Question regarding setting up proxy CAS with uPortal

Wed Sep 20 00:12:50 EDT 2006

If you have two applications (no matter where they are located) and they
both pointing to the same CAS, they can both participate in the same single
sign on session without any additional configuration.  You seem to have
gotten this to work.

Proxying is generally used when one application wants to access another
application ON BEHALF of the user.  A typical use case for this is a portal
(such as uPortal) attempting to access a transcript application in order to
render a students grades within the portal without forcing the user to log
into the application.

-Scott

On 9/19/06, Atsuya Takagi <atsuya.takagi.csun at gmail.com> wrote:
>
> Hello everyone,
>
> I am trying to setup proxy CAS, and have question about it.
>
> I would like to achieve SSO for multiple web applications.
> I have casified uPortal setup and it is working nicely.
> I have another casified servlet setup and it is also working great.
> The uPortal and the servlet is pointing to the same CAS,
> and seems like a user does not have to re-login to the servlet once
> the user has been logged into uPortal, and vice versa.
> (To be specific, I have web.xml for them like following:
>
> for uPortal:
> <filter>
>     <filter-name>CAS Validate Filter</filter-name>
>     <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter</filter-class>
>
>     <init-param>
>         <param-name>edu.yale.its.tp.cas.client.filter.validateUrl
> </param-name>
>         <param-value>https://cas.example.com:8443/cas/serviceValidate
> </param-value>
>     </init-param>
>     <init-param>
>         <param-name>edu.yale.its.tp.cas.client.filter.serverName
> </param-name>
>         <param-value> cas.example.com:8443</param-value>
>     </init-param>
> </filter>
>
> for servlet:
> <filter>
>     <filter-name>CAS Validate Filter</filter-name>
>     <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter
> </filter-class>
>     <init-param>
>         <param-name>edu.yale.its.tp.cas.client.filter.validateUrl
> </param-name>
>         <param-value>https://cas.example.com:8443/cas/serviceValidate
> </param-value>
>     </init-param>
>     <init-param>
>         <param-name>edu.yale.its.tp.cas.client.filter.serverName
> </param-name>
>         <param-value>servlet.example.com:8443</param-value>
>     </init-param>
> </filter>
> )
>
> They are on the same top level domain, but on the different host,
> which are for example, uportal.example.com and servlet.example.com.
>
> Is this how we should use CAS to achieve SSO for multiple applications?
> i have read many of articles about proxy CAS, and I thought that's the
> proper
> way to implement SSO for multiple applications.
> However, I could not find any documentations on how to setup proxy CAS.
>
> http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough
> By reading this helpful article, I think I understand basic architecture
> of proxy CAS.
> Do I need to write servlet for proxy receiver ,or is it just a matter of
> setting up filters
> like when you are setting up casified servlet?
>
> Basically, what I would like to achieve is SSO for multiple applications,
> which are
> possibly hosted on different hosts and domains.
>
>
> Atsuya Takagi
> Web Developer
> ITR Web Development
> California State University, Northridge
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060920/64a7e618/attachment.html