Well, I'm heading back into some SSO work here and thought I would drop a note. Just a reminder, here is what I'm dealing with:
1. I have several CAS servers, each with their own CAS clients and user databases. 2. Each CAS server shares one group of users (e.g. they all have the same netids), and then had extra users on top of that that are not shared (and shouldn't be) 3. I want my applications to sit behind a CAS client that checks to see if the user is logged into any other cas server right now and, if so, to get their netid, see if it is in the shared list, and go on (if it's not in a shared list the user will just be given my login screen). The other CAS clients will probably not do the same (which is ok). It looks like shibboleth or something similar is what I really should be using, but this seems to heavy weight. Instead, I'm thinking of patching the CAS server code to add my CAS client url to the list of urls that the client will send cookies too. Thus when they hit my URL they'll get the CASTGC cookie and some indication of what server that cookie is from. My questions are: 1. How do I turn the CASTGC into a username without wrecking things? 2. Any pointers in the code? 3. Any obvious security issues with this? Best regards, Chris -- Christopher Brooks PhD Student, ARIES Laboratory Email: [EMAIL PROTECTED] Web: http://www.cs.usask.ca/~cab938 Mail: Christopher Brooks, MSc Department of Computer Science 110 Science Place Saskatoon, SK S7N 5C9 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
