[Building Sakai] CAS alongside LDAP: any foreseeable problems?
Dan McCallum
dmccallum at unicon.net
Wed May 4 08:40:51 PDT 2011
There's a few patches running around for the deep-linking issue Steve
mentions. They use xlogin for the "intermediate page." See:
svn diff -c 80295 https://source.sakaiproject.org/svn/msub/unc.edu/
svn diff -c 80287 https://source.sakaiproject.org/svn/msub/unc.edu/
- Dan
On 05/03/2011 05:40 PM, Steve Swinsburg wrote:
> Hi Mike,
>
> No issues with duplicates, once CAS gives the authenticated eid, it maps
> to the same uuid internally.
>
> The only issue I've seen with CAS is that if a link to a resource is
> provided and user follows that and is unauthenticated, they will be
> taken to CAS auth. This can be a problem if you have external users who
> cannot authenticate via CAS. A solution for this is an intermediate page
> where the use can choose their authentication source.
>
> cheers,
> Steve
>
>
>
> On 04/05/2011, at 9:45 AM, Michael Osterman wrote:
>
>> We have been using LDAP auth for many years, and are now looking at
>> enabling CAS so we can get people straight in from our portal
>> (LifeRay). We want to retain the standard "xlogin" method as well, not
>> just for accounts local to Sakai, but for also to continue support for
>> LDAP auth like our users are used to with the login box in the upper
>> right-hand corner.
>>
>> We've got things set up on our test server as per Steve's excellent doc:
>>
>> https://confluence.sakaiproject.org/display/~steve.swinsburg/CASifying+Sakai
>>
>> I had to fiddle with site.vm to make it look like it used to (no
>> portal link and a login box that posts to /portal/xlogin/), but it
>> seems to work for users with eids whether they log in via CAS or LDAP
>> via xlogin.
>>
>> My question is this: does anyone know of any issues that might be
>> created with user accounts if they are logging in sometimes through
>> CAS and other times through LDAP? It doesn't appear to be creating 2
>> entries, for example, but I wanted to double-check before we flip the
>> switch.
>>
>> -Mike
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> <mailto:sakai-dev at collab.sakaiproject.org>
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
More information about the sakai-dev
mailing list