Marvin Addison a écrit :
I'm looking for a functionnality of validating a proxy ticket which
rendering a SAML ticket, but I don't find any exposed service in CAS (a
service like /samlValidate but for proxy validation so a /samlProxyValidate
service). This feature wasn't implemented ?
It's not implemented since the intent is to support the SAML 1.1
protocol in CAS which has no concept of delegated authentication like
the CAS 2 protocol. I believe the Enhanced Client or Proxy (ECP)
Profile defined in the SAML 2 protocol provides features similar to
CAS 2 proxy, but SAML 2 is on the distant roadmap for the CAS server
and even further for CAS clients.
We have an application which request/collects many data's from partner's
sites, these sites needs the user authentication (so we use the proxy) to
returns the user access and personalized datas.
Assuming the collecting application is driven by user interaction,
this sounds like a good use case for CAS proxy authentication.
The problem is that partners need a normalized response with attributes from
CAS.
Can you provide an example?
We are already working with proxy CAS authentication, but the problem is
really to have a normalized way to publish attributes in the cas
response, because all cas deployers will modify the
casServiceValidationSuccess.jsp to be able to publish attributes. The
problem is in that jsp the xml format generated could be different
whereas the SAML format get all attributes on a normalized way. So
partners who have to publish data's for different portal have to
custumize their cas ticket reader for each CAS servers that they
authorize to make request.
You want a cas response example with user's attributes ? or ?
continue to use the /proxyValidate with unormalized xml for
attributes ?
This is probably your best option at present.
M
Julien
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
