Johan, I am working on a team currently evaluating CAS as a SSO solution for multiple php web applications. I was wondering how much time your team has invested into getting to where you have a demo online? How much time spent learning about CAS, how much time and effort learning enough about Java and Fastbind.
Our architecture differs a little in that all web apps have their own user repositories but your info/experiences will surely shed some light. Thank you, John -----Original Message----- From: J R on behalf of Johan Reinalda Sent: Wed 2/25/2009 6:30 PM To: [email protected] Subject: [cas-user] newbie question: Google Apps, MS-AD and other attribute All, We are implementing a demo CAS environment, to see how it would work serving as an SSO platform for our web apps. We are traditionally a Asp/Asp.net windows environment, with additional experience in unix/linux with php and perl, but learning java (hopefully) as we go... So far, we have a basic setup working, talking to MS Active Directory as the account store, using the Fastbind example in the wiki (http://www.ja-sig.org/wiki/display/CASUM/Active+Directory). We have a drupal install authenticating to it as quick test app that talks CAS. Now, we are trying to get this working with GoogleApps, and we have created a test domain at GApps for that. Integration works, but is using the username of the object (sAMAccountName attribute in AD terms) What we will need is to use the email address, as stored in the "mail" attribute. Digging around the maillist archives, it looks like this is possible (http://www.nabble.com/Adding-data-to-SAML-response-(was-Passing-Google-apps-alternate-username)-to19446161.html#a19446161). Looking at CAS3.3.1 source, in cas-server-core/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java we see in line 163/164 samlResponse = samlResponse.replace("<USERNAME_STRING>", getPrincipal() .getId()); This seems to be the code that assigns the username to the SAML response, but we have no idea how to go from here :-( (ie how to get it to read the mail attribute and assign it here.) Any suggestions would be much appreciated. For completeness, this is runnin on CentOS5.2, Tomcat 6.0.18, CAS-Server 3.3.1 Thanks in advance! Johan Reinalda Thunderbird School of Global Management Glendale, AZ, USA -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
