Kaustubh | 9 Feb 14:07 2011
Picon

CAS integration with SharePoint 2010

Hi,

We have a requirement where we need to integrate Central Authentication Service (CAS) with SharePoint
2010. We did find a pointer to integrate it with MOSS 2007 (http://eduyalesomauth.codeplex.com/),
however SharePoint 2010 claims based authentication is built on Windows Identity Foundation (WIF),
hence this solution is not useful.

Helpful links found through google discuss of an inherent issue faced by people when integrating CAS with
SharePoint 2010; SharePoint expects the user’s password when redirecting after successful
authentication at the following line: 

SPClaimsUtility.AuthenticateFormsUser(Request.Url, username, password); 

(Details of this issue can be found here-
http://stackoverflow.com/questions/3428152/issues-using-external-authentication-with-sharepoint-2010 )

We have few questions:
1.	Any link / document which describes the exact steps to follow to integrate CAS with SharePoint 2010
2.	Any way out to overcome the above problem (need to pass a password)
3.	Has Jasig / Yale come up with a solution on this?
4.	Is there some way Jasig / Yale web service can pass the credentials along with the Boolean value (Yes / No-
if user is authenticated), so we pass the user’s password in the above redirect method?

Thanks in advance!
--

-- 
You are currently subscribed to cas-dev@... as: gcjjcd-cas-dev@...
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev

ryan | 12 Nov 12:24 2011
Picon

Re:CAS integration with SharePoint 2010

Kaustubh <kaustubh_anwekar <at> ...> writes:

> 
> Hi,
> 
> We have a requirement where we need to integrate Central Authentication 
Service (CAS) with SharePoint
> 2010. We did find a pointer to integrate it with MOSS 2007 
(http://eduyalesomauth.codeplex.com/),
> however SharePoint 2010 claims based authentication is built on Windows 
Identity Foundation (WIF),
> hence this solution is not useful.
> 
> Helpful links found through google discuss of an inherent issue faced by 
people when integrating CAS with
> SharePoint 2010; SharePoint expects the user’s password when redirecting after 
successful
> authentication at the following line: 
> 
> SPClaimsUtility.AuthenticateFormsUser(Request.Url, username, password); 
> 
> (Details of this issue can be found here-
> http://stackoverflow.com/questions/3428152/issues-using-external-
authentication-with-sharepoint-2010 )
> 
> We have few questions:
> 1.	Any link / document which describes the exact steps to follow to 
integrate CAS with SharePoint 2010
> 2.	Any way out to overcome the above problem (need to pass a password)
> 3.	Has Jasig / Yale come up with a solution on this?
(Continue reading)

Markus Wehr | 15 Nov 14:04 2011
Picon

Re: CAS integration with SharePoint 2010

Hello Ryan,

for a simple scenario you could combine something like

https://wiki.jasig.org/display/CASC/ASP.NET+Forms+Authentication

with a custom sts

http://msdn.microsoft.com/en-us/library/ff955607.aspx

This delivers good user experience for only one SP  Web App.

You should clear the aspxauth session cookie immediatly after returning 
the ws-federation response so that your custom sts redirects to CAS 
every time.

This solution lacks integrated single sign out:

https://wiki.jasig.org/display/CASUM/Single+Sign+Out

WS-Federation Single Sign Out works on a cookies basis :

http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-how-to-invoke-a-ws-federation-sign-out.aspx

you could provide the link to your Cas Servers logout page anyway (e.g. 
redirect the sharepoint logout/signon as different user butons)

Keep in Mind also that for Office Integration the SP session cookie 
needs to be persisted (UseSessionCookies = $false)

(Continue reading)


Gmane