CAS with LDAP vs LDAP only authentication

1
votes

We have several custom developed online applications as well as open source application such as KOHA, moodle and bugzilla.

We are attempting to integrate their authentication using a Single Sign-On service. So far we have tried JASIG CAS and this seems to solve most of our issues.

However we would also like to link the authentication to an LDAP compatible directory service.

My questions are:
1. Why do we need to use CAS with LDAP?
2. Can a LDAP only service work? (all of our application either directly supports LDAP or can be modified to work with LDAP)
3. Assuming CAS is running on a MySQL database, can LDAP compatible sysmtem such as Active Directory, contact the CAS server to login?

1
authenticationldapsingle-sign-oncas

1 Answers

4
votes
  1. With CAS, you centralize your security in one place, instead of having each application integrated with your LDAP
  2. Yes, it's generally more work and a lot less secure (see 1)
  3. CAS relies on your LDAP for authentication, applications connected to CAS benefit from SSO, but applications can directly authenticate users via your LDAP (without SSO)