|
While working with the
University of California, Berkeley (UCB), Unicon implemented what UCB
refers to as "Second-level CAS." The idea is that this server controls
authentication to "highly secure" or "restricted" Web applications.
These applications are CAS-enabled and use the Second-level CAS for
their authentication. However, Second-level CAS is itself CAS-enabled,
and in order to get to it, the user must first authenticate to the
Primary CAS server. Obviously, Second-level CAS uses different type of
credential (alphanumeric PIN one-way-hash-encoded and stored in LDAP)
than Primary CAS (Kerberos). Additionally, Second-level CAS accepts
and processes Single Sign-Out callbacks from Primary CAS and
invalidates its TGT that was associated with the ST represented by the
Primary CAS ST. So, this is pretty neat and UCB wishes to share this solution with the JA-SIG community. Before this gets packaged into some "contrib" package, I would like to document this solution on the JA-SIG Confluence. Can someone suggest the most appropriate place for this documentation? Thanks, Adam |
begin:vcard fn:Adam Rybicki n:Rybicki;Adam org:Unicon, Inc.;Professional Services adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States email;internet:[EMAIL PROTECTED] tel;work:+1-480-558-2400 tel;home:+1-310-265-8286 tel;cell:+1-310-980-2758 x-mozilla-html:FALSE url:http://www.unicon.net/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
