Re: [cas-dev] RFC CAS protocol 2.0.x Attribute release

Tue, 03 Jan 2012 07:14:17 -0800 

Andrew,

Thanks for raising this.

In the interest of getting all the issues on the table:

The current approach of supporting user attributes only via SAML responses 
prevents CAS client libraries from both retrieving user attributers and 
obtaining a PGT, since currently PGT acquisition is available only through the 
/serviceValidate and /proxyValidate endpoints.  Adding user attributes to these 
endpoints or endpoints evolved from them would provide a natural path to 
attributes-and-PGT.

In revving the CAS protocol to afford simple attribute release, I'd want to see 
the use case of attributes-and-PGTs addressed.

Andrew

On Jan 3, 2012, at 10:00 AM, Tillinghast, Andrew P. wrote:

> 
> Attribute release was a hot topic at the unconference and has again come up 
> in the mailing list as a user need so I'd like to spark a developer 
> discussion to see if we can do a point release to the CAS protocol and make 
> attribute release official.
> 
> It's actually covered in a few Jira entries but some examples: 
> https://issues.jasig.org/browse/CAS-655 or 
> https://issues.jasig.org/browse/CAS-738
> 
> I know this has been pushed off a few times as something CAS shouldn't be 
> doing and/or should be handled through SAML, however some of the Official CAS 
> clients, I know PHPCas for sure, already support the attribute release in the 
> serviceValidation Response.
> 
> If attribute release is only supported with the SAML 
> https://wiki.jasig.org/display/CASUM/SAML+1.1 then it seems an encouragement 
> for the end user to drop CAS and move to Shibboleth.
> 
> At his point not making it officially part of the CAS protocol just leaves 
> confusion over the proper formatting of the attribute response and creates a 
> barrier that prevents some of the less savvy deployers from using a potential 
> feature.
> 
> 
> Andrew Tillinghast


-- 
You are currently subscribed to cas-dev@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to