Re: Using a Second CAS Server as an Authentication Source

Wed, 19 Dec 2007 11:26:00 -0800 

Rhian,
I believe that the main challenge here is that the Luminis SSO needs a user's password as a key to encrypt that user's credentials. When the password changes, Luminis SSO can re-encrypt that database with the new password. When using external authentication, Luminis will prompt the user for the old password and try to decrypt and re-encrypt. All of this assumes access to password, which is something that external CAS will not provide. I think that using the CAS server that's internal to Luminis gives Luminis SSO access to that password and things are OK. 


I think you could hack CAS to return user's password to Luminis in 
response to serviceValidate request from Luminis.  This would also 
assume that you'd hack the CAS client that you'd install on Luminis, and 
somehow pass both username and password to Luminis.  Worth it?  You decide.


Adam

Rhian Brad Resnick wrote:

Morning,

I have interesting situation that I hope CAS will solve. Several months
ago I read about using 2 CAS Servers to authenticate to Luminis.

In the scenario a standard CAS server was used as the Front server and
the Luminous Server was behind it. Using this setup the school was able
to use the Luminis SSO authentication in combination with third party
applications.

Unfortunately I cannot locate the article I read, nor can I locate any
discussions about using a CAS server as an authentication source.

The only reference I have found was in the Extended Authentication
Walkthroughs, under Shibboleth. " Just as when one CAS server has to
direct to a second CAS server"

If anyone could point me in the correct direction I would be much
appreciative,

Thanks

Rhian Resnick
Systems Analyst, Information Technology
Florida Tech
[EMAIL PROTECTED]
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas


  

begin:vcard
fn:Adam Rybicki
n:Rybicki;Adam
org:Unicon, Inc.;Professional Services
adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States
email;internet:[EMAIL PROTECTED]
tel;work:+1-480-558-2400
tel;home:+1-310-265-8286
tel;cell:+1-310-980-2758
x-mozilla-html:FALSE
url:http://www.unicon.net/
version:2.1
end:vcard




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas






















					Reply via email to