How to setup CAS SSO: Help, some ideas or ressources
179 views
Skip to first unread message
RootName
Apr 14, 2022, 12:00:19 AM4/14/22
to CAS Community
Hello friends
I am an IT support in a university.
We want to implement a centralized SSO authentication for internal applications and messaging
Our applications and services:
- Web application (run with php & Symfony)
- Moodle
- Office 365
However, I am limited in resources and ideas, I see that we can use LDAP + CAS however I understand how it works?
also in some examples, I see that we need to integrate an identity federation like Shibolleth but why?
If you can give me ideas, tracks, resources, it will help me a lot, I'm a bit lost.
I am a bit lost. Thank you!
I am an IT support in a university.
We want to implement a centralized SSO authentication for internal applications and messaging
Our applications and services:
- Web application (run with php & Symfony)
- Moodle
- Office 365
However, I am limited in resources and ideas, I see that we can use LDAP + CAS however I understand how it works?
also in some examples, I see that we need to integrate an identity federation like Shibolleth but why?
If you can give me ideas, tracks, resources, it will help me a lot, I'm a bit lost.
I am a bit lost. Thank you!
Colin Ryan
Apr 14, 2022, 12:50:51 PM4/14/22
to cas-...@apereo.org
My friend,
Without sounding rude your gonna have to put in the legwork yourself. SSO is a broad scope and what functions of CAS you need will depend on your applications and infrastructure.
There is so much info out there, but one I found, although might be a little dated but still very useful was the following.
and for the web application side..
https://www.baeldung.com/spring-security-cas-sso
Sincerely..this list is very useful..but it's best if you come with some base knowledge and specific questions.
Be well
Colin
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8de37eb-c2c6-4300-bc43-26cbd5b7fdean%40apereo.org.
William Jojo
Apr 14, 2022, 2:05:03 PM4/14/22
to CAS Community
@RootName,
Welcome to CAS!
To better assist you, what exactly do you want out of this? CAS as an IdP with only the CAS protocol, SAML or both?
Office 365: https://apereo.github.io/2018/12/06/cas53-office365-saml2-integration/ (older, but should still work)
Need more info on the PHP portion and how you are using it.
Depending on you needs check:
Cheers,
Bill
--
Ray Bon
Apr 14, 2022, 3:19:32 PM4/14/22
to cas-...@apereo.org
A good (and free) place to start is
1. You will have an application that will perform the authentication.
2. You will add a library/plugin to your application, or along side it, that will 'protect' the application and make sure the user is authenticated.
I suggest you tackle item 1 first. It is the more complex side of the relation. There are often multiple options for 2 depending on your choice for 1. In the rare case, you may have to write your own solution for 2, but that would/should be a last resort.
There are a number of open source solutions to 1 (and 2). If you are a php shop, take a look at SimpleSAMLphp, https://simplesamlphp.org/
Most SSO solutions can do multiple protocols. Cas does CAS and SAML protocols, Shibboleth does SAML and CAS protocols. All three can do other protocols as well.
SAML is a protocol used by a lot of web based applications, especially in the cloud vendor market.
CAS has a client library that can be added to each application's code base and enabled with simple configuration.
If you have O365, you may have access to other features, check your license. Azure may be an option.
The federation aspect of SAML authentication eases the management of multiple applications (service provider, SP or relying party, RP) interacting with multiple authentication providers (identity providers, IdP). Many countries and regions have a federation
and there is a global one, eduGAIN, https://edugain.org/
Beware of the commercial vendors, there are a lot of them and there is a lot of competition. They will work hard to pull you in. Open source solutions are very capable, maybe even more so.
Ray
On Wed, 2022-04-13 at 17:11 -0700, RootName wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.
RootName
Apr 14, 2022, 10:38:42 PM4/14/22
to CAS Community, Ray Bon
Thank you for your answers and the links.
They will get you started.
best regards!
They will get you started.
I will get back to you with more specific questions if needed.
Reply all
Reply to author
Forward
0 new messages