[Building Sakai] CAS alongside LDAP: any foreseeable problems?

Steve Swinsburg steve.swinsburg at gmail.com
Wed May 4 15:49:54 PDT 2011 

Nice. Any chance a patch could be made and attached to a JIRA? This would be pretty useful, especially if the intermediate page could be configured via sakai.properties.

cheers,
Steve


On 05/05/2011, at 1:40 AM, Dan McCallum wrote:

> There's a few patches running around for the deep-linking issue Steve 
> mentions. They use xlogin for the "intermediate page." See:
> 
> svn diff -c 80295 https://source.sakaiproject.org/svn/msub/unc.edu/
> svn diff -c 80287 https://source.sakaiproject.org/svn/msub/unc.edu/
> 
> - Dan
> 
> On 05/03/2011 05:40 PM, Steve Swinsburg wrote:
>> Hi Mike,
>> 
>> No issues with duplicates, once CAS gives the authenticated eid, it maps
>> to the same uuid internally.
>> 
>> The only issue I've seen with CAS is that if a link to a resource is
>> provided and user follows that and is unauthenticated, they will be
>> taken to CAS auth. This can be a problem if you have external users who
>> cannot authenticate via CAS. A solution for this is an intermediate page
>> where the use can choose their authentication source.
>> 
>> cheers,
>> Steve
>> 
>> 
>> 
>> On 04/05/2011, at 9:45 AM, Michael Osterman wrote:
>> 
>>> We have been using LDAP auth for many years, and are now looking at
>>> enabling CAS so we can get people straight in from our portal
>>> (LifeRay). We want to retain the standard "xlogin" method as well, not
>>> just for accounts local to Sakai, but for also to continue support for
>>> LDAP auth like our users are used to with the login box in the upper
>>> right-hand corner.
>>> 
>>> We've got things set up on our test server as per Steve's excellent doc:
>>> 
>>> https://confluence.sakaiproject.org/display/~steve.swinsburg/CASifying+Sakai
>>> 
>>> I had to fiddle with site.vm to make it look like it used to (no
>>> portal link and a login box that posts to /portal/xlogin/), but it
>>> seems to work for users with eids whether they log in via CAS or LDAP
>>> via xlogin.
>>> 
>>> My question is this: does anyone know of any issues that might be
>>> created with user accounts if they are logging in sometimes through
>>> CAS and other times through LDAP? It doesn't appear to be creating 2
>>> entries, for example, but I wanted to double-check before we flip the
>>> switch.
>>> 
>>> -Mike
>>> 
>>> 
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> <mailto:sakai-dev at collab.sakaiproject.org>
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>> 
>>> TO UNSUBSCRIBE: send email to
>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>> 
>> 
>> 
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>> 
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> 
> 
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> 
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

More information about the sakai-dev mailing list