jasig-cas IRC Logs-2011-08-30

Owned by Apereo Infrastructure
Last updated: Aug 30, 2011Version comment
4 min read

[14:32:07 CDT(-0500)] <apetro> welcome, peanutb
[14:32:41 CDT(-0500)] <peanutb> thanks much
[14:32:57 CDT(-0500)] <apetro> for those following along from the logs, I believe peanutb was just discussing CAS in #jasig-uportal and thus was invited over here as well.
[14:40:43 CDT(-0500)] <wgthom> hi
[14:46:37 CDT(-0500)] <peanutb> im still not completly sure how CAS and shibbolith can work in harmon. hmm
[14:47:11 CDT(-0500)] <serac> You've read https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration?
[14:48:06 CDT(-0500)] <peanutb> its very jargon-ie
[14:48:14 CDT(-0500)] <apetro> tis
[14:48:15 CDT(-0500)] <wgthom> there's a a bunch ways it can. what are you trying to achieve?
[14:48:24 CDT(-0500)] <serac> You're going to need to understand the jargon, unfortunately.
[14:48:24 CDT(-0500)] <wgthom> do you have a an existing CAS implementation? Shib?
[14:49:00 CDT(-0500)] <peanutb> neither. im just a person who is like "hey, this college I just graduated from gave me 5 different usernames and passwords and theyre all different"
[14:49:10 CDT(-0500)] <apetro> ah
[14:49:12 CDT(-0500)] <wgthom> lol
[14:49:14 CDT(-0500)] <apetro> so, you know what CAS does?
[14:49:26 CDT(-0500)] <peanutb> and there is money to throw at such a thing
[14:50:06 CDT(-0500)] <peanutb> from my understanding, CAS allows you to have a common login page for webapps/web-whatevers and seemlessly move from one to another without logging in multiple times
[14:50:17 CDT(-0500)] <apetro> (I believe the harmony bit was in reference to this post: http://www.unicon.net/blog/apetro/cas_and_shibboleth)
[14:50:29 CDT(-0500)] <wgthom> yes
[14:50:40 CDT(-0500)] <apetro> peanutb , yup, that's it. Web-based single sign-on for an institution. You know what Shibboleth does?
[14:50:57 CDT(-0500)] <peanutb> federated SSO
[14:51:03 CDT(-0500)] <peanutb> for between institutions
[14:51:19 CDT(-0500)] <wgthom> yes…but more practically with external service providers
[14:51:21 CDT(-0500)] <peanutb> probably pretty useful for things like consortiums as well
[14:51:35 CDT(-0500)] <wgthom> library resources, etc
[14:51:42 CDT(-0500)] <peanutb> so more practically with say jstor or something
[14:51:47 CDT(-0500)] <wgthom> yes
[14:51:53 CDT(-0500)] <apetro> That's where it shines, yes. Speaking SAML. Cross-institutional, formal, standards-based authentication, with attribute release policies, privacy preservation.
[14:51:59 CDT(-0500)] <apetro> Lots of good stuff.
[14:52:13 CDT(-0500)] <wgthom> so what is your question again? (smile)
[14:52:37 CDT(-0500)] <apetro> So, one classic way to use CAS and Shib in harmony is simply to make an institution's Shibboleth IdP delegate to, rely upon, the institution's CAS server to provide the login user experience.
[14:52:41 CDT(-0500)] <wgthom> folks with big CAS deployments that want to also leverage Shib, will typically CASify Shib
[14:52:51 CDT(-0500)] <wgthom> what apeto said (smile)
[14:52:57 CDT(-0500)] <apetro> CAS single sign on for local SSO, Shibboleth for federated authentication and for when that more formal rigor helps.
[14:53:21 CDT(-0500)] <apetro> CAS is a more agile place to make changes, to make the experience yours. Shibboleth is a more formal place to speak standards carefully between arms-length partners.
