Hi Bill, At the moment the components will allow you to authenticate against a RADIUS server that provides the SAML-AAA-Assertion attribute (i.e. what Moonshot provides). This RADIUS attribute contains a SAML attribute statement, which in turn is consumed by the authentication handler, and from which you can pick what you want the CAS principal to be. We have not yet tried this with the new trust router bits for Moonshot, so that might (or not) be a stumbling block. We'll see.
Additionally, the components enable proper EAP-TTLS authentication support for the CAS 3.5.x RADIUS components by back-porting the CAS 4.0-style RADIUS client. I apologise to Marvin for committing such a travesty, but since we're running 3.5.2 (not 4.0 since it's not officially released yet), we have had to make do with that. Documentation for all that is online in Github. See https://github.com/spaetow/cas-abfab-support/ for details. When you say "Unicon is part way through a project to enable CAS to act as an SAML IdP Proxy leveraging the SAML SP support in Spring Security", do you mean that you could authenticate a CAS user against an IdP (i.e. the reverse of CasShib, if I understand CasShib correctly)? Our basic Shibboleth ECP authentication client uses a passed-in URL protected with Shibboleth, and a passed-in ECP profile URL to authenticate a user on that IdP. It returns the SAML response as received from the IdP. Again, the client is on GitHub (https://github.com/spaetow/ShibbolethECPAuthClient/). I'd like to improve on the crudeness of it once I have some time to. We've already used the client as a base to build two authenticators for the ICAT Project, which is used by a large particle physics community in Europe. Those authenticators are at https://github.com/spaetow/icat_authn/ - My concept of a CAS authenticator would be based on the same principles as the authn_shib2local authenticator in that repo, but provide the attribute statement in the SAML response as an attribute map (once I figure out how attribute maps work and how I can set principals based on specific attributes in a map). Regards Stefan -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
