esup-casgeneric 2.0.7

[Scott Battaglia]

Pascal,

Your analysis of the CAS3 server seems correct!

CAS supports multiple AuthenticationHandlers through the usage of the 
default AuthenticationManagerImpl (with the option for people to provide 
their own AuthenticationManager).  CAS also supports redirect at logout 
via the service parameter (I don't recall if this is the same parameter 
you used).  We're also heavily utilizing Spring's Internationalization 
support (you actually supplied us with one of the properties files ;-)), 
though we are open for suggestions to make this even easier.    All of 
our HTML is currently stored in JSP pages, which hopefully should make 
customization easy.

What additional logging did the Generic Handler provide? (especially in 
terms of the French Identity Federation).

Out of the box, CAS provides many of the same handlers the Generic 
Handler project provided including database and LDAP plus X.509 support 
(but no NIS support).  Future support will include SPNEGO and RADIUS.  
We do not support a way however for the user to silently upgrade by 
using their existing configuration files (which is probably very important).

It seems like it would be a good idea for the CAS team and the Generic 
Handlers team to collaborate on additional Authentication Handlers and 
quick starts.

If you're interested in this sort of collaboration, please join the 
cas-dev list (if you're not already on it) as this conversation is 
probably better there.   I look forward to your response!

Thanks
-Scott

Scott Battaglia
Application Developer, Architecture & Engineering Team
Enterprise Systems and Services, Rutgers University
v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu 



Pascal Aubry wrote:
> Thank you Scott for your answer,
>
> I've been walking through the Spring-based CAS3 code, and I was 
> wondering whether it was worth porting the GH or not.  Probably you (and 
> others) can help me to decide.
>
> Let us recall that 2 other packages were distributed around the GH, i.e. 
> esup-cas-server and esup-cas-quick-start.
>
> The GH brought the following additional features to CAS2:
> 1. Multiple authentication (i.e. the possibility of having several 
> authentication handlers, tested one after the other until one succeeds)
> 2. An enhanced debug mode
> The esup-cas-server added:
> 3. A patch to Logout.java to redirect the user to a given page after he 
> has logged out.
> 4. A simple way to customize the HTML output
> 5. Easy Internationalization
> 6. High-level configuration of the authentication thanks to templates
> Moreover, the quick-start added:
> 7. The possibility of setting up a CAS server in a few minutes.
>
> Now, CAS3 provides most of the features that were missing in CAS2:
> 1. several authentication handlers can be used by a single 
> authenticationManager.
> 2. logs are really better, even if I did not see the way of logging the 
> client (this is needed by our French identity federation).
> 3. Probably LogoutContoller.java:77, must be confirmed
> 4. not so hard
> 5. Fine, congratulations.
>
> Eventually, the only add-ons of our development with CAS3 would be:
> A. The templates, which allow to setup the authentication by using only 
> properties. Well, it is obviously a good occasion for CAS deployers to 
> look at Spring syntax, and it would be very easy with examples.
> B. At the opposite, the quickstart allows to set up a CAS server without 
> having to look inside, and this is really important. 
> esup-cas-quick-start has always been the most downloaded of the three 
> packages we distribute, and I believe that it is one of the key points 
> that made CAS spread so widely and quickly in the French 
> Education/Research community (with the papers, conferences and support 
> on our mailing lists).
> C. The possibility for many CAS2 users to silently upgrade to CAS3, 
> keeping exactly the same configuration files.
>
> At first: is this analysis correct?
>
> Now, I (intentionally) forgot to mention that the GH was providing 
> authentication handlers (LDAP, NIS, database, ...). These handlers are 
> still not provided by CAS3 (did I miss them?), which forces CAS 
> deployers to write java code to achieve their local authentication. And 
> this is obviously a pity since most of them do not know java.
>
> So, maybe esup-casgeneric could simply be called esup-cashandlers, and 
> would then simply provide handlers (LDAP, NIS, database, ...), the same 
> as the one provided by esup-casgeneric, but adapted to CAS3. I already 
> wrote some lines to adapt esup-cas-server (esup-cas-handlers + 
> cas-server + authentication templates) and esup-cas-quick-start 
> (esup-cas-server + tomcat). What is your opinion about that?
>
> At least, there is no problem for keeping the ESUP-Portail handlers in 
> separate packages. I believe however that handlers should be provided 
> within the jasig distribution, and I am ready to contribute for it if 
> you need. Is there a chance to see handlers in coming versions?
>
> PA
>
> Scott Battaglia wrote:
>   
>> Pascal,
>>
>> Please let the CAS team know what help we can provide with your switch 
>> to the CAS 3 branch!
>>
>> Thanks
>> -Scott
>>
>> Scott Battaglia
>> Application Developer, Architecture & Engineering Team
>> Enterprise Systems and Services, Rutgers University
>> v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu 
>>
>>
>>
>> Pascal Aubry wrote:
>>   
>>     
>>> Hello,
>>> Version 2.0.7 of the CAS generic handler developed by project 
>>> ESUP-Portail is available at http://esup-casgeneric.sourceforge.net. 
>>> This new version provides support for Active Directory, added by Patrick 
>>> Schenellmann (SWITCH).
>>> Please notice that, unless new bugs are found, this is the last 2.x 
>>> release. Next version will be numbered 3.0, and will rely on CAS server 
>>> v3. No deadline is fixed for this development yet.
>>> Regards,
>>> PA
>>>
>>>   
>>>     
>>>       
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>   
>>     
>
>
>