* Heather Peake <[log in to unmask]> [2010-04-20 18:19]:
> We were toying with the idea of using CAS to implement single sign
> on for our Moodles. I know Moodle can use Shib for single sign on
> but I don't know if you need an SP or just and IDP, hence the
> thought of using CAS as I really would not want to tackle an SP.
No matter what system you use, you'll need /something/ to protect
either the Moodle software or the webserver it's running on. Be this
some CAS client software for Moodle or a Shib SP + Shib module for
Moodle (comes included with Moodle, IIRC).
Setting up the Shib SP really is very easy if you're on a supported
platform (MS-Windows or RedHat/Centos Linux, mostly), at least
compared to setting up and configuring an IdP (but then what isn't
compared to that? :)
Typically this only takes a few minutes for simple cases (yum install,
change entityId in config file, grab metadata from the web and import
it into the IdP) -- plus the Moodle plugin configuration, which is
rather easy (web-based GUI) and would need to be done with CAS just
the same.
Also your choice is SAML (standards-based WebSSO) vs. CAS, since you
could swap out the Shibboloeth IdP or SP for other implementations
(e.g. there is a simpleSAMLphp module for Moodle, if you don't want to
ir cannot use the Shib SP for some odd reason).
cheers,
-peter
|