Constance, I have Desire2Learn running on CAS 3.4.10 with an Active Directory backing store. Just a note, my D2L instance is hosted. All that I recall having to provide D2L to get my CAS configured was providing them with the Login URL for the CAS (https://you-cas-server.school.edu:8443/cas/), The proper serviceValidate url (https://you-cas-server.school.edu:8443/cas/serviceValidate), and the logout URL. In return, they gave us the URL that we needed to put into our Service Manager. In my case it was something similar to the following (note, we use vanity URLs as well): http://learn.school.edu/d2l/orgtools/CAS/Default.aspx. I hope this helps.
Ben Branch UNIX/Linux Administrator University of Central Oklahoma ITIL Foundation v3, Network+, RHCSA 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbranch@uco.<mailto:bbranch@uco.>edu | www.uco.edu<http://www.uco.edu/> "I am wiser than this man, for neither of us appears to know anything great and good; but he fancies he knows something, although he knows nothing; whereas I, as I do not know anything, so I do not fancy I do. In this trifling particular, then, I appear to be wiser than he, because I do not fancy I know what I do not know." - Socrates From: Constance Morris [mailto:cmor...@daltonstate.edu] Sent: Tuesday, April 16, 2013 7:33 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] CAS setup question Misagh, Thank you for your response. I've given our network administrator the port #'s and protocols for CAS and the different resources it needs to connect to (Desire2Learn, Active Directory, Luminis LDAP, AdvisorTrac, etc.), but he is requesting to know "which systems need access to which other systems via which protocols"? I thought I had given him the systems when listing them as: CAS, Desire2Learn, AdvisorTrac, Active Directory, Luminis LDAP, etc. but he mentioned an RODC (Read Only Domain Controller) and said he needed to know those kinds of systems. I couldn't find anything like that on the Desire2Learn technical packet of information or the others. They just mentioned needing to connect to the LDAP. Could you by chance give me some pointers on this? Thank you, Constance From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Tuesday, April 16, 2013 8:05 AM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: RE: [cas-user] CAS setup question CAS has the ability to connect to an account store, or multiple account stores for that matter in the way its authentication managers and handlers dictate to find and authenticate users. If you have more than one, such that accounts for instance are spread across an active directory server, another ldap server, a database, etc you potentially have to specify all of them in the CAS configuration, or find a way to merge and harmonize these stores into one cohesive unit. Additionally, if you have applications that are perhaps hosted on the cloud or somehow maintain their own account stores (such as Blackboard) in the way that ids are different from what you know and what the app knows, there will need to be a mapping defined between your account store and the app and a lookup step to find and locate the corresponding userid for the app. There's no "requirement" for ldaps, although it is certainly recommended. From: Constance Morris [mailto:cmor...@daltonstate.edu] Sent: Monday, April 15, 2013 1:33 PM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: RE:[cas-user] CAS setup question Also, when setting up network connections why would there be a need for LDAP-over-SSL connection? From: Constance Morris [mailto:cmor...@daltonstate.edu] Sent: Monday, April 15, 2013 4:19 PM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: [cas-user] CAS setup question We are running Luminis 4 portal and currently have active directory (AD) setup for authentication. I'm in the process of creating a CAS server and do not completely understand the connection with everything. Does the CAS server still have to connect to the LDAP in addition to then connecting to active directory for users to SSO, or can it connect just to active directory and the other resources (D2L, AdvisorTrac, etc.)? Thank you! Constance -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: cmor...@daltonstate.edu<mailto:cmor...@daltonstate.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net<mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: cmor...@daltonstate.edu<mailto:cmor...@daltonstate.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: bbra...@uco.edu<mailto:bbra...@uco.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
