Do you want to do it for specific applications or for all applications? If
you are looking for all applications you can do CAS Session clustering.
I have done this in my current organization.
On Mon, Aug 1, 2011 at 7:42 PM, John Field wrote:
> Hi all,
>
> I am currently running CAS 3.4.8, and I
Its certainly possible (I did it for a university that unfortunately ended
up not open sourcing the code). At the moment it requires some custom flow
actions and integration with the Java CAS Client (which luckily is already
included via Spring Security)
On Mon, Aug 1, 2011 at 10:12 AM, John Fie
For SSO to work, only the server has to be over HTTPs. The only other thing
that could prevent it is if you are rejecting cookies. Other than that I've
never seen the CAS server not do SSO.
On Mon, Aug 1, 2011 at 11:35 AM, Roland Kofler wrote:
>
> > Are you running CAS over HTTP? We disable SS
There are times I think where this and your previous suggestion (e.g.
your IDM should handle this) aren't quite possible.
Perhaps the source for the product isn't completely available; or
perhaps your IDM doesn't have any groups provisioned (at all, or that
meet your requirements).
Sometimes
> There is also a page that shows how values from a database can be
> provided as attributes that allow the use of isUserInRole():
> https://wiki.jasig.org/display/CASUM/HOWTO+utilize+javax.servlet.http.HttpServletRequest+isUserInRole%28+java.lang.String+role+%29
Good suggestion. It's worth menti
There is also a page that shows how values from a database can be
provided as attributes that allow the use of isUserInRole():
https://wiki.jasig.org/display/CASUM/HOWTO+utilize+javax.servlet.http.HttpServletRequest+isUserInRole%28+java.lang.String+role+%29
On Mon, Aug 1, 2011 at 11:24 AM, Marvi
> But both applications /share and /bonita are not https.
> Must they?
Not strictly, no, but we _strongly_ recommend that at least the
application entry points are accessible over SSL.
If you must overcome the default behavior of requiring SSL for
transmitting the CASTGC cookie (and thereby enabl
> I was thinking more along the lines of an additional filter to add to the
> web.xml of the app in question that allowed me to specify a list of users
> directly or potentially a resource on the classpath that contained the list.
These are options, yes, but not very scalable. Managing that user
> Are you running CAS over HTTP? We disable SSO over HTTP by default (we
> require HTTPS)
I am redirected to a HTTPS CAS login site.
But both applications /share and /bonita are not https.
Must they?
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To un
Perhaps I shouldn't have sent an apache configuration - we aren't
planning on putting apache httpd in front.
I was thinking more along the lines of an additional filter to add to
the web.xml of the app in question that allowed me to specify a list of
users directly or potentially a resource on
I would imagine you could chain mod_auth_cas with any of the existing Apache
authorization modules also?
(just guessing)
On Mon, Aug 1, 2011 at 11:24 AM, Marvin Addison wrote:
> > Does a similar capability exist with CAS, e.g. a way to map a list of
> > usernames as having authorization to acces
Are you running CAS over HTTP? We disable SSO over HTTP by default (we
require HTTPS)
On Mon, Aug 1, 2011 at 11:29 AM, Roland Kofler wrote:
> **
> Finally managed to integrate /bonita and /share and /alfresco with CAS
>
> But: I experience that I have to login to /bonita and /share separately
>
Finally managed to integrate /bonita and /share and /alfresco with CAS
But: I experience that I have to login to /bonita and /share separately
Not really SSO
Is this because of the SimpleTestUsernamePasswordAuthenticationHandler?
Would it go away if I have LDAP configured?
Or do I need extra con
> Does a similar capability exist with CAS, e.g. a way to map a list of
> usernames as having authorization to access a given service url?
Authorization does not exist in CAS per se, but you can deliver
attributes to CAS services using the attribute release feature,
https://wiki.jasig.org/display/
We have a number of applications now depending on a cas server for
authentication.
One of these applications is an administrative application and should be
restricted to a handful of users.
Our SSO experience is primarily with pubcookie. To implement this with
pubcookie one option would be to
acnu wrote:
> WHO: [username: srini]
> WHAT: [LDAP: error code 49 - Invalid Credentials]; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
> Credentials]
This simply says the combination of bind-DN and password used in the LDAP bind
request is not correct.
Hi
I am trying to integrate CAS with OpenLDAP using CAS overlay method.
The maven CAS application application works perfectly at home system. The
same project doesn't work with in office network environment.
Any thoughts? advise me please.
acnu
Audit Trail Message
--
2011-08
17 matches
Mail list logo
