[Building Sakai] CAS alongside LDAP: any foreseeable problems?
Steve Swinsburg
steve.swinsburg at gmail.com
Wed May 4 15:49:54 PDT 2011
Nice. Any chance a patch could be made and attached to a JIRA? This would be pretty useful, especially if the intermediate page could be configured via sakai.properties.
cheers,
Steve
On 05/05/2011, at 1:40 AM, Dan McCallum wrote:
> There's a few patches running around for the deep-linking issue Steve
> mentions. They use xlogin for the "intermediate page." See:
>
> svn diff -c 80295 https://source.sakaiproject.org/svn/msub/unc.edu/
> svn diff -c 80287 https://source.sakaiproject.org/svn/msub/unc.edu/
>
> - Dan
>
> On 05/03/2011 05:40 PM, Steve Swinsburg wrote:
>> Hi Mike,
>>
>> No issues with duplicates, once CAS gives the authenticated eid, it maps
>> to the same uuid internally.
>>
>> The only issue I've seen with CAS is that if a link to a resource is
>> provided and user follows that and is unauthenticated, they will be
>> taken to CAS auth. This can be a problem if you have external users who
>> cannot authenticate via CAS. A solution for this is an intermediate page
>> where the use can choose their authentication source.
>>
>> cheers,
>> Steve
>>
>>
>>
>> On 04/05/2011, at 9:45 AM, Michael Osterman wrote:
>>
>>> We have been using LDAP auth for many years, and are now looking at
>>> enabling CAS so we can get people straight in from our portal
>>> (LifeRay). We want to retain the standard "xlogin" method as well, not
>>> just for accounts local to Sakai, but for also to continue support for
>>> LDAP auth like our users are used to with the login box in the upper
>>> right-hand corner.
>>>
>>> We've got things set up on our test server as per Steve's excellent doc:
>>>
>>> https://confluence.sakaiproject.org/display/~steve.swinsburg/CASifying+Sakai
>>>
>>> I had to fiddle with site.vm to make it look like it used to (no
>>> portal link and a login box that posts to /portal/xlogin/), but it
>>> seems to work for users with eids whether they log in via CAS or LDAP
>>> via xlogin.
>>>
>>> My question is this: does anyone know of any issues that might be
>>> created with user accounts if they are logging in sometimes through
>>> CAS and other times through LDAP? It doesn't appear to be creating 2
>>> entries, for example, but I wanted to double-check before we flip the
>>> switch.
>>>
>>> -Mike
>>>
>>>
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> <mailto:sakai-dev at collab.sakaiproject.org>
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>>
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
More information about the sakai-dev
mailing list