One of my colleagues has an application that runs under IIS that he would like to use central authentication for. Unfortunately, the company is not interested in integrating CAS support into their application. However, it does currently support delegating authentication to IIS and integrating into Windows domain authentication.
Based on my limited understanding of that infrastructure, I thought we should be able to use the CAS ISAPI filter to make this application use CAS rather than Windows domain authentication (with a caveat; I assume the application is looking for the standard remote_user header, the application would need to either need to be modified to support looking for the authenticated username in a custom header, or we would need to binary edit it to change the header it currently looks for). He has it installed and mostly configured, but he is not sure what to set the "Service URL" to, and neither am I. In a CAS transaction, the service URL is where the CAS server sends a browser after it gives out a service ticket after successful authentication, and that URL is then responsible for consuming the service ticket, validating it with CAS, and then providing access to the underlying application. But given in this case the application has no idea it is using CAS, shouldn't the "Service URL" functionality be handled by the CAS ISAPI filter itself somehow? Or am I misunderstanding how the CAS ISAPI filter is supposed to work? Any hints on how to appropriately configure this would be much appreciated. Thanks... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user