Thanks a lot Andrew. this cleared a lot of troublesome questions i had. yes, i already solved my use case scenario without any problem but the problem is, i cannot completely restrict koha to anonymous users and i also needed to auto login when someone logs using drupal without the secondary check from cas. in any case, now i am assured that it is not possible the way i was trying to solve the problem.
Regards, Auninda On Tue, Dec 20, 2011 at 7:47 PM, Andrew Petro <[email protected]> wrote: > Auninda, > > This is a discussion of using the CAS software, rather than developing the > CAS software. It would therefore be more appropriate to conduct this > conversation on cas-user@, rather than on cas-dev@. > > > Your use case does not require proxy tickets. > > Proxy tickets are applicable when an application needs to itself, on > behalf of the end user, authenticate to a backing service. If Drupal > needed to itself authenticate to Koha to go get some XML representing my > library subscriber account, using this to inform a UI presented by Drupal, > that would be a use case for Drupal to use Proxy CAS to authenticate to > Koha. > > Your use case requires only service tickets and applications appropriately > configured to require/accept CAS service tickets. > > If users are going to Koha from Drupal, then in Drupal try making your > hyperlinks to Koha go through CAS login, as in > > https://cas.example.com/login?service=https://koha.example.com/somepath > > When users click these links, they're go to CAS, which will recognize > their CAS SSO session, and send them on to Koha with a valid service ticket > on the URL. So long as that Koha URL is configured to accept that CAS > service ticket, ta da! Users experience single sign on in navigating from > Drupal to Koha. > > If users are going to Koha directly, then try making the URL they access > require CAS login. If they already have a CAS SSO session, CAS will > redirect them back immediately with a valid ticket. If not, they'll have > to log in. > > If having to log in is unacceptable (you'd like to instead display a > no-authentication-required guest page in the case where they're not yet > logged in), then try the CAS gateway feature. > > Your use case does not require proxy tickets. > > Kind regards, > > Andrew > > > > On Dec 20, 2011, at 8:36 AM, Auninda Rumy Saleque wrote: > > > Thankx for the replies guys. yes, i do know the error is being caused > for some certificate validation failure but i am not sure how to avoid it. > well http is not an option for me coz i need the single sign on to work > properly. at the moment cas is working fine with drupal and koha(a web > based library management system). only trouble is, if someone logs inside > drupal using cas, he/she needs to click the login button again inside koha > for logging in there, though no user/pass is required in that stage. so to > avoid such situation, i am trying to work out the proxy granting ticket > option and i am stuck with this right now. i did try making a certificate > based on my hostname and adding it to the truststore, but in that case, the > log error message tells me that there is no valid certificate found for the > path. still i will try it out again tomorrow. i am not sure if i am getting > these errors cause of my local ip/host names though. > > > > Regards, > > Auninda > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- Auninda Rumy Saleque Asst. System Programmer Ayesha Abed Library BRAC University Dhaka, Bangladesh -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
