Since WebAdvisor/Datatel can be configured to authenticate against an LDAP server, it potentially would be possible to give WebAdvisor the username, and a CAS ticket as password. Then have a special LDAP server set up that validates the ticket and returns successful login or failed login appropriately. I don't imagine that would be easy to set up, but I think it would be a possibility.
I think OpenLDAP or the Apache Directory Server would be flexible enough to do something unique like that. Borchers, Kristopher C. wrote: > Adam, > > > > Thanks for the info!! I will be looking into this as soon as possible > and will let the list know if I get anything working. > > > > Kristopher Borchers > Web Application Developer - Content Analyst > Saint Xavier University > Ph. 773-298-3924 > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > www.sxu.edu <http://www.sxu.edu> > > **/Saint/****/ Xavier University/****/ - Success with Purpose./***/ > /*// /// > //Saint Xavier University, a Catholic institution inspired by the > heritage of the Sisters of Mercy, educates men and women to search for > truth, to think critically, to communicate effectively, and to serve > wisely and compassionately in support of human dignity and the common > good./// > > ------------------------------------------------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > *On Behalf Of *Adam Rybicki > *Sent:* Friday, September 19, 2008 11:30 AM > *To:* Yale CAS mailing list > *Subject:* Re: CAS + Datatel WebAdvisor > > > > With the recent contribution of the CAS extension to reveal cleartext > credentials > <http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials>, > it may be possible to construct a filter for WebAdvisor to retrieve > username and password from CAS and present it to the WebAdvisor SSO > servlet. I can see how the existing JA-SIG CAS client could handle the > CAS authentication and proxy ticket retrieval, but details could be > worked out to reuse as much of the uPortal code contributed as possible. > > Yes, it probably sounds complicated, but think how many Datatel schools > could benefit from such a contribution. > > Adam > > Borchers, Kristopher C. wrote: > > Dave, > > > > Thanks for the reply. That's about as far as I got. The SSO servlet in > > WebAdvisor is the only option they offer and it is not a good one. You > > have to pass it a user name and password in an XML doc, it sends a reply > > that they were authenticated and a token that you then have to use in > > the actual loading of a page in the browser with this token as a query > > string parameter in order to generate a session in Colleague. > > > > The only way I could find that this might work is if WebAdvisor is your > > "gateway" to all apps you want to have under CAS. The user would have > > to go to WA, be directed to CAS, during authentication, CAS would have > > to be hacked (not at all what we want to do) to send the user and pass > > to WA after being verified against your user store(AD or what ever), > > then the user has a CAS session and is sent to that page to generate a > > WA session. > > > > That all seemed like way more trouble than it was worth so as of right > > now, WA is not going to be included in our SSO roll out. We have been > > talking to Datatel and considering some modifications from them to WA in > > order for it to work properly but that's when the $$$$$ start flying and > > we aren't sure if we can spend the money right now. > > > > Thanks for the comments though and if we do find a solution, I will be > > sure to post it. Hopefully there may still be someone out there that > > has found the answer. > > > > Kris > > > > Kristopher Borchers > > Web Application Developer - Content Analyst > > Saint Xavier University > > Ph. 773-298-3924 > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > www.sxu.edu <http://www.sxu.edu> > > > > Saint Xavier University - Success with Purpose. > > > > Saint Xavier University, a Catholic institution inspired by the heritage > > of the Sisters of Mercy, educates men and women to search for truth, to > > think critically, to communicate effectively, and to serve wisely and > > compassionately in support of human dignity and the common good. > > -----Original Message----- > > From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] > > On Behalf Of Dave Brondsema > > Sent: Thursday, September 11, 2008 1:29 PM > > To: Yale CAS mailing list > > Subject: Re: CAS + Datatel WebAdvisor > > > > Borchers, Kristopher C. wrote: > > > >> Has anyone out there integrated Datatel's WebAdvisor to use CAS for >> authentication? If so, would you be willing to share some details on >> implementation. >> > > > Hi Kris, > > > > I don't think its possible. I dug as deep as I could into WebAdvisor's > > authentication systems and I don't think there's any way for it to > > accept a CAS login because it creates login sessions with the Colleague > > backend using special tokens that are used throughout someone's session. > > There's no way for CAS to provide one of those. > > > > It does have some SSO servelts for "campuscruiser" and "SingleSignOn" > > but I don't know the details of those and as far as I know they don't > > work with CAS. > > > > > > > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Dave Brondsema Software Developer Cornerstone University
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
