CASShib & CAS
97 views
Skip to first unread message
Fabien Berteau
May 2, 2012, 9:49:43 AM5/2/12
to cas...@googlegroups.com
Hello,
I would have a question for you about how CASShib could cohabit with a "primary" CAS server ?
Let me explain our situation.
We provide a group of services behind a portal and other web applications.
All of them use our CAS server that uses our local LDAP directory to authenticate the users.
In a near futur, we need to open our services to a Shibboleth identity federation.
Thus we plan tu use CASShib instead of install Shibboleth service provider on each application.
But we would wanted to keep our (then) "primary" CAS server to authenticate "local" users and delegate to CASShib for users coming from federation ("external users").
My problem is that I don't know how to design this.
How can I make CASShib cohabit with our CAS server ?
How can I chain these two servers ?
Is it possible ?
Thanks for your help,
Fabien
I would have a question for you about how CASShib could cohabit with a "primary" CAS server ?
Let me explain our situation.
We provide a group of services behind a portal and other web applications.
All of them use our CAS server that uses our local LDAP directory to authenticate the users.
In a near futur, we need to open our services to a Shibboleth identity federation.
Thus we plan tu use CASShib instead of install Shibboleth service provider on each application.
But we would wanted to keep our (then) "primary" CAS server to authenticate "local" users and delegate to CASShib for users coming from federation ("external users").
My problem is that I don't know how to design this.
How can I make CASShib cohabit with our CAS server ?
How can I chain these two servers ?
Is it possible ?
Thanks for your help,
Fabien
Davide Bocca
Jun 28, 2012, 8:32:54 AM6/28/12
to cas...@googlegroups.com
I also need explanations about how to use CASSHIB with existing CAS server
Thanks
Thanks
Davide
bko...@gmail.com
Jun 28, 2012, 1:33:08 PM6/28/12
to cas...@googlegroups.com
Fabien,
I would strive to just point all your portal applications to the the casshib server even for your local users. You could have a different Portal sign-in URL for your local users and your federated users to indicate to the portal, if need be, who's local and who isn't (might help for Bypass-The-WAYF for local users).
You would set up a local Shibboleth Identity Provider that talks to your existing local CAS server that gets its auth credentials from your local LDAP server. Your local organization would participate in the federation.
I would strive to just point all your portal applications to the the casshib server even for your local users. You could have a different Portal sign-in URL for your local users and your federated users to indicate to the portal, if need be, who's local and who isn't (might help for Bypass-The-WAYF for local users).
You would set up a local Shibboleth Identity Provider that talks to your existing local CAS server that gets its auth credentials from your local LDAP server. Your local organization would participate in the federation.
Reply all
Reply to author
Forward
0 new messages