roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Rhodes <>
Subject Re: example config for using CAS for SSO with Roller
Date Tue, 23 Oct 2007 15:13:47 GMT
Matt Raible wrote:
> I'm trying these instructions and I've gotten as far as configuring
> security.xml and getting Roller started. In addition to these instructions,
> I had to add casclient.jar to my WEB-INF/lib directory.
> Do you know how I can add users to CAS or how to have it read users from

Automatically provisioning users to both CAS and Roller will take some
custom coding if you approach it the way I did.  For the system I'm
working on, I wrote a simple "User Registration App" that handles all
user registration and provisioning and writes the necessary records to
three databases: CAS, Roller and JavaBB; and wrote a new CAS
authentication module to use my "CAS User" database.  This keeps
CAS and it's associated database as the canonical authentication
db for the entire system.

Strictly speaking it's not *necessary* to have  three databases, as I
could have written a CAS authentication module with the "knowledge" to
use either the existing Roller db or JavaBB db, but I went that
direction because it is more consistent with my long-term aims.  But if
 you just "point" CAS at the roller db, then you avoid the issue of
needing to provision users to extra places.  But now you've made Roller
the canonical system for authentication for the entire SSO domain, which
may or may not be appropriate.

As for getting CAS to read from LDAP, I'm not sure as I haven't tried
that.  If there is an existing CAS authentication module for LDAP then
it should just be a case of configuring CAS appropriately.  But that
might be a question better asked on the CAS list.  If there isn't
an existing module for that, it would mean writing a new CAS
authentication module.  That's not hard to do, luckily.  I wrote
a simple one for the project I'm working on.  If anybody is interested
in seeing it as an example, I'll be happy to post the code.



  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message