CAS + Datatel WebAdvisor

Thu Oct 9 17:11:09 EDT 2008

Since WebAdvisor/Datatel can be configured to authenticate against an
LDAP server, it potentially would be possible to give WebAdvisor the
username, and a CAS ticket as password.  Then have a special LDAP server
set up that validates the ticket and returns successful login or failed
login appropriately.  I don't imagine that would be easy to set up, but
I think it would be a possibility.

I think OpenLDAP or the Apache Directory Server would be flexible enough
to do something unique like that.

Borchers, Kristopher C. wrote:
> Adam,
> 
>  
> 
> Thanks for the info!!  I will be looking into this as soon as possible
> and will let the list know if I get anything working.
> 
>  
> 
> Kristopher Borchers
> Web Application Developer - Content Analyst
> Saint Xavier University
> Ph. 773-298-3924
> kborchers at sxu.edu <mailto:kborchers at sxu.edu>
> www.sxu.edu <http://www.sxu.edu>
>  
> **/Saint/****/ Xavier University/****/ - Success with Purpose./***/
> /*// ///
> //Saint Xavier University, a Catholic institution inspired by the
> heritage of the Sisters of Mercy, educates men and women to search for
> truth, to think critically, to communicate effectively, and to serve
> wisely and compassionately in support of human dignity and the common
> good.///
> 
> ------------------------------------------------------------------------
> 
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> *On Behalf Of *Adam Rybicki
> *Sent:* Friday, September 19, 2008 11:30 AM
> *To:* Yale CAS mailing list
> *Subject:* Re: CAS + Datatel WebAdvisor
> 
>  
> 
> With the recent contribution of the CAS extension to reveal cleartext
> credentials
> <http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials>,
> it may be possible to construct a filter for WebAdvisor to retrieve
> username and password from CAS and present it to the WebAdvisor SSO
> servlet.  I can see how the existing JA-SIG CAS client could handle the
> CAS authentication and proxy ticket retrieval, but details could be
> worked out to reuse as much of the uPortal code contributed as possible.
> 
> Yes, it probably sounds complicated, but think how many Datatel schools
> could benefit from such a contribution.
> 
> Adam
> 
> Borchers, Kristopher C. wrote:
> 
> Dave,
> 
>  
> 
> Thanks for the reply.  That's about as far as I got.  The SSO servlet in
> 
> WebAdvisor is the only option they offer and it is not a good one.  You
> 
> have to pass it a user name and password in an XML doc, it sends a reply
> 
> that they were authenticated and a token that you then have to use in
> 
> the actual loading of a page in the browser with this token as a query
> 
> string parameter in order to generate a session in Colleague.  
> 
>  
> 
> The only way I could find that this might work is if WebAdvisor is your
> 
> "gateway" to all apps you want to have under CAS.  The user would have
> 
> to go to WA, be directed to CAS, during authentication, CAS would have
> 
> to be hacked (not at all what we want to do) to send the user and pass
> 
> to WA after being verified against your user store(AD or what ever),
> 
> then the user has a CAS session and is sent to that page to generate a
> 
> WA session.
> 
>  
> 
> That all seemed like way more trouble than it was worth so as of right
> 
> now, WA is not going to be included in our SSO roll out.  We have been
> 
> talking to Datatel and considering some modifications from them to WA in
> 
> order for it to work properly but that's when the $$$$$ start flying and
> 
> we aren't sure if we can spend the money right now.
> 
>  
> 
> Thanks for the comments though and if we do find a solution, I will be
> 
> sure to post it.  Hopefully there may still be someone out there that
> 
> has found the answer.
> 
>  
> 
> Kris
> 
>  
> 
> Kristopher Borchers
> 
> Web Application Developer - Content Analyst
> 
> Saint Xavier University
> 
> Ph. 773-298-3924
> 
> kborchers at sxu.edu <mailto:kborchers at sxu.edu>
> 
> www.sxu.edu <http://www.sxu.edu>
> 
>  
> 
> Saint Xavier University - Success with Purpose.
> 
>  
> 
> Saint Xavier University, a Catholic institution inspired by the heritage
> 
> of the Sisters of Mercy, educates men and women to search for truth, to
> 
> think critically, to communicate effectively, and to serve wisely and
> 
> compassionately in support of human dignity and the common good. 
> 
> -----Original Message-----
> 
> From: cas-bounces at tp.its.yale.edu <mailto:cas-bounces at tp.its.yale.edu> [mailto:cas-bounces at tp.its.yale.edu]
> 
> On Behalf Of Dave Brondsema
> 
> Sent: Thursday, September 11, 2008 1:29 PM
> 
> To: Yale CAS mailing list
> 
> Subject: Re: CAS + Datatel WebAdvisor
> 
>  
> 
> Borchers, Kristopher C. wrote:
> 
>   
> 
>> Has anyone out there integrated Datatel's WebAdvisor to use CAS for
>> authentication?  If so, would you be willing to share some details on
>> implementation.
>>     
>  
> 
> Hi Kris,
> 
>  
> 
> I don't think its possible.  I dug as deep as I could into WebAdvisor's
> 
> authentication systems and I don't think there's any way for it to
> 
> accept a CAS login because it creates login sessions with the Colleague
> 
> backend using special tokens that are used throughout someone's session.
> 
>  There's no way for CAS to provide one of those.
> 
>  
> 
> It does have some SSO servelts for "campuscruiser" and "SingleSignOn"
> 
> but I don't know the details of those and as far as I know they don't
> 
> work with CAS.
> 
>  
> 
>  
> 
>  
> 
>   
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas

-- 
Dave Brondsema
Software Developer
Cornerstone University

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 888 bytes
Desc: OpenPGP digital signature
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20081009/95bc20e2/attachment.bin 