I'm cross-posting this response from the uportal-dev list for the benefit of cas-user subscribers... -Jonathan
---------- Forwarded message ---------- From: Jennifer Bourey <[email protected]> Date: Mon, Jan 25, 2010 at 3:37 PM Subject: Re: [uportal-dev] Fwd: [cas-user] HA + Inspektr / ClearPass + OWA To: [email protected] The patch isn't huge, but it does change the CAS SecurityContext implementation and might affect custom work some institutions have performed. After the patch is applied, the CAS filters also must be configured a bit differently in the web.xml. Since the patch touches APIs that some adopters may be using, and since it affects the basic configuration of things like hostnames, I'd recommend that we don't make this change in the 3.2 maintenance branch. That said, I think individual institutions interested in using CAS ClearPass should be able to apply the patch to their individual codebases. - Jen On Jan 25, 2010, at 1:47 PM, Eric Dalquist wrote: Not that I know of, I'm not sure as to the extent of the changes needed to make the new feature work. On 01/25/2010 12:38 PM, Jonathan Markow wrote: FYI. Are there plans to apply the ClearPass related patch to any earlier uP releases? Thanks, Jonathan ---------- Forwarded message ---------- From: Scott Battaglia <[email protected]> Date: Mon, Jan 25, 2010 at 1:17 PM Subject: Re: [cas-user] HA + Inspektr / ClearPass + OWA To: [email protected] The patch to allow uPortal to use the Jasig CAS Client should be compatible with uPortal 3.1.x, but it was only applied to the 3.2 branch. That patch is needed to work with uPortal and ClearPass. On Mon, Jan 25, 2010 at 12:33 PM, Curtis Garman <[email protected]>wrote: > Does this method ( cas clearpass extention) work for uportal 3.1.x? > Can I casify OWA by simply adding the clearpass stuff in cas 3.3.4 or > is it necessary have uportal 3.2 installed? > > On Fri, Jan 22, 2010 at 5:21 PM, Francisco Estanqueiro > > <[email protected]> wrote: > > Looks great. I'm going to test it soon, so you'll be hearing from me (at > > least to say thanks). > > > > Francisco > > > > William G. Thompson, Jr. wrote: > >> > >> Some more info on CAS Client for OWA (CasOwa) > >> > >> CasOwa provides Jasig CAS integration with Microsoft Outlook Web > >> Access (OWA). It is implemented as a thin wrapper around Jasig > >> DotNetCas Client. CasOwa works with the CAS ClearPass extension to > >> securely retrieve the users credentials via Proxy Tickets and then > >> replays them to the OWA Auth URL in order to authenticate the user > >> with OWA. Once the user is authenticated, CasOwa sets the OWA > >> authentication cookies on the browser and redirects to user's OWA > >> inbox. > >> > >> Requirements > >> * CAS Server with ClearPass extension configured to accepted > >> ProxyTickets from CasOwa. > >> > >> Installation > >> Deploy CasOwa in its Virtual Directory on the same IIS server that is > >> running. This is to ensure that the authentication cookies set by > >> CasOwa will be visible to OWA. Managed Pipeline Mode for this Virtual > >> Directory should be set to Integrated. > >> > >> Http HandlerMappings > >> CasOwa requires two HandlerMapping configurations, one for > >> CasOwaAuthHandler and one for the DotNetCasProxyCallback. > >> > >> CasOwaAuthHandler Mapping > >> Request path: auth > >> Type: CasOwa.CasOwaAuthHandler > >> Name: CasOwaAuthHandler > >> > >> DotNetCasProxyCallback Mapping > >> Request path: proxyCallback > >> Type: CasOwa.CasOwaAuthHandler > >> Name: DotNetCasProxyCallback > >> > >> Http Modules > >> CasOwa requires one Http Module configuration for the DotNetCasClient. > >> > >> DotNetCasClient Module > >> Name: DotNetCasClient > >> Type: DotNetCasClient.CasAlternateAuthModule > >> [checked] Invoke only for requests to ASP.NET applications or > >> managed handlers > >> > >> Web.conf > >> Web.conf contains two sets of configurations that must be correct. > >> One is for the DotNetCasClient the other is > >> for CasOwa. > >> > >> CasOwa Config > >> <appSettings> > >> <add key="CasOwa.ClearPassUrl" > >> value="https://{cashost}/cas/clearPass";<https://%7Bcashost%7D/cas/clearPass> > /> > >> <add key="CasOwa.OwaUrl" > >> value="https://{owahost}/owa"; <https://%7Bowahost%7D/owa>/> > >> <add key="CasOwa.skipOwaUrlCertificateValidation" > >> value="true" /> > >> </appSettings> > >> > >> > >> DotNetCasClient Config > >> <casClientConfig > >> casServerLoginUrl="https://{cashost}/cascp/login";<https://%7Bcashost%7D/cascp/login> > >> > >> serverName="https://{owahost}"; > >> <https://%7Bowahost%7D>secureUriRegex="(?i)/auth" > >> > >> casServerUrlPrefix="https://{cashost}/cas/";<https://%7Bcashost%7D/cas/> > >> > >> redirectAfterValidation="false" useSession="false" > >> gateway="false" renew="false" > >> > >> ticketValidatorName="Cas20" ticketTimeTolerance="5000" > >> singleSignOut="false" > >> > >> proxyGrantingTicketReceptor="true" > >> > >> proxyCallbackUrl="https://{owahost}/coa/proxyCallback";<https://%7Bowahost%7D/coa/proxyCallback> > >> > >> proxyReceptorUrl="/coa/proxyCallback" /> > >> > >> > >> > >> > >> On Fri, Jan 22, 2010 at 12:31 PM, William G. Thompson, Jr. > >> <[email protected]> wrote: > >> > >>> > >>> CAS Client for OWA (CasOwa) is up on GitHub: > >>> http://github.com/wgthom/CasOwa > >>> > >>> Requires ClearPass and I've only tested it against OWA 2007. > >>> > >>> Look in web.conf for some app settings and the cas client config. > >>> > >>> Bill > >>> > >>> > >>> On Thu, Jan 21, 2010 at 11:11 PM, Francisco Estanqueiro > >>> <[email protected]> wrote: > >>> > >>>> > >>>> Hi again, > >>>> two quick questions: > >>>> > >>>> a) the stats created by inspektr in a clustered environment (2 servers > >>>> only), only gives the stats of the current server, right? > >>>> b) a while ago I read that ClearPass (I dont know where..) was the > >>>> solution > >>>> to CASify Outlook Web Access. Has anyone done this or knows how to do > >>>> it? > >>>> > >>>> Thanks again, > >>>> > >>>> Francisco Estanqueiro > >>>> Faculdade de Ciências - Universidade de Lisboa > >>>> > >>>> > >>>> > >>>> -- > >>>> You are currently subscribed to [email protected] as: > >>>> [email protected] > >>>> To unsubscribe, change settings or access archives, see > >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >>>> > >>>> > >> > >> > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > Curtis Garman > Web Programmer > Heartland Community College > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
