Andrew, thanks very much for the useful information. I will be view your video. Stephen
From: Andrew Petro [mailto:[email protected]] Sent: Thursday, September 01, 2011 6:42 PM To: [email protected] Subject: Re: [cas-user] sso java portal to .NET web app Hi Stephan, A survey of the space: Firstly, and only basically (CAS can be more), CAS is single sign on for the Web. You CASify each application (here, Liferay, your .NET webapp, maybe other applications...) As in, each application, individually. And then viola! You can enjoy single sign on between these. There's nothing you have to do in application A to achieve single sign on into Application B, in that CAS achieves single sign on by being the way for users to log on to application A, and application B, and remembering the user's browser by means of a secure cookie between these interactions. If you haven't viewed my YouTube video introduction to CAS<http://www.youtube.com/watch?v=Ik_11Y17ASg>, you might find it a helpful starting point. So, configure Liferay to use CAS for user login, CASify your .NET application, and viola! a user who first logs in to the portal will not have to provide username and password in their subsequent in-the-same-browser-session attempt to access the .NET application, e.g., by following a link to that application from the portal. As for how to CASify Liferay, Liferay supports basic use of CAS for single sign-on login to Liferay. I've previously blogged a demo deep walkthrough<http://www.unicon.net/blog/apetro/casify_liferay_6_ee>. You'll also need to CASify your .NET application. To do that you'll apply the .NET CAS Client<https://wiki.jasig.org/display/CASC/.Net+Cas+Client> library. Once you've done that, you've got single sign-on. The rest is making use of it well to achieve the experiences you're looking for. So: What does it mean for a login to the portal to "kickoff" a .NET web app? If you're just looking for single sign on when the user follows a link from the portal to the .NET web application, you're mostly done. You might want to do something clever like offering the link https://cas.example.edu/cas/login?service=https://dotnetapp.example.edu/loginUsingCas in your portal rather than merely the link https://dotnetapp.example.edu/ so that clicking the link immediately causes CAS to issue an ST and log the user in rather than the user having to see an unauthenticated welcome page before clicking a login link in the application's UI. Or there might be a path in the application you can link to that will cause a CAS login in the user isn't already logged in. This ends up being details of how the application has been CASified and what experience you're looking to provide from the portal. If you're looking to inline frame the .NET applications, firstly, don't do that, and secondly, framing in a link that causes the application to redirect to CAS or a link like I have above that causes CAS to redirect back to the application with a valid service ticket will allow you to embed the logged in experience achieved through single sign on. Hope this helps, Andrew On 9/1/2011 8:55 AM, Stephen Fabian wrote: Hello, I am new to this product and would like to know if there is a doc that describes a SSO process for integrating user login to Liferay portal (java)/tomcat that will "kickoff" a .NET web app running on IIS. Thanks -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
