Skip to content

CAS and CASshib

Jump to bottom Edit New page
Pekka Ekman edited this page Apr 19, 2012 · 3 revisions

AaltoApps and ASI can use CAS for user authentication. It's also possible to use Shibboleth authentication with CASshib. CASshib is a CAS server that uses Shibboleth for authentication and presents a standard CAS interface to the client application.

Installing CASshib and configuring ASI to use it (work in progress)

Architecture

Modules:

  • application: an AaltoApps installation

  • callback: A callback server that receives the proxy granting ticket from CASshib. May be a part of the application or a separate service that passes the proxy granting ticket to the application by some means.

  • ASI: an ASI server

  • CoreUI: part of ASI; presents consent form to new users

  • shib module: Shibboleth authentication module in Apache. Apache is configured as a reverse proxy with Shibboleth authentication; it passes authorized requests to CASshib.

  • CASshib: A CASshib installation running in Tomcat server behind Apache reverse proxy.

  • IdP: Shibboleth identity provider

Numbers in the following diagrams indicate the order of messages passed during user authentication.

Authentication sequence

ArgoUML source of the diagrams: [[casshib.zargo|casshib.zargo]]

Add a custom footer
Add a custom sidebar
Clone this wiki locally