On 5/3/10 10:23 AM, Leandro Dardini wrote: ... >> The mod_auth_cas client supports SAML in versions that have yet to >> be released, but it's available in the subversion repository. >> We've been using it informally here at Virginia Tech for about a >> year now and it works well. > > I just installed the svn version of mod_auth_cas and my CAS server is > the latest stable version, but is there a guide/wiki/howto/doc for > selecting the SAML protocol between the CAS server and the > mod_auth_cas and how to handle the additional informations?
You'll need to set your CASValidateURL to CAS_SERVER/samlValidate and set: CASValidateSAML On You can choose an attribute delimiter if you wish: CASAttributeDelimiter ";" You can also set an attribute prefix: CASAttributePrefix "PREFIX_" To put the attributes in the HTTP headers, be sure to set CASAuthnNHeader to something: CASAuthNHeader username Assuming you have mod_auth_cas setup as above and CAS returns a group attribute in the SAML, the HTTP headers will have something like the following: PREFIX_group : group1;group2;group3 If you want to use require directives on this header information in mod_auth_cas, the following patch may be useful: http://www.ja-sig.org/issues/browse/MAS-37 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
