Luminis 3.3.3.79 to Luminis 4 upgrade - GCF or CAS?
Thu, 2008-04-10 12:48 — saki
Hi,
We are planning to upgrade to Luminis 4 from Luminis 3.3.3.79. We have 9 GCF connectors running currently.
A couple of questions:
1. Is GCF fully supported in Luminis 4 ? Which GCF version do we need to use with Luminis 4?
2. On migrating to Luminis 4, do we need to switch our GCF connectors to use CAS ? What are the pros and cons of using GCF versus CAS?
Any help/pointers/suggestions will be greatly appreciated.
Thanks,
Shyam
Hack Your Knowledge
Recent blog posts
- Help!! Luminis 4.1
- Portal for Prospects - facilitation of user accounts from Banner
- receiving error while installing on Solaris
- PermGen space on Windows
- Luminis IV integration with Lotus applications
- Anyone do a complete SunONE migration to Exchange?
- SAF: Is it required if using ILM and Active Directory
- Calendar Migration: SunOne to Exchange 2007
- IMAP on Luminis IV
- cptool list sessions via JSP
Developer Links
Poll
What is your estimated peak concurrent usage (sessions) on Luminis at your institution?
More than 2500
23%
Between 2000-2499
0%
Between 1500-1999
5%
Between 1200-1499
15%
Between 900-1199
5%
Between 500-899
23%
Fewer than 500
30%
Total votes: 40
- Login or register to post comments
- Older polls
Syndicate
Luminis IV GCF
GCF is included in Luminis IV. I am not sure what the version numbering is, because they do not number it separately anymore. I assume it is whatever was current when Luminis IV was released. We are not using CAS and did not look seriously at it, so I have little idea about the second part of the question.
CAS vs GCF
my take on this is:
CAS and GCF have similar functionality from the user's point of view - but they acheive it by very different mechansims.
I got to thinking:
- if you have access to code on the system you are doing single sign on to - then use CAS (if you can), otherwise use GCF.
Having said that CAS with Tomcat realms has proved too tricky yet - although CAS and php or JSP have been fine.
One advantage of CAS is that the client systems do the implementation work. Another is that it is more robust (need to avoid weird port numbers for the CAS server otherwise firewalls might cause trouble)
rich
my 2 cents on GCF/CAS
Hello Shyam,
We went from LP III to LP IV in January and here is my take on GCF vs CAS issue. Currently we have 3 GCF connectors (MOWA, Mirapoint, Cashnet). We have 13 CAS applications.
GCf connectors are very hard to build, port, migrate between versions and maintain. We have issues with our GCF connectors atleast once every month (may be i am overreacting but you get the picture). For all our CAS applications, we set up the connector once and since then, i haven't heard a complaint form either the end-users about the service not being available/working or any maintenance at all.
As far as security is concerned, i believe both methods are equally impressive eventhough i do not have a specific set of criteria over which i can go over and say one is "better".
So if you have web applications, that can be converted to CAS i would say "GO for it".
(Also, LP IV comes with built in CAS)
Let me know how the upgrade went.
Thank you,
shiva
CAS is the future
Cross post ....
http://www.lumdev.net/node/2133#comment-4995
As I said over there... CAS will be replacing CPIP/GCF moving forward. Luminis will laer allow CAS to be external which will really change the game!
external CAS or CAS in Luminis
hi Shiva, i was wondering whether your applications using CAS are using the CAS server in Luminis, or did you write a GCF connector to an external CAS that serves all of the 13 applications?
we are using CAS within Luminis
Hi,
We are using CAS that came with the Luminis IV install. I just enabled the CAS on the server and in our web applications i believe the only change we made is the change of location for cas validation URL (folder location is changed in Luminis IV).
Let me know if this helps.
GCF vs CAS
Hi,
Thanks to all for the responses. I'm just getting started with CAS and my first impressions are as follows:
1. When you use the CAS built-in to Luminis for SSO to an external web application , you will lose the ability to access the application directly, i.e., you will always have to go thru Luminis to access the application. So, there is tight coupling/inter-dependency between Luminis and the external application, which is not good.
2. I'm not sure about this, but as far as I understand, CAS doesn't allow you the capability for session synchronization unlike GCF. Is this true ?
3. We use GCF for Blackboard and it works really well, especially for course mapping between Luminis and Blackboard. I'm not sure if something similar can be done with CAS.
I agree with David that CAS is the way forward since it is open source and has more support. This was confirmed to me when I attended the Luminis Sys Admin training in May.
Shyam
good news...
Hello Shyam,
congratuations on your LP IV upgrade and yor first CAS application.
1) Like you said in your pointers, by enabling CAS, you lose the functionality of getting to the external system directly. The whole concept of CAS is creating a "Trust based relationship" between two disparate systems. You might have aready noticed this - but while doing the CAS authentication, you never pass teh password credentials. So instead of using EAS as your source of authentication, you use Luminis's CAS functions.
2) For session synchronization, you can set your luminis log out time to be minimal which in our case is set to be 15 minutes. Most web applications have longer session times - and it works out perfectly for us. We open all our CAS sessions within luminis (using luminis frames) and when the users logout of luminis and close their browsers, all their sessions are destroyed aswell. If you need session management, last active state check etc you will have to implement GCf connectors (that too only pickup.html methods - pickup.response doesn't give you sessin management options)
3) For CAS all you do is give the external system the user's username - this to me is only authentication. The user will be served content on the external system based on his permission levels in the external system (authorization). When you are talking about blackboard GCF, that is actually integration - which means the data is shared. In CAS you have one source of data and you point luminis to that source.
Let me know if ths helps..