Hello, I don't see any technical blocker point from what you're describing. But I'm a bit confused as to what good will bring CAS in your architecture other that additional complexity? (OAM is already complex enough, believe me!)
or the other way around : what functionality of OAM would really benefit to you compared to a CAS only setup? the way I see it : - you would certainly sum some of the features of both components (apps integration with CAS, (a bit) wider multiple authentication methods options for OAM, etc.) - you would also sum some limits : think multi-domain which is native with CAS and a nightmare with OAM oh, and you would also have to muscle up your infra and multiply the needed number of servers : Apache + Tomcat + Weblogic (mandatory for OAM) + Oracle database good luck! bertrand. On Mon, Sep 24, 2012 at 4:08 AM, Scott Battaglia <[email protected]>wrote: > Your description should work. When I worked at Rutgers, we also > "CASified" Oracle's SSO and basically relegated it to usage with just > Oracle applications. > > Cheers, > Scott > > > On Sun, Sep 23, 2012 at 5:18 PM, Scott Spyrison <[email protected]> wrote: > >> Hello, >> >> We are designing towards a number of identity and access initiatives, one >> of which is CAS. I have a bit of a happy problem with CAS and Web SSO, and >> would welcome any comments/feedback from the list. >> >> CAS is basically synonymous with higher education at this point, and I >> want it in our environment. It is supported by a number of vendors that we >> use, and it is a very elegant way to handle Web SSO for applications across >> the University. My happy problem is that we also have a license for Oracle >> Access Manager vis a vis a converted Sun license, and if possible I would >> like to leverage OAM and related auditing capabilities in addition to CAS. >> >> I have reviewed a number of posts on this list about whether CAS can be >> "fronted" by something else, or whether CAS can trust or delegate >> authentication to another IdP. I reviewed one specific post that said CAS >> could be used more like an application as opposed to an IdP, configured >> with the Trusted Authentication Handler, and fronted with an SP ( >> http://jasig.275507.n4.nabble.com/Integrating-a-SAML-2-0-IdP-with-CAS-td254116.html >> ). >> >> This led me to believe the same might be possible with OAM, for example: >> >> 1) Install Tomcat with CAS, front with Apache and mod_proxy or similar. >> No direct access to Tomcat, only through proxy. >> 2) Configure CAS for Trusted Authentication. >> 3) Secure Apache with OAM, thereby securing CAS. >> >> Conceptually, CAS is like an application in this model, and it is secured >> with OAM's Apache module/WebGate. Seems like it should work but I won't >> have much confidence until I can run through an end-to-end proof of concept. >> >> Has anyone else integrated CAS and OAM, and if so would you be willing to >> share any design or implementation details with me? >> >> best, >> scott >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
