Yale CAS Gurus,
I am looking for a good reference in the wiki or mailing lists to achieve the following subjective strategy question: "How do I CAS-ify my tomcat deployed client application (or configure the Yale CAS Server, although I doubt it) so as to fool the client application to perceive the login exactly as if it were coming in as a tomcat container login (basic non-SSL is the preferred mode, but I believe we can handle form-based-SSL which would be the natural thing to do with Yale CAS)?" More explanation: I am delighted to report that I have succeeded in doing SSO with "normal" tomcat servlet applications, even across multiple tomcat instances (and self-generated certificates). However, some of our applications feature a "servlet connector" that throws a login challenge (or simply hangs!) if the session (or request -- not sure which - still working this) is not populated EXACTLY as if the secure request came in through a tomcat login. For a tomcat driven (or equivalent container driven login), the servlet connector finds everything it needs from the environment (again I don't know the exact mechanism, nor do I care for the purpose of this question). More specifically, I am having to do SSO into an ArcIMS application using its servlet connector. Please see www.esri.com <http://www.esri.com/> if any of you are GIS gurus as well for details on ArcIMS. I am not a GIS geek...and hence the "service-oriented" strategy...that is I don't care what exactly ESRI does as long as I can have Yale CAS provide a login that "looks like" a tomcat login to the client application (and I don't care for knowing what exactly tomcat does either). Did you guys address something like this? If yes, please enlighten me. If not, consider this a feature request. :-) Regards, Uday Kari
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
