Re: [cas-dev] RFC CAS protocol 2.0.x Attribute release

Tue, 03 Jan 2012 08:33:11 -0800 

+1 from my side
As one can see on the list countless people want attributes and struggle to get it running and i have also had some complaints about the attribute/proxy gap. There are only bits and pieces scattered in the archives and the wiki. I really don't like the extra effort we have to put in to help people patching their cas with a "known extension" when a solution could be so easy. 


The java client and phpcas support it out of the box and it is a simple 
and already well tested addition. A simple modification of one jsp and a 
bit of documentation effort and we are done ;)


php and java clients both support it [1]

Joachim

[1] https://wiki.jasig.org/display/CASC/Client+Feature+Matrix







On 03.01.2012 16:13, Andrew Petro wrote:

Andrew,

Thanks for raising this.

In the interest of getting all the issues on the table:

The current approach of supporting user attributes only via SAML responses 
prevents CAS client libraries from both retrieving user attributers and 
obtaining a PGT, since currently PGT acquisition is available only through the 
/serviceValidate and /proxyValidate endpoints.  Adding user attributes to these 
endpoints or endpoints evolved from them would provide a natural path to 
attributes-and-PGT.

In revving the CAS protocol to afford simple attribute release, I'd want to see 
the use case of attributes-and-PGTs addressed.

Andrew

On Jan 3, 2012, at 10:00 AM, Tillinghast, Andrew P. wrote:



Attribute release was a hot topic at the unconference and has again come up in 
the mailing list as a user need so I'd like to spark a developer discussion to 
see if we can do a point release to the CAS protocol and make attribute release 
official.

It's actually covered in a few Jira entries but some examples: 
https://issues.jasig.org/browse/CAS-655 or 
https://issues.jasig.org/browse/CAS-738

I know this has been pushed off a few times as something CAS shouldn't be doing 
and/or should be handled through SAML, however some of the Official CAS 
clients, I know PHPCas for sure, already support the attribute release in the 
serviceValidation Response.

If attribute release is only supported with the SAML 
https://wiki.jasig.org/display/CASUM/SAML+1.1 then it seems an encouragement 
for the end user to drop CAS and move to Shibboleth.

At his point not making it officially part of the CAS protocol just leaves 
confusion over the proper formatting of the attribute response and creates a 
barrier that prevents some of the less savvy deployers from using a potential 
feature.


Andrew Tillinghast






--
You are currently subscribed to cas-dev@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev






















					Reply via email to