How to handle SSO connexion for commons users in two differents CAS server

[icoundoul]

Hi all,

I have two organizations A and B each consisting of a CAS server, client applications and users databases.
The user in organization A connecte to the CAS Server A and access to all the aplications in organization A by SSO. Same scenario for the users B in organization B

Somme users (2%) are commons in the two organistaions and need to access to all the applications but by connecting only once to either the CAS A server or the CAS B server.

What is the best practice to handle this feature ? My idea is to create small common database for storing the tokens generated when theses commons users connected to one of the CAS servers.  So when a user in organization A connected to the CAS server A and try to access to an application protected by the other CAS server B, I'll check the token in this common small database.
 

Regards.

Ibrahima

[Jérôme Steve]

Hi Icoundoul,

I think you have to used the same ticket registry for the two organisation. You have lot of kind of ticket registry (https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#ticket-registry). Of course the users need to have the same login in the two organization.

But i don't know if it's possible to do it for only some users and not for others ....

Jérôme.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9747119e-e8ef-4484-b7af-34a4db332193%40apereo.org.

[icoundoul]

Hi Jérôme,

Thanks for your response. Yes, the commons users have the same credentials in the two organizations, a synchronization daily script is provided for this.

Indeed, the two CAS servers are in differents nodes/network so how the token created by on of theme will be see by the other with the same tiket registery ? Do you have a POC I can turn and deploy to thow tomcats servers?

Thanks

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

[Jérôme Steve]

Hi,

Your welcome. For my usage i'm using memcached.

For a POC just used a docker image (https://hub.docker.com/_/memcached)

And set your two cas.properties with the memcached server url :  cas.ticket.registry.memcached.servers=localhost:11211

And replace localhost with the container name.

Jérôme.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20c6a6b5-6405-466a-a006-a9800f11dfcf%40apereo.org.

[Ibrahima Coundoul]

Hi Jérôme,

Thanks, I see quitely.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbyCcP-sfrEuSPZrcdPWseQ3aYqgDUWGABUCA5Wm80q1UA%40mail.gmail.com.

--

Cordialement,

Ibrahima COUNDOUL

JAVA / JEE  Senior Developper &  DevOps
Oracle Certified Professional, Java EE 5 Web Component Developer (2012)
Oracle Certified Professional, Java SE 6 Programmer( 2012)