Hi all, I'm currently considering deploying CAS for a web app I'm working on. The apps is Struts based and runs on Tomcat (and maybe JBoss). It will consist of a number of distributed instances of the app, each with its own tomcat instance. But there will be one central "support" site that users will use to file support cases about their instances. Ideally, I'd like to use CAS to ensure that when the user hits a certain protected url on their site (i.e. http://mysite.bunchofsites.com/support/) the system will add some authentication credentials to the request, and forward the request to the support site. On the support site, a CAS server will be deployed that will take the request, validate the credentials, and pass the user on to the support site proper. This would all be invisible to the user; they would log into their own site (not using CAS or any SSO) and then invisibly get logged into the parent site. The credential information for the child site would be unique to the site, not the user; so the parent doesn't really care who the particular use is, only that the user came from a site with valid credentials. I was looking into using x509 certs for this: each child has a cert signed by a CA we create for the parent, and the CAS instance on the parent validates that the cert it gets form the child was signed by its CA. Can I even do this with CAS? It seems like setting up the server x509 authentication is pretty easy, but for the life of me I can't find any good documentation on setting up the child to do it. Is this even a good idea in the first place? Does anyone know of a better way to do invisible authentication?
Thanks, Pete --------------------------------------- Peter Guarnieri Appian Corporation www.appian.com Email: [EMAIL PROTECTED]
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
