[cas-dev] Services in CAS 3.1 (was CAS-430)

Scott Battaglia scott.battaglia at gmail.com
Tue Nov 21 15:45:19 EST 2006 

After the holiday break I believe we're going to brainstorm here at Rutgers
on what we need in a Services administration section and I'll post our notes
to the list.  Please feel free to post your own requirements.

-Scott

On 11/15/06, John Thiltges <jthiltges2 at unl.edu> wrote:
>
> Moving the conversation from
> <http://www.ja-sig.org/issues/browse/CAS-430> to the development list...
>
> Scott Battaglia wrote:
> > I'm actually currently working on a more robust Services
> > implementation for the CAS 3.1 release. It will include an
> > administration screen and backing data store (rather than a file). Can
> > you post your requirements/use case for the services stuff so I make
> > sure the new implementation covers your needs. I'm not sure if the new
> > version will support wildcards as part of the reasoning for its
> > creation is to support SAML 2 which requires explicit urls I believe
> > (though I need to re-read the specification).
>
> Regarding wildcard matching in service URLs, it was my impression that
> with some CAS clients, it is not possible to guarantee a fixed service
> URL.
>
> For example, with phpCAS, if the URL has any GET variables, they get
> included in the service URL. It can be worked around with
> phpCAS::setFixedServiceURL, but that seems clumsy.
>
> Another example, use AuthCAS or mod_cas to protect a download directory.
> When you request a protected file, doesn't it use the file URL as the
> service URL? (I haven't tested it, but was under that impression.)
>
>
> For the service registry, I implemented a JDBC backed
> ServiceRegistryReloader and have been very happy with it so far. It's
> basically a slight modification of the Spring context reloader: On
> startup, the CAS server loads the service registry from a database.
> Periodically, the CAS server runs a query to check if the registry has
> been updated.
>
> I like the JDBC reloader approach for three reasons:
>     1. It's very convenient with a CAS cluster
>     2. It doesn't depend on a database always being available
>     3. It's easy to make a web form for application providers to request
> access (insert a row in a table and you're done)
>
> I'd be interested in learning more about the service registry in the new
> revision of CAS. I saw that there were some files in CVS, but I haven't
> had time to study them further.
>
> Thanks,
> John
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20061121/69665322/attachment.html

More information about the cas-dev mailing list