Thanks Adam. I appreciate your response.
If anyone has any thoughts or could provide starting points on CASifying a J2EE application that currently uses JBoss Security (with OOTB and Custom Login Modules), it would be much appreciated. On top of using JBoss and custom login modules, I've also implemented a Custom Tomcat Valve/Authenticator (to satisfy our specific needs) but I don't believe that should make much of a difference (hopefully) from a CAS standpoint. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Rybicki Sent: Friday, May 23, 2008 4:34 PM To: Yale CAS mailing list Subject: Re: CAS Integration with JBoss Krish, It sounds like you have a good start. Having a working CAS server allows you to focus on CAS-enabling applications that need SSO. Let me see if I can better define a minimum "working CAS server:" * It authenticates against your production enterprise authentication store (Kerberos, LDAP, whatever) * It only accepts SSL (port 443) traffic * The SSL certificate is a "real" certificate that was properly signed by a recognized CA With these simple requirements in place your CAS-enabling work will proceed more smoothly. Development against a production CAS should be just fine. There is nothing that a CAS client should be able to do to "destabilize" a CAS server in any way. If there is, it would be a CAS server bug. It's OK to have a development instance of CAS, if you are doing CAS development, like implementing and testing some CAS server features (user attributes, service registry, clustering, etc.) If the development instance doesn't have a "real" SSL certificate, for simplicity I would avoid pointing any development client applications at it. As with any client-server system, it will become much easier to resolve development issues when you are confident that your CAS server is operating properly, IMHO. CAS-enabling of applications can then proceed one-at-a-time or by grouping them by technology (JSP, ASP, PHP, etc.) It's useful to always check on the JA-SIG Wiki to see if someone has documented CAS-enabling the application(s) you intend to CASify. Adam Krish Palaniappan wrote: Hi, I have an application that uses JBoss container managed security for authentication, and it uses a number of login modules, both OOTB provided by JBoss and custom modules. It supports SSO across multiple applications deployed in the same container. There are other applications deployed outside of JBoss that are authenticated via different means. Now, this is what I am looking into doing. Implement SSO across all the applications, whether or not they are deployed in JBoss, using CAS. I did read through the documentation provided in the CAS website but it is still not clear to me as to what the first steps are. I could either use the Java CAS client or better still, use Spring Security (if that makes it any easier) as the applications use the Spring framework. At this point, I've deployed the CAS Web Application in JBoss, enabled SSL, and tested out that http://localhost:8080/cas login works for admin/admin. That's pretty much where I am at. Thanks for any pointers! -- krish ________________________________ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
