Forum Discussion
NimbostratusSSO using Jasig CAS and Adobe Connect
First, I apologize if this is in the wrong forum.
Our organization currently uses Jasig's CAS to manage a SSO experience for many of our custom website/apps. We have a need to extend this authentication mechanism for Adobe Connect 9 as well. We have already setup our Connect cluster according to the F5 design guide and it works exactly as expected. Now, we need to implement SSO.
Here is a link to another forum that talks about how to do vanilla CAS to Connect SSO, but it calls for installing an additional Apache instance on the the Connect Servers:
http://comments.gmane.org/gmane.comp.java.jasig.cas.user/18900
I find this incredbily redundant and would like to try to implement this using iRules instead. Does anyone have experience with setting up the F5 as a reverse proxy for CAS-to-anything SSO? Are there any good articles that are similar in nature we can get links to?
I know this has APM written all over it, and we do have the license. Unfortunately, the app we are trying to integrate with Connect uses CAS for authentication and that will not be changed anytime soon.
Any help is appreciated. Thanks!!!
1 Reply
- Kevin_Stewart
Employee
Just spit balling here, but it looks like you just need to configure HTTP header authentication. Connect will accept a header given the defined name:
HTTP_AUTH_HEADER=X-REMOTE_USER
where "X-REMOTE_USER" is the name of the header. The documentation doesn't really say what that value looks like, but I'm assuming it's an LDAP CN or UID, or AD UPN or SAM. In any case, generating that header is pretty straight forward:HTTP::header replace X-REMOTE_USER ""
How you authenticate the user in the first place is another story, and given that you have APM, your options are almost unlimited.
