From the University of Connecticut > ---begin brief-ish list--- > > 1.) What were the key factors in your decision to use CAS?
Ability to support custom authenticators, easy Java coding. > > 2.) How many services are using CAS? > A few dozen, constantly growing. > 3.) Are you aware of anyone planning to deploy CAS who has changed > course or has decided to replaced it? Only those who have an investment in Microsoft technologies, and have steered toward ADFS. > > 4.) What authentication db are you using? Tiered authentication against MIT Kerberos, OpenLDAP, and Active Directory > > 5.) How many active users does it contain? ~70,000 > > 6.) Were any modifications to CAS required for use in your environment? We wrote a custom JAAS handler to support our tiered authentication. > > 7.) What was your deployment experience like? > -Approx. time for deployment of central infrastructure? Quick and easy - install Linux, install Apache/Tomcat, deploy cas.war, and the prototype was done. Spent a week or so customizing the pages and writing the JAAS handler for full production deployment. > -Approx. time per service for deployment? Quick. Easy Java servlet filter. > -Approx. FTEs for deployment of central infra > structure? 1.5 > -Approx. FTEs per service? less than .5 > > 8.) What has been your experience with ongoing support and maintenance? > -Approx. FTEs for maintenance of central infrastructure? Set it and forget it -- almost no maintenance, other than standard Linux distro patches. > -Approx. FTEs for maintenance per service? Varied. > > 9.) What mechanisms do you use for authorization on your campus? ACLs at each application (we do authorization poorly). > > 10.) What are you doing to control access to static web content on your > campus? ACLs in the form of .htaccess. > > 11.) Were any technologies or systems particularly hard or easy to > integrate > with CAS? We wrote a custom PeopleSoft SSO - CAS component. That took a while. Also, mod_cas for Apache could use a little TLC. > > 12.) Have you been able to adapt CAS use for any vendor applications > and, if so, how many (and/or which)? Peoplesoft. > > 13.) In your environment, is CAS used for application-to-application > authentication and in particular for multi-tier applications/systems? Nope. > > 14.) Have you integrated CAS with Apache servers that serve content > other than JSP apps? Yes, with a modified mod_cas. > > 15.) POST data support: How have you dealt with web applications that > need to authenticate via CAS on http POST transactions? We try to avoid that. SSO with expirations, in general, doesn't mix well with POST'd data. > > 16.) What sort of average and peak load does your authentication service > experience? Avg, a few hits/per second. Peak, less than 100/sec. CAS/Tomcat/Apache/Linux doesn't even blink. (Make sure you have enough memory, though, for the JVM.) > > 17.) What has been your experience with the performance of CAS? Excellent. > > 18.) How many servers are you currently using to run CAS at your > institution? One > > 19.) What server hardware are you using? Virtual Linux image on a z890 mainframe. > > 20.) Does your central authentication system protect: > -Financial data? > -Student records? > -data protected by HIPPA? > -data protected by FERPA? Yes * 4. > > 21.) We’re also interested in your experience with the CAS community. > More specifically, has the CAS community met your expectations in the > following areas? > -support > -feature requests > -contributions > Very high ratings, parallel with the OpenLDAP and MIT Kerberos communities. HTH, -Matt > ---end list--- > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Matthew J. Smith <[EMAIL PROTECTED]> University of Connecticut UITS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
