Thanks Scott, I've already read about the Gateway feature of CAS, but DigiD doesn't provide me the ticket granting cookie I need to successfully authenticate my users. I understand that if I modify the webflow of CAS I can add my own authentication mechanism. But I guess my lack of Spring MVC knowledge is kind of holding me back. Is there any information (webpage's, wiki's, forms) you know of that can help me?
With kind regards, Jan van den Berg -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Sent: 12 November 2008 15:40 To: Yale CAS mailing list Subject: Re: Using CAS underwater On Wed, Nov 12, 2008 at 3:16 AM, Berg, Jan van den <[EMAIL PROTECTED]> wrote: > Well to be precise we need to support DigiD authentication. DigiD is a > government supported digital identification mechanism in the > Netherlands. From our web application we communicate with DigiD using > web services and we redirect the user to enter his/her credentials on > the DigiD website.(DigiD is a A-Select implementation). Afterwards the > user is send back to our website and we check the authentication level > of the user (again using web services) then the user has access to our > website. But now the website is split up into multiple web modules, and > we like CAS to handle the SSO part. But we cannot use CAS for the > authentication part because that's being handled by DigiD. > > So I was hoping there is a way of doing some authentication underwater > (preferably using web services) and therefore skip the login webflow of > CAS, but still benefit for the SSO functionality. I don't understand what you mean by skip the login webflow of CAS. You can always just use gateway=true to check if they authenticated already. You can also modify the flow of the login to delegate authentication to something else and then validate any token that is returned. People have actually had CAS delegate authentication to another CAS server and then just validate the returned token, which wouldn't seem to be any different than what you want to do. -Scott > > I hope this was detailed enough, > > With kind regards, > Jan van den Berg > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Scott Battaglia > Sent: 11 November 2008 18:42 > To: Yale CAS mailing list > Subject: Re: Using CAS underwater > > Can you describe it in more details? In CAS 3.3 we've attempted to > support the model of additional protocols (i.e. the SAML2 support for > Google Apps) and we're looking to extend this support in CAS4. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > On Tue, Nov 11, 2008 at 10:40 AM, Berg, Jan van den > <[EMAIL PROTECTED]> wrote: >> We've been using CAS for some projects now and we are very happy with > it. >> But now we have a project where we want to use SSO but the > authentication >> mechanism is very complex and (off course) not supported by CAS out of > the >> box. It's not a matter of adding one or two parameters to the > credentials, >> but we need to include a third party authentication mechanism. >> >> I've looked into the code of CAS and I don't think that I can easily >> integrate this into CAS, the other option would be to use CAS > underwater and >> to manage the authentication our self. We still want to use CAS > because of >> its SSO capabilities. But I've been looking at the "Using CAS without > the >> CAS login screen" posts but they either don't work for me (I'm using > CAS >> 3.3) or they don't seem suitable for our solution. >> >> My question therefore is; Can I easily integrate CAS on top of my own >> authentication module using release 3.3.0. For example get a login > ticket , >> and send credentials via web service calls underwater after I'm done >> authentication an user? >> >> Any help is appreciated, >> >> With kind regards, >> >> Jan van den Berg >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
