Yeah we are using ADFS and I think is that where the hang-up is occurring. Our consultant was going to use the documentation from the original post ( http://technet.microsoft.com/en-us/library/jj205456.aspx) but for some reason when he had a conversation with a person at MS, he was told that wasn't the way to go (sigh...I don't know why).
Laura On Dec 6, 2012, at 2:36 PM, Kevin P. Foote wrote: > > Ahh.. OK. Yea you left out the ADFS bits.. :-) > > My main point was if you/Laura were thinking Shib would be yet another > point for end users to 'login to', that would be incorrect. Shib and CAS work > nicely together to avoid just such a scenario. > > ------ > thanks > kevin.foote > > On Thu, 6 Dec 2012, Gasper, John wrote: > > -> Hey Kevin, > -> > -> I guess the point is we are an ADFS school, not Shib, and have been for > several years. I probably also assumed that Laura was trying to use ADFS as > that is what MS tends to push. > -> > -> My goal was to connect the two different SSO services (CAS and ADFS) and > still retain the ability to federate (I originally modified ADFS to use CAS > auth with the ClearPass extension). Someday, I should do more investigation > with Shib, but it hasn't been a priority as of late. > -> > -> Besides writing the WS-Federation auth handler/plugin was a fun challenge. > :) (Although Jérôme did the heavy lifting with the OAUTH connector.) It can > be found here: > https://github.com/jtgasper3/cas/tree/3.5.x/cas-server-support-wsfederation > -> > -> John > -> > -> -----Original Message----- > -> From: Kevin P. Foote [mailto:[email protected]] > -> Sent: Thursday, December 06, 2012 10:20 AM > -> To: [email protected] > -> Subject: RE: [cas-user] Cas and o365 Email > -> > -> On Wed, 5 Dec 2012, Gasper, John wrote: > -> > -> -> EWU is just about to go live with O365, so we had a similar need, but > because we didn't want to have 2 un-connected single sign-on solutions we > took a different approach. > -> > -> John, you are thinking about this wrong. As Jason mentioned before, user > never knows the Shib portion is involved. Your SSO session would still be > governed and provided fully by your CAS instance. You would not be adding an > "un-connected sign-on solution". Rather, you would be extending the > functionality of your current SSO solution to include the full SAML stack and > yes the ECP portion which you would be after with o365. > -> > -> Just something to think about. > -> > -> ------ > -> thanks > -> kevin.foote > -> > -> > -> -- > -> You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -> > -> > -> -- > -> You are currently subscribed to [email protected] as: > [email protected] > -> To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -> > -> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
