Not sure I'm understanding this. Translating from external IdP's SAML assertions to CAS is what CASShib does. It allows applications to consume what is ultimately SAML IdP authentication via the CAS abstractions and client libraries. CASShib does the heavy lifting of talking to the SAML IdP and then speaks the CAS abstraction to CASified applications. Viola, CAS-enabled application is SAML enabled without having to actually implement SAML support at the application layer. Supposing the application can live with the limitations.
I gave a pretty good talk <http://events.internet2.edu/2010/fall-mm/agenda.cfm?go=session&id=10001394&event=1159> about a Unicon project involving making use of this at the Fall 2010 Internet2 membership meeting. Looks like slideware's posted <http://www.internet2.edu/presentations/fall10/20101103-minimally_invasive_domestication-petro.pdf>. Relevant diagrams start at slide 45 or so. Andrew On 09/29/2011 07:02 AM, Marvin Addison wrote: >> isn't that what CASShib does...takes a SAML assertion from a >> Shib IdP and >> translates that into CAS ST for the downstream service? > Everything I have read indicates that CAS is the IdP in this case and > CASShib acts as a proxy for Shibbolized _services_ (Shib SPs) to > perform authentication and attribute release services using CAS as the > IdP. I read the link you cited and I simply don't see anything that > claims it has the capability to proxy assertions from other IdPs. > > M > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
