[cas-user] Spring Security 3.1 Presentation
I haven't watched this yet but it allegedly covers CAS proxy support in Spring Security 3.1 (amongst other things): http://www.infoq.com/presentations/Spring-Security-3-1 Cheers, Scott -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] logout of CASified Zimbra web application does not work
Jon, Merely changing a logout link in the UI to point to the CAS server logout URL is, as you've discovered, insufficient where CAS's single logout callbacks aren't implemented. Rather, a Zimbra logout link should address a Zimbra server endpoint which terminates the application-local session. And then it should do something else, such as 1) redirect to https://yourCasServerFQDN/cas/logout to end the CAS session and have CAS display its SSO session ended message, or 2) Display a page explaining to the user that the Zimbra-local session has been terminated but that the single sign-on session continues, and inviting the user to click a link to also log out of CAS Either of these options could be implemented in a trivial JSP. Which of those options to pick depends mostly on what user expectations you've set, by the presentation of the logout link in the UI (was it "log out of Zimbra" or was it "log out of CAS"?) and by the way other logout links work in applications in your environment. Kind regards, Andrew On Jan 3, 2012, at 11:14 AM, Jon Detert wrote: > I have Zimbra 'ZCS' version 7.1.3 CASified with CAS Server v3.4.11 via these > directions: > > https://wiki.jasig.org/display/CAS/CASifying+Zimbra+6.0 > > Authentication and 'single sign-on' works great. > > However, zimbra users can not logout of zimbra the 'normal' way: > > 0) the zimbra web app has a 'Logout' link. The CASificiation procedure has > you redefine the URL for that link to https://yourCasServerFQDN/cas/logout > > 1) when a user clicks the zimbra 'Logout' link, they are taken to the correct > CAS logout URL > > 2) if the user then returns to zimbra, they are allowed in without > re-authentication. > > I.e. the zimbra webapp's logout link doesn't really work. To really log out, > the user must either: > a) close the web browser entirely (meaning all windows and/or tabs), or > b) clear the browser's history,cache,and credentials, or > c) delete the browser's ZM_AUTH_TOKEN and JSESSIONID cookies > > The CAS client I'm using with Zimbra is version 3.1.8. > > Any idea how I can make it possible for a zimbra user to logout by clicking a > link? > > Thanks, > > Jon > > -- > You are currently subscribed to cas-user@lists.jasig.org as: ape...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] service for localhost
Andy, Off hand, here's what I'd think about: 1) Why are you restricting CAS usage to registered services? If you want to let any service use CAS, would you be happier adding an http://** entry? If you don't want to let any service use CAS, then is it okay to let anyone run a service on their localhost and use CAS? 2) localhost isn't going to work for getting PGTs, since the CAS server won't be able to address the service to do the callback request. To the extent that this developer wants to mess with proxy tickets, merely registering "localhost" isn't going to meet his needs. 3) Would you rather meet this need by asking this developer to run a development CAS instance on his desktop? You're probably not willing to release interesting attributes from your institutional CAS server to "localhost", so a naive localhost deployment of the CAS quick start .war might be functionally equivalent. 4) Would you rather meet this need by running a non-production development instance of the CAS server with a more permissive configuration, so as to not introduce this service registration to your production CAS server? If it were me, if I weren't willing to register http://**, I wouldn't be willing to register http://localhost . And if I were willing to register http://**, then I wouldn't have to register http://localhost. :) Kind regards, Andrew On Jan 3, 2012, at 11:53 AM, Andrew Morgan wrote: > One of our developers has asked me to create a CAS service entry for > http://localhost. He does development work on his local machine. Are there > any issues I should be aware of before I create this service entry? > > Thanks, > Andy > > -- > You are currently subscribed to cas-user@lists.jasig.org as: ape...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] service for localhost
One of our developers has asked me to create a CAS service entry for http://localhost. He does development work on his local machine. Are there any issues I should be aware of before I create this service entry? Thanks, Andy -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] logout of CASified Zimbra web application does not work
I have Zimbra 'ZCS' version 7.1.3 CASified with CAS Server v3.4.11 via these directions: https://wiki.jasig.org/display/CAS/CASifying+Zimbra+6.0 Authentication and 'single sign-on' works great. However, zimbra users can not logout of zimbra the 'normal' way: 0) the zimbra web app has a 'Logout' link. The CASificiation procedure has you redefine the URL for that link to https://yourCasServerFQDN/cas/logout 1) when a user clicks the zimbra 'Logout' link, they are taken to the correct CAS logout URL 2) if the user then returns to zimbra, they are allowed in without re-authentication. I.e. the zimbra webapp's logout link doesn't really work. To really log out, the user must either: a) close the web browser entirely (meaning all windows and/or tabs), or b) clear the browser's history,cache,and credentials, or c) delete the browser's ZM_AUTH_TOKEN and JSESSIONID cookies The CAS client I'm using with Zimbra is version 3.1.8. Any idea how I can make it possible for a zimbra user to logout by clicking a link? Thanks, Jon -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS Domino SSO
Thanks Scott for the information. Andrew, Can you please let me know if you can make the code available for Domino Integration with CAS. Thanks Vipin On Fri, Dec 30, 2011 at 2:20 PM, Scott Battaglia wrote: > Vipin, that code is not currently part of CAS which is why you can't find > it ;-) > > Andrew, Is this code gong to be made available? > > > On Thu, Dec 29, 2011 at 10:23 PM, Vipin Jain wrote: > >> Thanks Andrew for the details. Its really helpful. >> >> I am trying with CAS 3.4.3 but was not able to find >> lotus-domino.properties file. >> >> Can you please let me know where i can find this file or should i make a >> new one. >> >> Thanks >> Vipin >> >> On Thu, Dec 29, 2011 at 9:16 PM, Andrew Petro wrote: >> >>> Hi Vipin, >>> >>> For whatever it's worth, Unicon implemented CAS SSO into Lotus Domino >>> iNotes for a client. >>> >>> Here's some documentation derived from that project: >>> >>> >>> https://github.com/apetro/casify-lotus-domino-inotes/wiki/CasifyDominoLotusiNotes >>> >>> Kind regards, >>> >>> Andrew >>> >>> >>> >>> On Dec 27, 2011, at 1:10 PM, Vipin Jain wrote: >>> >>> > Hi All, >>> > >>> > We are implementing SSO for our client using CAS and now have to >>> integrate with their Domino application. >>> > >>> > Do we have any CAS clients for it or has anybody implemented it. >>> > >>> > Please let me know about it. >>> > >>> > Thanks >>> > Vipin >>> > >>> > >>> > >>> > -- >>> > You are currently subscribed to cas-user@lists.jasig.org as: >>> ape...@unicon.net >>> > To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> > >>> >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: >>> vjsat...@gmail.com >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> scott.battag...@gmail.com >> >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-user@lists.jasig.org as: > vjsat...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
