Hi Palani,
Yes, Its possible using CAS.
Let me know if need more info.

Thanks
Sudhansu

Can someone provide us with the CAS documentation. Whats in Prodocs is inaccurate or incomplete. We are looking to integrate CAS into our two-factor authentication RADIUS system.

Thanks in advance!

Hi Tim,

Can you please let us know which version of CPBM are you trying to integrate? (1.3.x or 1.4.0)
And for which part of CAS installation you need more information?
We will surely help you with the required information.

Thanks,
Manish

Hi Manish,

Thanks for your prompt reply. I am looking for any and all docs about CAS as it pertains to CPBM 1.4 and CS 3.0.3. Also any API references and SDK docs would be awesome.

I just have to get CS and CPBM integrated into a Two-Factor Authentication system w/ Hard Tokens which is derived from Radius. So there is a DOMAIN AUTH then an RADIUS AUTH (two-factor of course).

Its required that all of our internet facing system have two-factor integrated into them. We give all our clients free two-factor as a security measure to ensure their weak passwords are safe with another layer of Auth.

Thanks in advance!

Hi Tim,

Sorry for delayed response.
As of CPBM 1.4 we do not have any API and SDK .

Regarding integration of CPBM and CS we have an internal mechanism to SSO operational admins only and end users do not have access to CS at all , so I dont think you need SSO from CPBM to CS.

Although CAS supports RADIUS , but we do not provide authentication using RADIUS. If you want you can customize CAS to use RADIUS. And to implement this you may have to checkout the documentation available at jasig website.

Thanks,
Manish

Hi Manish,

I understand this is a bad week for everyone. It is disheartening to heard we cant easily add two-factor auth or SSO through all our other suites. We are offering free two-factor for every customer and it it policy none of our systems can have an internet interface without this level of security at the AUTH layer.

Where is the SDK docs for the 1.3 CAS? I can at least get my team smart on it and then we can move forward on figuring out how we can enable access to CPBM through standard web interfaces.

Thanks in advance and have a great day!

Hi Tim,

I just wanted to understand your use case. I am not very familiar with RADIUS authentication, so pardon me if I'm a little slow in picking this up.

We do support SSO using CAS (Central Authentication Service, which is itself an open source system available at http://www.jasig.org/cas/). And CAS does support RADIUS. CAS is documented on their site and is used as is in CPBM. You should be able to configure CAS to use RADIUS using their documentation.

One challenge however (and this is where my ignorance of how RADIUS would work, trips me) is that CPBM currently cannot auto provision an existing user. We require that a user registers through our portal. When a user does register through the portal, we support provisioning that user only into our own database and/or into LDAP (Not sure if this would be sufficient for CAS/RADIUS).

Also, not sure if you require CAS/RADIUS authentication for the CP/CS integration or for integrating to a third party system. End user functionality ie your customer's experience is always through CloudPortal and so that's not a problem, but administrators have direct access to CS console and that uses a custom SSO mechanism (CS does not support CAS).

Vijay