[14:54:01 CDT(-0500)] <peanutb> hmm allright
[14:54:03 CDT(-0500)] <peanutb> so basically
[14:54:15 CDT(-0500)] <wgthom> folks have also gone the other way…using CAS as a bridge from Shib to CASifyed applications
[14:54:52 CDT(-0500)] <apetro> This is probably the most common CAS-and-Shib integration pattern. But of course there are more complicated stories out there. Unicon did a project where we consumed Shibboleth authetication via the CAS abstractions (Shibbolized CAS) because participating applications were more prepared to themselves integrate with CAS than accept SAML.
[14:55:12 CDT(-0500)] <apetro> Right. What wgthom said. I think I've got some IRC lag going on...
[14:56:28 CDT(-0500)] <peanutb> so say my instutition were using Shib and CAS the flow of credentials if i were logging into say Jstor would be like
[14:56:46 CDT(-0500)] <peanutb> jstor->shibbolith->CAS->LDAP
[14:56:54 CDT(-0500)] <wgthom> flow of credentials?
[14:56:56 CDT(-0500)] <wgthom> no
[14:56:57 CDT(-0500)] <peanutb> well like
[14:57:02 CDT(-0500)] <wgthom> credentials only got to CAS
[14:57:12 CDT(-0500)] <peanutb> flow of credentials is the wrong phrase
[14:57:12 CDT(-0500)] <wgthom> CAS -> LDAP
[14:57:31 CDT(-0500)] <serac> CAS is the UI for Shib in the main integration scenario.
[14:57:37 CDT(-0500)] <peanutb> ah ok
[14:57:40 CDT(-0500)] <wgthom> sort of
[14:58:13 CDT(-0500)] <wgthom> CAS where the UX around credential challenge take place for sure
[14:58:58 CDT(-0500)] <wgthom> after that it is a combination of cas protocol, saml protocol…based on kerberos tickets in the background type of a dance
[14:59:16 CDT(-0500)] <wgthom> the user just logs into CAS and then goes to Jstor
[14:59:44 CDT(-0500)] <wgthom> what university did you graduate from?
[15:04:36 CDT(-0500)] <peanutb> Im complicated
[15:04:48 CDT(-0500)] <wgthom> we all are (smile)
[15:05:12 CDT(-0500)] <peanutb> I just graduated from HS in june and finished my associates earlier this month
[15:05:22 CDT(-0500)] <peanutb> so im a freshmen-junior magical thing
[15:07:19 CDT(-0500)] <wgthom> gotcha
[15:07:58 CDT(-0500)] <peanutb> so Im going to get the "why dont you have a major" block on registration next quarter...
[15:08:04 CDT(-0500)] <peanutb> it'll be fun
[15:11:48 CDT(-0500)] <wgthom> comp sci?
[15:20:56 CDT(-0500)] <peanutb> EE
[15:21:39 CDT(-0500)] <peanutb> I still have one prereq (grr chem) and im applying for spring admission
[15:23:51 CDT(-0500)] <peanutb> or course the line can get pretty blurry between ME/EE and EE/CS sometimes
[15:24:06 CDT(-0500)] <peanutb> from a very sitting back viewpoint
[15:24:42 CDT(-0500)] <wgthom> cool. i was EE undergrad
[15:25:34 CDT(-0500)] <wgthom> miss those days sometimes (smile)
[15:26:51 CDT(-0500)] <peanutb> i take it you are doing grad school.. cS?
[15:27:00 CDT(-0500)] <peanutb> ugh this keyboard needs to be shot
[15:29:17 CDT(-0500)] <wgthom> nah finished up biomed M.S. in 08 now I'm just a webmonkey
[15:30:35 CDT(-0500)] <peanutb> ah. no jobs in the biomed market?
[15:31:09 CDT(-0500)] <wgthom> it's complicated. (smile)
[15:31:58 CDT(-0500)] <peanutb> like all thing
[15:32:20 CDT(-0500)] <wgthom> but i love what i'm doing and in the end that's all that counts
[15:32:41 CDT(-0500)] <peanutb> thats a good thing. Anyway time to get food
[15:32:51 CDT(-0500)] <wgthom> good luck.