Thanks for the link, that gives me a better understanding. But just to confirm (I'm being a little dense), if I have a mix of CAS-style and SAML-style services listed in the services registry, a user should generally only have to enter his or her username and password one time to access all those services, correct? (I realize we'd have to test it all, I'm just looking for a "yeah, that's the idea" or "no, not at all" sort of confirmation.)
I've been holding off on trying the snapshots so far, due mostly to other things on my plate, but also because I'm waiting for 4.3.x and MFA to get a little closer, as we want that, too. I sorta kinda get the overlays and stuff, and even some coding, in that I managed to figure out how to build an MFA module for our two-factor solution (Swivel PINsafe) using CAS 3.6 and the Unicon plug-in. But there was a lot of trial and error and Googling involved, so I'm not sure so much that I know what I'm doing, it's more like I know how to bash it all into some sort of working order. :-) My current plan, since we can't change anything until after the semester ends anyway, is to pay very close attention in your CAS 4.x workshop and talks at Open Apereo next month and THEN dive into it. Thanks, --Dave On Thursday, April 21, 2016 at 12:12:33 PM UTC-4, David Curry wrote: > > Hopefully this isn't too dumb a question; I haven't been able to find a > definitive answer anywhere. > > Right now we're using CAS 3.5.x (we're waiting for summer and 4.3.x with > MFA) as our primary authentication/single sign-on. We also have Shibboleth > 2.4.x for those few services that don't support CAS; it's configured with > shib-cas-authn2 to redirect to CAS to perform the authentication, which > makes everything transparent to the users. All in all, this has been > working really well. > > Is the improved SAML support in CAS 4.x going to let us achieve the same > end result of users only having to authenticate once and then be able to > access both CAS-based and SAML-based services? In other words, is the > intention that we'll be able to get rid of Shibboleth, since we're not > using it for anything special, and just do it all with CAS 4.x? > > As a follow-up, is the improved SAML support and CAS/SAML interaction > documented yet? The only stuff I can find on the web site appears to be the > same "we support SAML1 and SAML2 only as much as Google Apps needs" stuff > that's been there since forever. Should I be looking somewhere else? > > Thanks, > Dave Curry > The New School > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fad11c29-71a3-49c3-b785-aa7d1296cc9d%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
