> We are considering modeling the redirect to the cloud SSO along the lines of > the CAS OpenId implementation and defining a restlet to handle the response > from the cloud SSO. Does this sound like a reasonable approach, or is there a > better way to handle this?
I've not studied the OpenID support in detail, so I can't comment in that regard. I can, however, offer some perspective on alternatives. It sounds like what you want to do amounts to coupling two separate SSO domains, which is the same as a popular approach to combine CAS and Shibboleth by making CAS the authentication provider for Shib, https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration. While the user interaction would be different than what you outlined, namely CAS would be the front-end for all authentication, we believe a single face for SSO is in fact a benefit at my University. In any case I believe you could take a similar approach to CAS-enabling the cloud SSO product. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
