CAS SSO with OpenID Connect and CAS protocol

[Yan Zhou]

Hello,

CAS5, one client uses OpenID connect and the other client uses CAS protocol. Can they achieve SSO?  

With CAS protocol, the TGT is in a cookie on the browser side, that is how SSO is achieved. With OpenID Connect, is there a cookie being generated, having the same TGT?

Thx!

[Andy Ng]

Yup. when you login using either CAS Protocol or OAuth/OpenID protocol it will login the other way too.

- Andy

[Gandhi]

Hi Andy,

If the user logs in first using the CAS protocol, what are the steps to authenticate the same using OpenID connect with the same session?

Can you please give me more details on it. I'm working on this and needs help.

Thanks,

Gandhi

[Andy Ng]

Hi Gandhi,

So basically these are the process that would happends when you use both CAS and OpenID one after another 

1. User login to CAS (e.g. https://www.cas-server.com?service=https://some.service.com)

2. User login success

3. When you go back to https://www.cas-server.com, you can see user is already logined

4. Let say you are using OAuth (simialr as to OpenID, I just use OAuth so it is easier to explain) https://www.cas-server.com/oauth2.0/authorize response_type=code&client_id=<ID>&redirect_uri=https://www.your-oauth-service.com 

-  (please check out this: https://apereo.github.io/cas/5.3.x/installation/OAuth-OpenId-Authentication.html)

5. Since checked in Step 3, CAS login page is already logined, when you go step 4, user will be automatically logined, and toward the next steps

- If you have trouble in this steps, try check if SSO is enabled, and check if SSO is working properly by login using 2 CAS protocol service

So, basically, you don't need much confiuration and it will already works, if don't work, please give us your log and details for exminatino.

Cheers!

- Andy

[Gandhi]

Thanks a lot Andy. Will try this and post my observations

[Gandhi Pullalarevu]

I'm able to make cas work with single login for both CAS and OAuth protocols with the steps mentioned.

I see that this happens via TGC Cookie, which is created when the user logs in for the first time.

Thanks a lot once again Andy.

This mail contains confidential information intended only for the individual(s) named. If you’re not the named addressee, don’t disseminate, distribute or copy this e-mail. Please notify the sender immediately and delete it from your system.If you wish not to receive such e-mails you may reply with text “Unsubscribe”.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8aad7905-d882-4ee0-b611-8f6990880a11%40apereo.org.

This mail contains confidential information intended only for the individual(s) named. If you’re not the named addressee, don’t disseminate, distribute or copy this e-mail. Please notify the sender immediately and delete it from your system.If you wish not to receive such e-mails you may reply with text “Unsubscribe”.