Arjohn,Yes, CAS is pretty unique with this feature. I have recently done some work actually using it, and it is powerful.
SAML2 has a notion of "delegated authentication," which accomplishes the same thing in SAML. However, I don't know how many SAML IdPs actually implement it. I know that the open source Shibboleth IdP now has support for delegated authentication because I was somewhat involved in that project earlier this year.
CAS proxy authentication has existed for years, and it is well understood. Adam Arjohn Kampman wrote:
Dear CAS users, I'm currently investigating authentication option for a project that requires services to access other services on behalf of a user (aka "proxy" in CAS terminology), without direct contact between the user and the "target". I have looked at various authentication options (oauth, openid, http auth, ...), but only CAS seems to offer this functionality. Am I missing something here? Is this kind of functionality so unique that none of the other protocols support it? This looks like a common usage scenario to me. CAS looks like a good option for my project, but I want to make sure that I'm not missing viable alternatives. I hope someone with a better overview of the field can give me some insight here. Kind regards, Arjohn Kampman
<<attachment: arybicki.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
