Your description should work. When I worked at Rutgers, we also "CASified" Oracle's SSO and basically relegated it to usage with just Oracle applications.
Cheers, Scott On Sun, Sep 23, 2012 at 5:18 PM, Scott Spyrison <[email protected]> wrote: > Hello, > > We are designing towards a number of identity and access initiatives, one > of which is CAS. I have a bit of a happy problem with CAS and Web SSO, and > would welcome any comments/feedback from the list. > > CAS is basically synonymous with higher education at this point, and I > want it in our environment. It is supported by a number of vendors that we > use, and it is a very elegant way to handle Web SSO for applications across > the University. My happy problem is that we also have a license for Oracle > Access Manager vis a vis a converted Sun license, and if possible I would > like to leverage OAM and related auditing capabilities in addition to CAS. > > I have reviewed a number of posts on this list about whether CAS can be > "fronted" by something else, or whether CAS can trust or delegate > authentication to another IdP. I reviewed one specific post that said CAS > could be used more like an application as opposed to an IdP, configured > with the Trusted Authentication Handler, and fronted with an SP ( > http://jasig.275507.n4.nabble.com/Integrating-a-SAML-2-0-IdP-with-CAS-td254116.html > ). > > This led me to believe the same might be possible with OAM, for example: > > 1) Install Tomcat with CAS, front with Apache and mod_proxy or similar. > No direct access to Tomcat, only through proxy. > 2) Configure CAS for Trusted Authentication. > 3) Secure Apache with OAM, thereby securing CAS. > > Conceptually, CAS is like an application in this model, and it is secured > with OAM's Apache module/WebGate. Seems like it should work but I won't > have much confidence until I can run through an end-to-end proof of concept. > > Has anyone else integrated CAS and OAM, and if so would you be willing to > share any design or implementation details with me? > > best, > scott > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
