SSO LTPA cookie

[Joseph]

Hello.

I'm learning about the JASIG CAS server.

We have a legacy IBM system implemented with our users. The system uses a LTPA cookie for the SSO.

We now need a tomcat server on site that will connect to this existing system.

There is a webshpere server with a page where the user logs in, and once successful, there is a link on that page that will direct the user to the tomcat server. So the tomcat needs to evaluate the token.

There is also a need to evade this system when the user asks directly for the app hosted on tomcat. We are thinking about using the CAS server. 

So can the CAS server connect to a existing IBM LTPA authentication system and validate the user?

What would be the best way to accomplish this?

Thank you.

[Dmitriy Kopylenko]

There exists this -> https://github.com/Unicon/ltpa-bridge It’s old and unmaintained, but it should give you ideas…

Cheers,

D.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ba760c2-d0ba-4801-bc57-4c6de76f015a%40apereo.org.

[dkopy...@unicon.net]

To the list...

---------- Forwarded message ----------
From: dkopy...@unicon.net
Date: Nov 26, 2016, 08:54 -0500
To: Joseph Pine <jopin...@gmail.com>
Subject: Re: [cas-user] SSO LTPA cookie

The idea here is that you protect this LTPA generator REST resource by CAS, so then CAS client in front of it delegates to CAS to do authentication transaction by standard means and to make the authenticated principal available to the generator where it grabs it, generates the LTPA, stuffs it into a Cookie and redirects to a target LTPA-aware resource of choice where it can be used, validated, etc. The entire idea here is to decouple the LTPA generation business from CAS server as it does need to concern itself with it, hence the name "ltpa bridge". If you think this design is "too complex", you could of course complect the LTPA bits with the CAS server by modifying its login flow, etc. DIY programming is required in that case.

Hope it helps,

D.

On Nov 26, 2016, 08:18 -0500, Joseph Pine <jopin...@gmail.com>, wrote:

Ok I've found that already.

But is there a way to connect cas directly to a external LTPA cookie generator?

I already have an LTPA generator, so I would like to ask the CAS to ask the generator and authenticate the valid user.

Thanks.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

[Joseph Pine]

Ok I've found that already.

But is there a way to connect cas directly to a external LTPA cookie generator?

I already have an LTPA generator, so I would like to ask the CAS to ask the generator and authenticate the valid user.

Thanks.

On Sat, Nov 26, 2016 at 1:43 PM, Dmitriy Kopylenko <dkopy...@unicon.net> wrote:

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.