> Does the vendor support a particular SAML version? SAML 1.1 and SAML 2 are significantly different, with the latter a huge design-by-committee failure IMO.
Thanks for the great information - it looks like our vendor supports SAML 2.0 as all of their documentation refers to 2.0 (never directly, only through the use of explicit examples of how messages are passed). Will the 2.0 specification limit our abilities to integrate this with our institution? > Your mention of PKI is concerning. Currently CAS has no support for XML digital signatures or message encryption, which would be two possible use cases for a certificate. Can you provide a link to the vendor instructions so we can investigate further? Unfortunately the vendors documentation for the SAML support is not publicly available; however, I can forward this to your email (very brief reading, about 10 pages of mostly examples). > I wonder if CAS-Shibboleth-VendorProduct integration is the way to go. Many folks, including us at Virginia Tech, have had success integrating CAS and Shib, and I can say from experience that Shib support for SAML is second to none. See http://www.ja-sig.org/wiki/display/CASUM/Shibboleth-CAS+Integration for more info. Thanks a ton - I will do some research into that now. Thanks again, Mike McMahon -----Original Message----- From: Marvin Addison [mailto:[email protected]] Sent: Wednesday, January 13, 2010 5:36 AM To: [email protected] Subject: Re: [cas-user] CAS / SAML and integration > our current institution uses CAS / LDAP to authenticate our users; however, the vendor only lists instructions for SAML (which requires a Public Key Certificate). Does the vendor support a particular SAML version? SAML 1.1 and SAML 2 are significantly different, with the latter a huge design-by-committee failure IMO. > Is there a way to integrate the two together, in such a manner that we can simply point our vendors software to a CAS URL and have it support the required SAML messages? Your mention of PKI is concerning. Currently CAS has no support for XML digital signatures or message encryption, which would be two possible use cases for a certificate. Can you provide a link to the vendor instructions so we can investigate further? > Would we need to setup a SAML aware system and on some sub-layer connect CAS and SAML so we can continue on with our SSO environment? I wonder if CAS-Shibboleth-VendorProduct integration is the way to go. Many folks, including us at Virginia Tech, have had success integrating CAS and Shib, and I can say from experience that Shib support for SAML is second to none. See http://www.ja-sig.org/wiki/display/CASUM/Shibboleth-CAS+Integration for more info. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
