On Fri, 30 Sep 2011, Marvin Addison wrote:
>> We are trying to implement SSO through CAS to work with the current Banner
>> setup we have.
>> We are running: CAS 3.4.10, uPortal 3.2.4 (if it matters), MySQL 5, Tomcat
>> 6, and
>> Banner 8.4 (8.3 in the test environment). All of our users are in Active
>> Directory over LDAP.
>
> The only component versions that matter are CAS and Banner, and the
> mix you have will not work out of the box if you intend to integrate
> via BEIS, which by my limited understanding is either the recommended
> if not only integration path. You will need to patch the BEIS
> integration components from Sungard to work with any version beyond
> the one they support (which is somewhere in the 3.3 line). While it's
> a trivial patch, you'll need source to do it. We would love to share
> what we have done with the community, but the legal status of these
> improvements is uncertain at best.
We are using CAS 3.3.5 with BEIS 8.1.4. The BEIS 8.1.4 Release and
Upgrade Guide says it supports CAS versions 3.2.1.1, 3.3.1, and 3.4.2.1.
New in this release is the support for CAS 3.4.2.1. I'm hoping that means
I'll be able to run any version of CAS 3.4.x. Upgrading CAS in our dev
environment is on my todo list.
The CAS integration for Self-Service Banner is ... interesting. We are
using Luminis 5, which is CAS-based, with BEIS to SSO into Self-Service
Banner. The process works something like this:
1. User logs into Luminis by authenticating with CAS
2. Luminis presents a URL, such as:
https://luminis-server/luminis-banner/lp5Banner?externalsystem=/banner-cas-client/authorized/banner/SelfService&url=urlPathbwpkeinf.P_ViewLeaveBalances
3. Clicking on this link hands off to a BEIS webpage which validates with
CAS and sets the IDMSESSID browser cookie to the user's UDCID (a Banner
unique identifier).
4. The browser redirects to the Self-Service Banner login page, which
detects the IDMSESSID cookie and creates a new session
As far as I know, Self-Service Banner is not directly CASified, and the
only way in is via BEIS.
> I've broached the idea within the CAS Steering Committee of
> collaborating with Sungard to open source their integration components
> with stewardship from the CAS project, but it's gone nowhere.
> Sungard, are you listening? We want to work with you to the mutual
> benefit of yourselves and our community.
Sounds good to me. I hate this closed source stuff that only (claims to)
work with specific old versions of CAS. :)
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
