On Tue, 20 Dec 2011, William G. Thompson, Jr. wrote:
> On Tue, Dec 20, 2011 at 2:13 PM, Marvin Addison
> <[email protected]> wrote:
>> How is our substantial investment in both client and server support
>> for a current, active protocol a charade? In practical terms you're
>> suggesting throwing away a large amount of code in favor of a new
>> protocol which would presumably need roughly equivalent amont of code.
>> That seems unwise at best given available resources at present.
>
> Charade in the sense that just using the SAML1.0 markup does not
> afford interop with non-cas-SAML entities nor has it conferred any
> significant benefit to the CAS3.x community.
>
> The inclusion of SAML1.0 markup and endpoints has complicated that
> overall CAS product and allowed the CAS protocol to stagnate. Simply
> adding attributes to the CAS payload via extension of the CAS protocol
> in hindsight seems like a better deal, and is what many in the
> community have done in practice.
>
> The code to add attributes to the CAS payload has been implemented by
> many in the community. It don't think it is as big a lift as you make
> it out to be, what is missing is updates to the CAS protocol doc and
> better support in the clients. On the otherhand, refactoring out
> redundant functionality (ala samlValidate) would simplify the CAS code
> base and make it easier to extend and maintain.
Our vendor (Sungard) has finally added support to their product for
samlValidate, rather than requiring us to install a custom bannerValidate
module into CAS to release attributes from CAS. Whatever you do, don't
remove samlValidate.
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
