Hello, We are designing towards a number of identity and access initiatives, one of which is CAS. I have a bit of a happy problem with CAS and Web SSO, and would welcome any comments/feedback from the list.
CAS is basically synonymous with higher education at this point, and I want it in our environment. It is supported by a number of vendors that we use, and it is a very elegant way to handle Web SSO for applications across the University. My happy problem is that we also have a license for Oracle Access Manager vis a vis a converted Sun license, and if possible I would like to leverage OAM and related auditing capabilities in addition to CAS. I have reviewed a number of posts on this list about whether CAS can be "fronted" by something else, or whether CAS can trust or delegate authentication to another IdP. I reviewed one specific post that said CAS could be used more like an application as opposed to an IdP, configured with the Trusted Authentication Handler, and fronted with an SP ( http://jasig.275507.n4.nabble.com/Integrating-a-SAML-2-0-IdP-with-CAS-td254116.html ). This led me to believe the same might be possible with OAM, for example: 1) Install Tomcat with CAS, front with Apache and mod_proxy or similar. No direct access to Tomcat, only through proxy. 2) Configure CAS for Trusted Authentication. 3) Secure Apache with OAM, thereby securing CAS. Conceptually, CAS is like an application in this model, and it is secured with OAM's Apache module/WebGate. Seems like it should work but I won't have much confidence until I can run through an end-to-end proof of concept. Has anyone else integrated CAS and OAM, and if so would you be willing to share any design or implementation details with me? best, scott -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
