Adam,
Thanks for the info!! I will be looking into this as soon as possible and will let the list know if I get anything working. Kristopher Borchers Web Application Developer - Content Analyst Saint Xavier University Ph. 773-298-3924 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.sxu.edu <http://www.sxu.edu> Saint Xavier University - Success with Purpose. Saint Xavier University, a Catholic institution inspired by the heritage of the Sisters of Mercy, educates men and women to search for truth, to think critically, to communicate effectively, and to serve wisely and compassionately in support of human dignity and the common good. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Rybicki Sent: Friday, September 19, 2008 11:30 AM To: Yale CAS mailing list Subject: Re: CAS + Datatel WebAdvisor With the recent contribution of the CAS extension to reveal cleartext credentials <http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials> , it may be possible to construct a filter for WebAdvisor to retrieve username and password from CAS and present it to the WebAdvisor SSO servlet. I can see how the existing JA-SIG CAS client could handle the CAS authentication and proxy ticket retrieval, but details could be worked out to reuse as much of the uPortal code contributed as possible. Yes, it probably sounds complicated, but think how many Datatel schools could benefit from such a contribution. Adam Borchers, Kristopher C. wrote: Dave, Thanks for the reply. That's about as far as I got. The SSO servlet in WebAdvisor is the only option they offer and it is not a good one. You have to pass it a user name and password in an XML doc, it sends a reply that they were authenticated and a token that you then have to use in the actual loading of a page in the browser with this token as a query string parameter in order to generate a session in Colleague. The only way I could find that this might work is if WebAdvisor is your "gateway" to all apps you want to have under CAS. The user would have to go to WA, be directed to CAS, during authentication, CAS would have to be hacked (not at all what we want to do) to send the user and pass to WA after being verified against your user store(AD or what ever), then the user has a CAS session and is sent to that page to generate a WA session. That all seemed like way more trouble than it was worth so as of right now, WA is not going to be included in our SSO roll out. We have been talking to Datatel and considering some modifications from them to WA in order for it to work properly but that's when the $$$$$ start flying and we aren't sure if we can spend the money right now. Thanks for the comments though and if we do find a solution, I will be sure to post it. Hopefully there may still be someone out there that has found the answer. Kris Kristopher Borchers Web Application Developer - Content Analyst Saint Xavier University Ph. 773-298-3924 [EMAIL PROTECTED] www.sxu.edu Saint Xavier University - Success with Purpose. Saint Xavier University, a Catholic institution inspired by the heritage of the Sisters of Mercy, educates men and women to search for truth, to think critically, to communicate effectively, and to serve wisely and compassionately in support of human dignity and the common good. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Brondsema Sent: Thursday, September 11, 2008 1:29 PM To: Yale CAS mailing list Subject: Re: CAS + Datatel WebAdvisor Borchers, Kristopher C. wrote: Has anyone out there integrated Datatel's WebAdvisor to use CAS for authentication? If so, would you be willing to share some details on implementation. Hi Kris, I don't think its possible. I dug as deep as I could into WebAdvisor's authentication systems and I don't think there's any way for it to accept a CAS login because it creates login sessions with the Colleague backend using special tokens that are used throughout someone's session. There's no way for CAS to provide one of those. It does have some SSO servelts for "campuscruiser" and "SingleSignOn" but I don't know the details of those and as far as I know they don't work with CAS.
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
