[casgeneric-users] Re: esup-casgeneric 2.0.7

[Velpi]

> I've been walking through the Spring-based CAS3 code, and I was 
> wondering whether it was worth porting the GH or not.  Probably you (and 
> others) can help me to decide.
Note that porting the code shouldn't take you to much since you can consider 
just grabbing a fully functional package here: 
http://shib.kuleuven.be/download/esup-casgeneric-3.0.0-kul.zip
(see package README for a list of changes; maybe I shouldn't have used the same 
name, but it is actually the same code so... once there's support for such a 
thing then we'll stop developing our own immediately)
We're using that one in production for a few days now (LDAP fastbind), we've 
seen no problems yet.

> 7. The possibility of setting up a CAS server in a few minutes.
Maybe it's a good idea to review the CAS3 build script to make deployment a 
little easier to configure. That's why the packages around GH are still that 
popular.

> B. At the opposite, the quickstart allows to set up a CAS server without 
> having to look inside, and this is really important. 
> esup-cas-quick-start has always been the most downloaded of the three 
> packages we distribute, and I believe that it is one of the key points 
> that made CAS spread so widely and quickly in the French 
> Education/Research community (with the papers, conferences and support 
> on our mailing lists).
Definitely very important for wide adoption. Although there's a precompiled war 
now for demo purposes.

> C. The possibility for many CAS2 users to silently upgrade to CAS3, 
> keeping exactly the same configuration files.
This is a very big advantage. On the other hand it would be good for upgraders 
to investigate CAS3 thoroughly before deploying.

> Now, I (intentionally) forgot to mention that the GH was providing 
> authentication handlers (LDAP, NIS, database, ...). These handlers are 
> still not provided by CAS3 (did I miss them?), which forces CAS 
> deployers to write java code to achieve their local authentication. And 
> this is obviously a pity since most of them do not know java.
The GH made CAS popular because it makes it very easy to deploy CAS with such a 
wide range of authentication handlers. CAS3 does support the most important ones 
from v3.0.5 (trust handler, LDAP, x509, ...), but there is no way yet to install 
it that easy as with the GH. Maybe it's a good idea to focus on the easy 
installation of (bundled) authentication handlers?

> At least, there is no problem for keeping the ESUP-Portail handlers in 
> separate packages. I believe however that handlers should be provided 
> within the jasig distribution, and I am ready to contribute for it if 
> you need. Is there a chance to see handlers in coming versions?
I think this would be a good idea to make the range of ready-made authentication 
handlers for CAS3 more complete.


--Velpi