integrating several secured webapps into one portal using cas

Thu Jun 21 15:04:22 EDT 2007

If they have to be managed by the container, you would most likely need to
developer a connector for that container that would allow you to use CAS
authentication.

There has been talk about such a Tomcat Valve but I unfortunately do not
know where the code is.

-Scott

On 6/21/07, Ralf Lorenz <rol at mms-dresden.de> wrote:
>
> Hi there,
> I'm trying to set up a portal to integrate 4 different separate webapps
> running on tomcat and bea weblogic server.
> One requirement for the new portal is a sso functionality and as this is
> described to be very easy with cas I did not bother to much about that in
> the first
> place and now I think I'm in trouble.
> All of the webapps have secured areas that is they use
> security-constraints and thus the
> containers functionality. that's not changeable because the webapps are
> supposed to be integrate into the new portal but also stay self-contained.
>
> And here comes the trouble since the cas client integration works with a
> servlet filter which is by servlet spec under security control:
>
> Servlet Specification Version 2.4:
>     SRV.12.2 Declarative Security
>        The security model applies to the static content part of the web
>        application and to servlets and filters within the application that
>        are requested by the client.
>
> That is to me any request targeting a secured resource will be stopped by
> the container to force authentication and afterwards the request is send
> to filters and servlets related to the requested resource.
>
> Putting all that together I'm in some kind of a dilemma since setting up a
> sso area of several application that do not have secured areas sounds
> meaningless
> to me but setting up the client integration behind the secured area of
> each
> application sounds weared as well since the server will ask for
> authentication
> in the first place.
>
> I found this:
>
> http://tp.its.yale.edu/pipermail/cas/2004-May/000478.html
>
> and can not believe the words:
>
>       There is no problem since the filter acts before Weblogic asks for
>       authentication, but after having a session and completed our
> principal,
>       Weblogic sends us always to the login.jsp.
>
> because this is not conform to my interpretation of the Servlet spec.
>
> Can anyone help me out of this dead-end street thinking? At some place I
> must be wrong but I do'nt know where and how to get on.
>
> regards, Ralf
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>

-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070621/2dd71115/attachment.html 