>>> On 28/03/2008 at 17:16, in message
<[log in to unmask]>, "Lowry,
Francis" <[log in to unmask]> wrote:
> Hi Andy,
>
> We used JKMount instead of proxypass for enabling CAS in Apache - this
> step is detailed at the very bottom of this page
> http://shibsp.ntu.ac.uk/confluence/display/Shibboleth/Install+and+Config
> ure+CAS+Server+%28Windows%29
>
Ahh, thanks Francis, I'd missed that. So we're doing exactly the same thing (I'm using apache 2.2, hence the proxypass rather than jkmount), It worried me that I might be doing things differently, you folks at NTU know what you're doing, whereas I ..... (I'm getting there!)
A further question:
What is the CAS actually doing for us? I know what CAS will achieve in itself, but even Shibboleth 1.3 seems to have the functionality, I see that Kent had doubts too, in the KUSP final report Conclusions http://www.kent.ac.uk/is/projects/kusp/documents/kusp-final-report.pdf they say:
"7. Shibboleth SSO: Shibboleths SSO capabilities were sufficient to provide SSO without a separate package like CAS."
I just tried a bit of a test just to confirm what I thought I was seeing, if you use Shib to Authenticate to a resource and then go to another resource in another window of the browser, as soon as you select Dundee from that resources WAYF you're taken straight in, although another "Authentication assertion" appears in the Shib access logs. This works just the same whether you set Shib up to authenticate through the Tomcat realm or via CAS.
So what's the benefit of CAS protecting Shibboleth? Shib seems to have sufficient SSO functionality anyway. We need CAS anyway for other purposes (uportal deployment) so its not wasted effort, but I just wonder if there's a point in complicating Shibboleth with it (although actually the shib web.xml is much simpler going via CAS!)
all insights appreciated
Andy
--
*********
Andy Swiffin
Senior Network Specialist, Corporate Information systems
Information & Communications Services (ICS)
University of Dundee, Computing Centre, Park Place, Dundee, DD1 4HN
Direct: 01382 388000 (Service Desk)
Visit our website at: www.dundee.ac.uk/ics
*********
The University of Dundee is a registered Scottish charity, No: SC015096
|