On Tue, 16 Apr 2013, Constance Morris wrote:
Hi Ben,
Thank you for responding and for the information. D2L hasn't requested
anything from us yet, but I will write this down for when they do. Right
now, I was referring to my office's internal network administrator and
what he said he needed from me in order to open ports, etc. for CAS
authentication with the resources (D2L, AdvisorTrac, Active Directory).
I am new at all of this and don't understand how I missed the mark on
what I've already given him, but he said I listed ports and protocols -
just not which systems need access to what on other systems.
For example, all I know on the D2L documentation is that they need
certain ports (like 389) open to access the LDAP. They do not say
anything about a certain system on the LDAP they need access to..... He
gave me an example of CAD needing access to RODC (Read only domain
controller).
Is this something you could help break down for me?
Some of the answers depend how you deploy CAS. From the context you have
given, here is what I would guess:
1. CAS server will need to access your RODC via LDAPS (port 636) to
validate authentication credentials and possibly retrieve attributes for
the user.
2. CAS server may need to access a database server to track allowed
services, attributes to release, maintain sessions, etc. This depends on
your CAS deployment choices.
3. D2L will need to connect to your CAS server via HTTPS (usually port
443) to validate the Service Ticket given to them by the user's browser.
4. Your users will need to connect to the CAS server via HTTPS to interact
with CAS.
Andy
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user