I'll have to see if I can find it. However, if you can't guarantee username unique across all CAS server instances then you probably don't want to chain them as there could be username collision between global accounts and local accounts.
-Scott On Dec 6, 2007 10:32 AM, Chris Brooks <[EMAIL PROTECTED]> wrote: > > I didn't see a response, and when I looked at the nabble archives I > couldn't > see my previous email (though it was in my outbox in outlook) so I just > reposted, assuming that my email had been lost. > > I don't have much control over CAS A or B, just control over CAS C, which > my > application is protected with. CAS A is our sungaurd uportal front end, > and > CAS B is a home grown departmental front end. My CAS client (protecting > app > C) could forward them to one of the other CAS systems, but I don't want > them > to have to authenticate institutionally if they are just using my > application. In particular, the institutional authentication may not have > all of the users that my local cas system might. > > Chris > > > scott_battaglia wrote: > > > > I swear I responded to this...did it get lost? It was about using a > > hierarchy. > > > > On Dec 5, 2007 5:36 PM, Chris Brooks <[EMAIL PROTECTED]> wrote: > > > >> > >> Scott, > >> > >> > They don't need proxying. Let's suppose the following exists: > >> > > >> > Application A -> Utilizes CAS A > >> > Application B -> Utilizes CAS B > >> > > >> > If a user attempts to access Application A, he (or she) will be > >> > redirected to CAS A to authenticate and then (assuming success) sent > >> > back to Application A. > >> > >> Ok, this sounds good, and clarifies things up a bit. My current > dilemma > >> is > >> that I actually have several other CAS systems they might have signed > on > >> to. > >> I have an institutional one (CAS A), a departmental one (CAS B), and a > >> special applications one (CAS C). > >> > >> Now, the person may have used an application (A, B, or C) and been > >> authenticated against any of these. They now come to use application D > >> which uses my CAS D implementation - what's the best way of querying > >> these > >> other services to see if they are already authenticated with them? > >> > >> Wrt to the gateway feature - if I enable this I should be able to > >> interrogate the list of cas gateway cookies this browser has, then > >> identify > >> which CAS server I should forward to (with return to my service)? > >> > >> Chris > >> > >> -- > >> View this message in context: > >> > http://www.nabble.com/two-cas-servers-%3D%3D-pgt--tf4878431.html#a14182070 > >> Sent from the CAS Users mailing list archive at Nabble.com. > >> > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > > > > > > > > -- > > -Scott Battaglia > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > -- > View this message in context: > http://www.nabble.com/two-cas-servers-%3D%3D-pgt--tf4878431.html#a14194499 > Sent from the CAS Users mailing list archive at Nabble.com. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
