Hi Adam,
Thanks for your reply. I was able to find some more info, now that I'm
having the right keywords. Shibboleth also calls this functionality
"proxy authentication" on this page:
https://spaces.internet2.edu/display/ShibuPortal/Home
The sequence diagram on this page looks very similar to how CAS works. I
think I prefer CAS over Shibboleth thanks to the (relative) simplicity
of its protocol though.
Just a quick check if I have the correct understandig of the
terminology:
- delegated authn: the use of an external service for authentication, a
requirement for sso
- federated authn: combining several authentication services as a single
virtual service
- proxy authn: a mechanism to access a service on behalf of a user or
another service
Does that look correct?
Arjohn
Adam Rybicki wrote:
Arjohn,
Yes, CAS is pretty unique with this feature. I have recently done some
work actually using it, and it is powerful.
SAML2 has a notion of "delegated authentication," which accomplishes the
same thing in SAML. However, I don't know how many SAML IdPs actually
implement it. I know that the open source Shibboleth IdP now has
support for delegated authentication because I was somewhat involved in
that project earlier this year.
CAS proxy authentication has existed for years, and it is well understood.
Adam
Arjohn Kampman wrote:
Dear CAS users,
I'm currently investigating authentication option for a project that
requires services to access other services on behalf of a user (aka
"proxy" in CAS terminology), without direct contact between the user and
the "target". I have looked at various authentication options (oauth,
openid, http auth, ...), but only CAS seems to offer this functionality.
Am I missing something here? Is this kind of functionality so unique
that none of the other protocols support it? This looks like a common
usage scenario to me.
CAS looks like a good option for my project, but I want to make sure
that I'm not missing viable alternatives. I hope someone with a better
overview of the field can give me some insight here.
Kind regards,
Arjohn Kampman
--
Arjohn Kampman, Senior Software Engineer
Aduna - Semantic Power
www.aduna-software.com
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
