given hindsight?
Thanks!
Mike

David Curry

unread,
Jan 9, 2020, 7:39:12 AM1/9/20
to CAS Community
We did this when we rolled out CAS 5 as well. New servers, new DNS names, the whole deal.

To answer your specific questions:
  1. We generated new ones. I don't think you have to, but it just seemed to make more sense to "start fresh" so we knew what components we had installed.
  2. It was pretty straight forward; I don't recall any gotchas. You might find this helpful just to make sure you haven't left anything out:  https://dacurry-tns.github.io/deploying-apereo-cas/googleapps_overview.html
  3. We didn't experience any issues in this area, although we don't use much of this to begin with.
  4. Not really, It's pretty simple.
--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728david...@newschool.edu



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHXw2PEKEuvqgi0T4MaAwGAaqMc4iKoNdJzyY8_RqG6zKg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages