Thank you for your answers and the links. They will get you started. I will get back to you with more specific questions if needed.
best regards! Le jeudi 14 avril 2022 à 19:19:32 UTC, Ray Bon a écrit : > A good (and free) place to start is > https://freecomputerbooks.com/Identity-Management-on-a-Shoestring.html > > 1. You will have an application that will perform the authentication. > 2. You will add a library/plugin to your application, or along side it, > that will 'protect' the application and make sure the user is authenticated. > > I suggest you tackle item 1 first. It is the more complex side of the > relation. There are often multiple options for 2 depending on your choice > for 1. In the rare case, you may have to write your own solution for 2, but > that would/should be a last resort. > > There are a number of open source solutions to 1 (and 2). If you are a php > shop, take a look at SimpleSAMLphp, https://simplesamlphp.org/ > Most SSO solutions can do multiple protocols. Cas does CAS and SAML > protocols, Shibboleth does SAML and CAS protocols. All three can do other > protocols as well. > > SAML is a protocol used by a lot of web based applications, especially in > the cloud vendor market. > CAS has a client library that can be added to each application's code base > and enabled with simple configuration. > > If you have O365, you may have access to other features, check your > license. Azure may be an option. > > The federation aspect of SAML authentication eases the management of > multiple applications (service provider, SP or relying party, RP) > interacting with multiple authentication providers (identity providers, > IdP). Many countries and regions have a federation and there is a global > one, eduGAIN, https://edugain.org/ > > Beware of the commercial vendors, there are a lot of them and there is a > lot of competition. They will work hard to pull you in. Open source > solutions are very capable, maybe even more so. > > Ray > > On Wed, 2022-04-13 at 17:11 -0700, RootName wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello friends > > I am an IT support in a university. > We want to implement a centralized SSO authentication for internal > applications and messaging > > Our applications and services: > - Web application (run with php & Symfony) > - Moodle > - Office 365 > > However, I am limited in resources and ideas, I see that we can use LDAP + > CAS however I understand how it works? > also in some examples, I see that we need to integrate an identity > federation like Shibolleth but why? > > If you can give me ideas, tracks, resources, it will help me a lot, I'm a > bit lost. > > I am a bit lost. Thank you! > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional > territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ > peoples whose historical relationships with the land continue to this day. > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional > territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ > peoples whose historical relationships with the land continue to this day. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/89a08b1f-e56d-43e8-9568-f8f86cea1ae8n%40apereo.org.
