In some cases we return clear text credentials to the application in an attribute of the CAS validation response. So you might define user attributes OraclePortalUser, OraclePortalPassword and these would be configured in service management to only be returned to the OraclePortal service. Then the CAS'ified OraclePortal can establish an appropriate user session after validating the service ticket.
________________________________ From: Scott Battaglia [mailto:[email protected]] Sent: Wednesday, 12 August 2009 3:41 a.m. To: [email protected] Subject: Re: [cas-user] SSO credential caching and Oracle External Apps You might want to take a look at ClearPass: http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials Cheers, Scott On Tue, Aug 11, 2009 at 11:36 AM, John King <[email protected]> wrote: Hello, Our campus has been using an SSO approach that combines Oracle External Applications with a little custom code. This basically caches the user's credentials and supplies them (via a bit of javascript) when you link from the portal. This is, of course, less than ideal. While the password is scrambled, it shouldn't be there in a reversible way at all. Secondly, the SSO only works one-way, from the portal to the external app. We're preparing a CAS setup as part of our move from Oracle Portal to uPortal. I'd like to eventually CAS-ify all of our applications, but I need a temporary solution that removes the dependency on our Oracle infrastructure but provides similar functionality. Any recommendations? Has anyone built something like this before that ties into CAS? Thanks! John -- John N. King Web Developer Computing & Information Technology SUNY Geneseo South Hall 124A2 585-245-5577 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
