cas proxy auth - SAML equivalent?
Paul B. Henson
henson at cpp.edu
Wed Mar 18 20:16:06 EDT 2020
We are supposed to deploy authentication services "in the cloud" soon. The ideal scenario is having them both on premise and in the cloud, with on premise using on premise if available, and the Internet using the cloud if available, each failing over to the other as necessary.
However, we currently utilize server-side storage (using Unicon's hazelcast mechanism), and clustering between on prem and cloud, where each one can work if the other is broken and the on prem can work if the Internet link is down seems complicated. I was actually planning to look into Unicon's newer redis storage mechanism as part of our migration, and I did find something that supposedly will let you have two distinct redis clusters and replicate between them:
But again, complicated, with lots of moving parts. We could probably migrate to client-side storage, which removes the entire mess, with the exception of CAS proxy auth functionality, which requires server-side storage.
So, a two-pronged question:
* is anything available for SAML delegated/proxy authentication yet that provides similar functionality as CAS proxy auth, and if so, would it also requires server-side storage?
* any other thoughts/suggestions on server-side storage design/implementation in such a hybrid on-prem/cloud deployment?
Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
More information about the users