Re: [cas-user] SSO credential caching and Oracle External Apps

Thu, 13 Aug 2009 06:54:06 -0700 

Thanks for your help everyone!
I suppose I'm looking for a generic way of front-ending applications that don't directly support CAS (and that I can't make changes to). I think ClearPass will be a great way of doing this. I don't need to make changes to CAS directly, I'll just write an app that grabs the attributes using the CAS client and passes the credentials along. 


I also really like the idea of being able to store credentials in memory - it 
provides a distinct security advantage to Oracle's method of caching this 
information to a database.


Thanks again,
John


Dale Ogilvie wrote:

In some cases we return clear text credentials to the application in an

attribute of the CAS validation response. 
 
So you might define user attributes OraclePortalUser,

OraclePortalPassword  and these would be configured in service
management to only be returned to the OraclePortal service. Then the
CAS'ified OraclePortal can establish an appropriate user session after
validating the service ticket.

________________________________


From: Scott Battaglia [mailto:[email protected]] 
Sent: Wednesday, 12 August 2009 3:41 a.m.

To: [email protected]
Subject: Re: [cas-user] SSO credential caching and Oracle External Apps


You might want to take a look at ClearPass:
http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials

Cheers,
Scott



On Tue, Aug 11, 2009 at 11:36 AM, John King <[email protected]> wrote:


        Hello,
        
        Our campus has been using an SSO approach that combines Oracle
External Applications with a little custom code. This basically caches
the user's credentials and supplies them (via a bit of javascript) when
you link from the portal.
        
        This is, of course, less than ideal. While the password is
scrambled, it shouldn't be there in a reversible way at all. Secondly,
the SSO only works one-way, from the portal to the external app.
        
        We're preparing a CAS setup as part of our move from Oracle
Portal to uPortal. I'd like to eventually CAS-ify all of our
applications, but I need a temporary solution that removes the
dependency on our Oracle infrastructure but provides similar
functionality. Any recommendations? Has anyone built something like this
before that ties into CAS?
        
        Thanks!
        John
        

	-- 
	John N. King

        Web Developer
        Computing & Information Technology
        SUNY Geneseo
        South Hall 124A2
        585-245-5577
        [email protected]
        

	-- 
	You are currently subscribed to [email protected] as:

[email protected]
        To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
        







--
John N. King
Web Developer
Computing & Information Technology
SUNY Geneseo
South Hall 124A2
585-245-5577
[email protected]

--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to