Hi Scott, Can you be more specific on features of OAM you are looking to leverage? What are the features/use cases that OAM is covering that you won't get out from a simple CAS deployment?
Best, Bill On Sun, Sep 23, 2012 at 5:18 PM, Scott Spyrison <[email protected]> wrote: > Hello, > > We are designing towards a number of identity and access initiatives, one of > which is CAS. I have a bit of a happy problem with CAS and Web SSO, and > would welcome any comments/feedback from the list. > > CAS is basically synonymous with higher education at this point, and I want > it in our environment. It is supported by a number of vendors that we use, > and it is a very elegant way to handle Web SSO for applications across the > University. My happy problem is that we also have a license for Oracle > Access Manager vis a vis a converted Sun license, and if possible I would > like to leverage OAM and related auditing capabilities in addition to CAS. > > I have reviewed a number of posts on this list about whether CAS can be > "fronted" by something else, or whether CAS can trust or delegate > authentication to another IdP. I reviewed one specific post that said CAS > could be used more like an application as opposed to an IdP, configured with > the Trusted Authentication Handler, and fronted with an SP > (http://jasig.275507.n4.nabble.com/Integrating-a-SAML-2-0-IdP-with-CAS-td254116.html). > > This led me to believe the same might be possible with OAM, for example: > > 1) Install Tomcat with CAS, front with Apache and mod_proxy or similar. No > direct access to Tomcat, only through proxy. > 2) Configure CAS for Trusted Authentication. > 3) Secure Apache with OAM, thereby securing CAS. > > Conceptually, CAS is like an application in this model, and it is secured > with OAM's Apache module/WebGate. Seems like it should work but I won't > have much confidence until I can run through an end-to-end proof of concept. > > Has anyone else integrated CAS and OAM, and if so would you be willing to > share any design or implementation details with me? > > best, > scott > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
