Yan, I assume when you say 'CAS is down', you mean that your authentication backend is unavailable, otherwise CAS would not be able to return the password.
There is clearpass, https://apereo.github.io/cas/6.0.x/integration/ClearPass.html, with all its dangers. It has to be enabled on a per service basis and needs the service's public key. I think that clearpass bypasses the authentication backend. You would have to manipulate the login flow to only use clearpass if your authentication backend was unavailable. Your client app will need to be configured/customized for both CAS protocol and clearpass login. Ray On Tue, 2019-08-20 at 13:51 -0700, Yan Zhou wrote: Hello, Our organization wants to make sure customers can still use their apps, in the event that CAS is down or unavailable (even though we have HA, etc.). The idea is to have CAS return password in encrypted format to some apps. that is critical. When CAS is down, the app. can authenticate using encrypted password themselves. SSO does not need to work during that time. That smells bad, but, I know technically this can be easily done and that is what we have been asked to do. What do you suggest? Yan -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/278b000b4a0ea737b538071f3e255cb2a0585e7e.camel%40uvic.ca.
