Arnout, It is quite feasible to "CASify" or "PubCookify" or use OpenID to authenticate to or otherwise to layer another authentication system, requiring a redirect, in front of CAS.
This is typically accomplished by using the client libraries for those other protocols, and often involves use of a Javsa Servlet Filter. At least, these are the approaches I tend to recommend. Under this approach, the work of the CAS AuthenticationHandler becomes more that of trusting information set into the request or session by the fronting client library usage than one of validating the credentials involved in the layered-in-front authentication protocol. Andrew Arnout Engelen wrote: > Hi, > > I understand CAS can use many back-ends for performing the desired > authentication of a user. > > Looking at http://www.ja-sig.org/products/cas/server/authenticationhandler, > it looks like the AuthenticationHandler must perform the entire > authentication 'under water' based on the Credentials passed to it. I > don't see any way to support authentication providers that require > redirecting the user's browser to the authentication provider - such as > for example OpenID, A-Select or similar services. > > Is this correct? If not, how can I implement support for such an > authentication backend? Any examples/pointers? > > If so, looking at http://www.ja-sig.org/products/cas/overview/protocol, > it's not entirely obvious to me whether this is a limitation of the CAS > protocol, or merely a limitation of the current CAS implementation. If > the latter is the case, would this be hard to add? > > > Kind regards, > > Arnout > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
