CAS 1 and CAS 2

Andrew Ralph Feller, afelle1 afelle1 at lsu.edu
Tue Aug 12 13:03:57 EDT 2008 

Alex,

Though its name might fool you, the
Cas20ProxyReceivingTicketValidationFilter¹s purpose can be misleading.  This
filter will interacts with a CAS server using the CAS2 protocol, however it
doesn¹t necessarily mean it allows proxy authentication.  The filter is
intelligent enough to look at how you have configured it and determine
whether it should both with proxy authentication.  I believe it was thought
that a single filter for both purposes would cut down on the amount of work
for CAS administrators.

SUMMARY: Cas20ProxyReceivingTicketValidationFilter = CAS2 validation and
MAYBE proxy authentication depending on the configuration.

For more information, the JA-SIG wiki article on the JA-SIG CAS client will
go into more detail about configuring the filter for proxy authentication.

HTH,
A-


On 8/12/08 11:38 AM, "Scott Battaglia" <scott.battaglia at gmail.com> wrote:

> The CAS2 protocol introduces a few things, one of which is proxy configuration
> (and another is an XML response).  To see a detailed description of the
> protocol check out:
> 
> http://www.ja-sig.org/products/cas/overview/protocol/index.html
> 
> Proxying is useful in a portal environment but it is also becoming
> increasingly important in any situation where a service needs to access
> another service on behalf of a user.  This could include portlets, mail
> servers, or web services (RESTful or WS-*)
> 
> Switching to the CAS2 protocol if you're not using proxying merely means that
> you're retrieving the response as an XML response.
> 
> Again, see the Protocol document for more details.
> 
> -Scott
> 
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> 
> 
> On Tue, Aug 12, 2008 at 11:02 AM, Alex Johnson <sheep123 at hotmail.com> wrote:
>> 
>> Hi Andrew,
>> 
>> Thank you for your quick answer.
>> 
>> I am kind of confused with the proxy authentication
>> 
>> You mentioned CAS 2 is for proxy authentication. In my CAS 2 configuration, I
>> use Cas20ProxyReceivingTicketValidationFilter in my web.xml. You confirm that
>> I am in CAS 2 architecture. I want to know if I am using proxy authentication
>> when I use Cas20ProxyReceivingTicketValidationFilter in my web.xml.
>> 
>> Also, if I am not in a portal environment, how do you explain CAS 2 benefits
>> in a normal situation. For example, I have one or more than one Tomcat
>> servers and several applications in each server.
>> 
>> How this differentiate CAS 1?
>> 
>> 
>> Thanks, 
>> 
>> Alex
>> 
>> 
>> 
>> 
>> 
>> 
>> Date: Tue, 12 Aug 2008 07:11:26 -0500
>> Subject: Re: CAS 1 and CAS 2
>> From: afelle1 at lsu.edu
>> To: customerservice at louisfashionhouse.com; cas at tp.its.yale.edu
>> 
>> 
>> CAS 1: Basic authentication; user requests service directly and receives it
>> CAS 2: Proxy authentication; service requests another service on behalf of
>> user and receives it
>> 
>> An example where this is useful: your company / organization has a portal
>> that everyone logs in.  If you expect the portal to deliver your email for
>> you, then it is requesting your email on behalf of you.  If the email server
>> is CAS protected, then this would never work, so the portal must request your
>> email on your behalf.
>> 
>> I wouldn't say proxy authentication is for a portal environment; it is useful
>> whenever you want build some manner of web service.
>> 
>> On 8/11/08 5:10 PM, "Alex Johnson" <sheep123 at hotmail.com
>> <http://sheep123@hotmail.com> > wrote:
>> 
>> 
>>> 
>>>  
>>> Hi,
>>>  
>>> Bother to bother all the experts.
>>>  
>>> After I successfully configured  both CAS 1 and CAS 2, I am still kind of
>>> confused with the benefits by upgrading CAS 1 to CAS 2.
>>>  
>>> It seems to me that there is no difference between CAS 1 and CAS 2 in the
>>> front end. Using CAS 1 or using CAS 2 configuration can produce the same
>>> output. If so, why bother to upgrade to CAS 2??
>>>  
>>> It seems to me that by distinguishing CAS 1 and CAS 2, it's just the
>>> configuration difference and use most current version client, right??
>>>  
>>> It seems to me that CAS 1 is designed for SSO and CAS 2 is designed for a
>>> portal environment, right?
>>>  
>>> If you can tell me more about what the advantages/benefits/differences are
>>> by upgrading CAS 1 to CAS 2, I will be very appreciated it
>>>  
>>> Thanks,
>>>  
>>>  
>>> Alex
>>> 
>>>  
>>> 
>>> 
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu <http://cas@tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas

-- 
Andrew R. Feller, Analyst
Information Technology Services
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080812/74c93f15/attachment.html

More information about the cas mailing list