On Tue, Dec 16, 2008 at 9:46 PM, Nicholas Faiz <[email protected]>wrote:
> Scott, > > Thanks for the reply. See below for my responses. > > > Scott Battaglia wrote: > > > > > > * Each application in the SSO network will be, in effect, a > > CASProvider? > > This lets each application manage the username/password for the their > > member, and they can operate independently of the SSO network if need > > be, but CAS can also know how to query it during authentication. > > > > > > In general, CAS works best if you have a single username/password > > combination (otherwise how do you know its the same person across all > > applications). > > > > > > That's the case here. The CAS server has an authentication > implementation which knows how to ask each CAS provider to authenticate > the user. Only one will know about the user. We use an email and > password for authentication, so we can ensure that uniqueness. Then that should be fine (from the CAS perspective). Though all of the other apps may be confused if they suddenly get a user they don't know about. But you may have accounted for that already. > > > > > > In our case, the applications are all Rails applications. I'm > > currently > > experimenting with rubycas-server which is probably not suitable for > > production (we estimate a large, international userbase). Does anyone > > have recommendations for a good opensource CAS server? > > > > > > Yes, http://www.ja-sig.org/products/cas/ :-) As long as you're okay > > with Java. > > > Yes, I'm okay with Java, a bit down on it these days after having moved > to Ruby, but we can work with it. You can ask any questions on-list. We also maintain a user manual (sort of incomplete) in the our wiki: http://www.ja-sig.org/wiki/display/CASUM/Home -Scott > > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
