If you want to support some kind of federated identity management (and it sounds like you do), using some kind of SAML2 based solution is probably going to be more straightforward than trying to adapt CAS to that space. Shibboleth is a prime example of a SAML-based solution, but there are other contenders (e.g. SimpleSamlPHP) that may fit your needs and resources better. It is a pretty extensive topic.
Thanks, Carl ----- Original Message ----- From: "Jacques Emmanuel Babarit" <jacques-emmanuel.baba...@rca.fr> To: "cas-user" <cas-user@lists.jasig.org> Cc: "cas-user" <cas-user@lists.jasig.org>, katebe...@me.com Sent: Friday, October 23, 2015 9:53:11 AM Subject: Re: [cas-user] Authorize users from another organisation Thank you for your reply. in this case do i need the other orgnisation to work with Shibboleth ? J-Emmanuel Babarit Le vendredi 23 octobre 2015 15:12:17 UTC+2, Kate Gray a écrit : > > Hello, > > We ended up doing something like this with shibboleth. Each organization > would log into their own Shibboleth server, which was authenticated with > CAS (against their local LDAP). > > There’s a bit of a description of how that would work here: > > https://www.switch.ch/aai/demo/medium/ > > Basically, when the user went to our service, they were redirected to > login at our Shibboleth server. They could select their organization, and > would be redirect to their org’s Shibboleth server. This would redirect > them to their CAS server, where they login. This would send them back to > Shibboleth (which verifies the CAS ticket), then sends them off with a > ticket to our server, which verifies it. > > Kate Gray > From: Jacques Emmanuel Babarit <jacques-emma...@rca.fr <javascript:>> > Reply-To: <cas-...@lists.jasig.org <javascript:>> > Date: Friday, October 23, 2015 at 6:02 AM > To: <cas-...@lists.jasig.org <javascript:>> > Subject: [cas-user] Authorize users from another organisation > > > Hi all, > > i need to autorize users authenticated in another system organisation. And > i don"t know how to do it, and if it's possible. > > Here is the situation : > > My organisation have a cas server. Good. > > Another organisation want's to use services from my organisation. > > Users from the other organisation have to log-in only once, in the other > organisation system. > Users logged in the other organisation have a dedicated link on their web > site to access my system. > > How can i perfom sso in this case ? > > I hope i was clear enough, > Thanks for any response > > J-Emmanuel Babarit > > -- > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > kate...@me.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > jasig-cas-user...@googlegroups.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: waldb...@lafayette.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
