That is excellent. It then takes the best from both worlds. Bruno
-----Original Message----- From: Andrew Petro [mailto:[email protected]] Sent: Monday, February 09, 2009 5:57 PM To: [email protected] Subject: Re: [cas-user] In CAS: (SSO=One ID/PW) or (SSO=One login works for all apps)? "Does CAS do full-fledged-SSO? Where full-fledged-SSO is defined as 'authenticating in one app makes it unnecessary to authenticate in other apps'." Yes. Authenticating via CAS to one application makes it unnecessary for the end user to experience the tedious and inconvenient aspects of authenticating to access another application. The second application, when it redirects the user to CAS for authentication, will by default enjoy an immediate redirect back with a token to authenticate the user. CAS offers an option for applications to opt out of the single sign on feature while still using CAS for authentication. That is, an application can insist that an end user present primary credentials to CAS for the purpose of authenticating to that application, opting out of CAS accepting a single sign on session token (evidence of having recently presented credentials to CAS) as a basis for issuing a service ticket for the user to authenticate to the application. Andrew Bruno wrote: > Besides ensuring that applications rely on the same username and password, does CAS do full-fledged-SSO? > > Where full-fledged-SSO is defined as 'authenticating in one app makes it unnecessary to authenticate in other apps'. > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
