Hi Bill, Bertrand, Scott, First, thanks for the replies. I definitely hear you loud and clear on the added complexity and infrastructure overhead with anything Oracle.
I love the flexibility of being able to CASify applications in addition to containers, and OAM is much more geared (out of the box) towards securing web servers. I also did a quick count of vendor applications we have either in-house or in the cloud, and came up with 5 that support CAS, 0 that support OAM, and 1 that might support OAM with significant work. In other words, having CAS in our environment makes a great deal of sense. The OAM features that make me consider the additional complexity of integrating CAS with OAM are mainly centralized authorization policies, auditing and reporting. There are fuzzier less specific ideas surrounding integration with other Oracle products like OIM and their Federation product. Appreciate the discussion and questions - I'm exploring the idea, but not married to it. Seems like Oracle could solve my problem by implementing the CAS protocol in their suite :-) best, scott On Mon, Sep 24, 2012 at 9:17 AM, William G. Thompson, Jr. <[email protected]>wrote: > Hi Scott, > > Can you be more specific on features of OAM you are looking to > leverage? What are the features/use cases that OAM is covering that > you won't get out from a simple CAS deployment? > > Best, > Bill > > > On Sun, Sep 23, 2012 at 5:18 PM, Scott Spyrison <[email protected]> wrote: > > Hello, > > > > We are designing towards a number of identity and access initiatives, > one of > > which is CAS. I have a bit of a happy problem with CAS and Web SSO, and > > would welcome any comments/feedback from the list. > > > > CAS is basically synonymous with higher education at this point, and I > want > > it in our environment. It is supported by a number of vendors that we > use, > > and it is a very elegant way to handle Web SSO for applications across > the > > University. My happy problem is that we also have a license for Oracle > > Access Manager vis a vis a converted Sun license, and if possible I would > > like to leverage OAM and related auditing capabilities in addition to > CAS. > > > > I have reviewed a number of posts on this list about whether CAS can be > > "fronted" by something else, or whether CAS can trust or delegate > > authentication to another IdP. I reviewed one specific post that said > CAS > > could be used more like an application as opposed to an IdP, configured > with > > the Trusted Authentication Handler, and fronted with an SP > > ( > http://jasig.275507.n4.nabble.com/Integrating-a-SAML-2-0-IdP-with-CAS-td254116.html > ). > > > > This led me to believe the same might be possible with OAM, for example: > > > > 1) Install Tomcat with CAS, front with Apache and mod_proxy or similar. > No > > direct access to Tomcat, only through proxy. > > 2) Configure CAS for Trusted Authentication. > > 3) Secure Apache with OAM, thereby securing CAS. > > > > Conceptually, CAS is like an application in this model, and it is secured > > with OAM's Apache module/WebGate. Seems like it should work but I won't > > have much confidence until I can run through an end-to-end proof of > concept. > > > > Has anyone else integrated CAS and OAM, and if so would you be willing to > > share any design or implementation details with me? > > > > best, > > scott > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
