Hi, Some comments are inline below. -Scott
On Tue, Dec 16, 2008 at 9:23 PM, Nicholas Faiz <[email protected]>wrote: > Hello, > > I'm just doing a quick spec. on SSO for a current project. I like the > look of CAS as a solution, compared to Shibboleth it seems much simpler, > and Openid won't work for us. But I find myself trying to bend CAS in > one or two ways which make me uncertain if I'm approaching it with the > right expectations. I realise there's often not a perfect fit, but > because I'm new to the protocol I'm uncertain if I'm working against its > expectations. > > Is this a very unCAS thing to consider? > > * Each application in the SSO network will be, in effect, a CASProvider? > This lets each application manage the username/password for the their > member, and they can operate independently of the SSO network if need > be, but CAS can also know how to query it during authentication. In general, CAS works best if you have a single username/password combination (otherwise how do you know its the same person across all applications). > > > In our case, the applications are all Rails applications. I'm currently > experimenting with rubycas-server which is probably not suitable for > production (we estimate a large, international userbase). Does anyone > have recommendations for a good opensource CAS server? > Yes, http://www.ja-sig.org/products/cas/ :-) As long as you're okay with Java. > > Regards, > Nicholas Faiz > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
