Can Apigee Edge acts as a CAS client for a legacy backend service protected by CAS server? if yes then how that can be achieved?

mohdilyas
Participant IV
 
0 5 140
5 REPLIES 5

mohdilyas
Participant IV

Please help with this @Dino @Mike Dunker @Anil Sagar @ Google

@Mohammad Ilyas Shah

How about using Node.JS & https://www.npmjs.com/package/cas-authentication in Apigee Edge ?

thanks @Anil Sagar @ Google for quick response. By Node JS you mean a hosted target on Apigee Edge with npm cas-authentication module? have you checked this cas-authentication module, is it suitable enough to implement CAS?

Please provide details to your question.

I don't know what a CAS server is.

explain a little more.

Imagine that I have no idea what your current environment looks like. Give more details than you think you might need to give.

@Dino-at-Google CAS server is a central authentication service which implements CAS protocol which is used for SSO (Single Sign-On) for various backend services (CASified services).

If you do the login for one service with the CAS server, you don't need to do the login for other services because you will have a session already maintained with the CAS server and the backend service you try to use will first communicate with the CAS server if you have a valid session data, then if you session is valid, it will grant you access to use this service otherwise it will redirect you to the CAS server to authenticate yourself.

CAS service sends you the login form so that you will enter your credentials and authenticate yourself. After Authentication, it redirects you to the service URL you requested for with a service ticket (that will be you identification that you have logged with CAS server), at the service backend it checks whether the service ticket you provided is valid or not, on the basis of that you will have a document or a redirection back to CAS server...

Now my case is, we have a backend service which is connected with the CAS server for AuthN and AuthZ. To access a particular API exposed by the backend service we need to be authenticated with the CAS server first and get a service ticket from it and then we can access a particular API of that backend service. Now the main thing is for every API call, there will be a check between backend service and CAS server to check if a particular session is valid or not. We need to implement the same thing on Apigee Edge, that's why my question is how it can be done on Edge?

I hope, I have clearly explained my problem

thankyou.