Hi All, I'm getting ready to design a system that has single sign-on and encompasses Active Directory, an IIS server that has to integrate directly with Active Directory for legacy/customer requirement reasons, and CAS for Liferay and Intalio servers (Linux). I'm new to CAS, having just used OpenAM in the past, and I am not sure this setup is feasible.
Here's the base use case from a security standpoint. A user logs into Windows XP and Active Directory stores the ticket locally. User hits the legacy IIS server through a browser (e.g. IE8 or Firefox 4), the server reads the ticket from the client and authenticates with Active Directory. User hits Liferay, Liferay hits CAS, CAS hits Active Directory for authentication. My question is, will CAS be able to read the Active Directory ticket stored from the Windows logon? Or will CAS need the user to enter his credentials again to get a CAS readable ticket? I would prefer to just use CAS for everything, but the customer is adamant that we keep the current IIS implementation. Thanks! -Adam Brown -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
