An unCas thing to do?
Scott Battaglia
scott.battaglia at gmail.com
Tue Dec 16 21:39:28 EST 2008
Hi,
Some comments are inline below.
-Scott
On Tue, Dec 16, 2008 at 9:23 PM, Nicholas Faiz <nicholas.faiz at gmail.com>wrote:
> Hello,
>
> I'm just doing a quick spec. on SSO for a current project. I like the
> look of CAS as a solution, compared to Shibboleth it seems much simpler,
> and Openid won't work for us. But I find myself trying to bend CAS in
> one or two ways which make me uncertain if I'm approaching it with the
> right expectations. I realise there's often not a perfect fit, but
> because I'm new to the protocol I'm uncertain if I'm working against its
> expectations.
>
> Is this a very unCAS thing to consider?
>
> * Each application in the SSO network will be, in effect, a CASProvider?
> This lets each application manage the username/password for the their
> member, and they can operate independently of the SSO network if need
> be, but CAS can also know how to query it during authentication.
In general, CAS works best if you have a single username/password
combination (otherwise how do you know its the same person across all
applications).
>
>
> In our case, the applications are all Rails applications. I'm currently
> experimenting with rubycas-server which is probably not suitable for
> production (we estimate a large, international userbase). Does anyone
> have recommendations for a good opensource CAS server?
>
Yes, http://www.ja-sig.org/products/cas/ :-) As long as you're okay with
Java.
>
> Regards,
> Nicholas Faiz
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081216/7792368d/attachment.html
More information about the cas
mailing list