On Mon, Jan 25, 2010 at 2:33 PM, Curtis Garman <[email protected]> wrote: > Bill, what does the url look like to login to OWA once things are > configured? Is it https://{casServer}/cas/login?service={serviceUrl}?
The URL to login to OWA via CAS would be the path mapped to CasOwaAuthHandler. Following the example config below, it would be: https://{owahost}/coa/auth This would cause the CAS client to redirect to CAS to get a service ticket for /coa/auth. CasOwaAuthHandler validates the ticket and then requests a Proxy ticket for ClearPass. Using the proxy ticket, it gets the credentials, replays them to OWA, and then redirects to the OWA URL. > Is the service URL just the path to the CasOwa webapp? Is there more > documentation on this anywhere? Not yet. Let's get your config working and see where the gaps are. >Am I correct in assuming that my CAS > and OWA servers need to exchange certificates for the whole thing to > work? Yes, if you are using self-signed certs. Bill > > On Mon, Jan 25, 2010 at 12:18 PM, William G. Thompson, Jr. > <[email protected]> wrote: >> On Mon, Jan 25, 2010 at 12:33 PM, Curtis Garman <[email protected]> >> wrote: >>> Does this method ( cas clearpass extention) work for uportal 3.1.x? >>> Can I casify OWA by simply adding the clearpass stuff in cas 3.3.4 or >>> is it necessary have uportal 3.2 installed? >> >> uPortal is not required for CasOwa or the ClearPass extension. >> >> Bill >> >>> >>> On Fri, Jan 22, 2010 at 5:21 PM, Francisco Estanqueiro >>> <[email protected]> wrote: >>>> Looks great. I'm going to test it soon, so you'll be hearing from me (at >>>> least to say thanks). >>>> >>>> Francisco >>>> >>>> William G. Thompson, Jr. wrote: >>>>> >>>>> Some more info on CAS Client for OWA (CasOwa) >>>>> >>>>> CasOwa provides Jasig CAS integration with Microsoft Outlook Web >>>>> Access (OWA). It is implemented as a thin wrapper around Jasig >>>>> DotNetCas Client. CasOwa works with the CAS ClearPass extension to >>>>> securely retrieve the users credentials via Proxy Tickets and then >>>>> replays them to the OWA Auth URL in order to authenticate the user >>>>> with OWA. Once the user is authenticated, CasOwa sets the OWA >>>>> authentication cookies on the browser and redirects to user's OWA >>>>> inbox. >>>>> >>>>> Requirements >>>>> * CAS Server with ClearPass extension configured to accepted >>>>> ProxyTickets from CasOwa. >>>>> >>>>> Installation >>>>> Deploy CasOwa in its Virtual Directory on the same IIS server that is >>>>> running. This is to ensure that the authentication cookies set by >>>>> CasOwa will be visible to OWA. Managed Pipeline Mode for this Virtual >>>>> Directory should be set to Integrated. >>>>> >>>>> Http HandlerMappings >>>>> CasOwa requires two HandlerMapping configurations, one for >>>>> CasOwaAuthHandler and one for the DotNetCasProxyCallback. >>>>> >>>>> CasOwaAuthHandler Mapping >>>>> Request path: auth >>>>> Type: CasOwa.CasOwaAuthHandler >>>>> Name: CasOwaAuthHandler >>>>> >>>>> DotNetCasProxyCallback Mapping >>>>> Request path: proxyCallback >>>>> Type: CasOwa.CasOwaAuthHandler >>>>> Name: DotNetCasProxyCallback >>>>> >>>>> Http Modules >>>>> CasOwa requires one Http Module configuration for the DotNetCasClient. >>>>> >>>>> DotNetCasClient Module >>>>> Name: DotNetCasClient >>>>> Type: DotNetCasClient.CasAlternateAuthModule >>>>> [checked] Invoke only for requests to ASP.NET applications or >>>>> managed handlers >>>>> >>>>> Web.conf >>>>> Web.conf contains two sets of configurations that must be correct. >>>>> One is for the DotNetCasClient the other is >>>>> for CasOwa. >>>>> >>>>> CasOwa Config >>>>> <appSettings> >>>>> <add key="CasOwa.ClearPassUrl" >>>>> value="https://{cashost}/cas/clearPass"/> >>>>> <add key="CasOwa.OwaUrl" >>>>> value="https://{owahost}/owa"/> >>>>> <add key="CasOwa.skipOwaUrlCertificateValidation" >>>>> value="true" /> >>>>> </appSettings> >>>>> >>>>> >>>>> DotNetCasClient Config >>>>> <casClientConfig >>>>> casServerLoginUrl="https://{cashost}/cascp/login"; >>>>> >>>>> serverName="https://{owahost}"; secureUriRegex="(?i)/auth" >>>>> >>>>> casServerUrlPrefix="https://{cashost}/cas/"; >>>>> >>>>> redirectAfterValidation="false" useSession="false" >>>>> gateway="false" renew="false" >>>>> >>>>> ticketValidatorName="Cas20" ticketTimeTolerance="5000" >>>>> singleSignOut="false" >>>>> >>>>> proxyGrantingTicketReceptor="true" >>>>> >>>>> proxyCallbackUrl="https://{owahost}/coa/proxyCallback"; >>>>> >>>>> proxyReceptorUrl="/coa/proxyCallback" /> >>>>> >>>>> >>>>> >>>>> >>>>> On Fri, Jan 22, 2010 at 12:31 PM, William G. Thompson, Jr. >>>>> <[email protected]> wrote: >>>>> >>>>>> >>>>>> CAS Client for OWA (CasOwa) is up on GitHub: >>>>>> http://github.com/wgthom/CasOwa >>>>>> >>>>>> Requires ClearPass and I've only tested it against OWA 2007. >>>>>> >>>>>> Look in web.conf for some app settings and the cas client config. >>>>>> >>>>>> Bill >>>>>> >>>>>> >>>>>> On Thu, Jan 21, 2010 at 11:11 PM, Francisco Estanqueiro >>>>>> <[email protected]> wrote: >>>>>> >>>>>>> >>>>>>> Hi again, >>>>>>> two quick questions: >>>>>>> >>>>>>> a) the stats created by inspektr in a clustered environment (2 servers >>>>>>> only), only gives the stats of the current server, right? >>>>>>> b) a while ago I read that ClearPass (I dont know where..) was the >>>>>>> solution >>>>>>> to CASify Outlook Web Access. Has anyone done this or knows how to do >>>>>>> it? >>>>>>> >>>>>>> Thanks again, >>>>>>> >>>>>>> Francisco Estanqueiro >>>>>>> Faculdade de Ciências - Universidade de Lisboa >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> [email protected] >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> >>> >>> -- >>> Curtis Garman >>> Web Programmer >>> Heartland Community College >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > > -- > Curtis Garman > Web Programmer > Heartland Community College > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
