Hi, In fact we developped a plugin for CAS to integrate a SAML SP in it to be able to plug it in a SAML federation. The plugin allow the CAS server to be seen like a simple SP and grant access to all services protected by the CAS server. We implemented it with OpenSaml 2. The plugin is able to deal with SAML 2.0 Authn and SLO protocols with Redirect and POST binding. We are able to retrieve SAML attributes in AuthnResponses to propagate the authentication on the CAS server.
The plugin is available here https://github.com/GIP-RECIA/cas/tree/feature-saml2/cas-server-support-saml2 with few documentations. If Jasig is interested with it, we could help to integrate it in the project. 2013/10/22 William G. Thompson, Jr. <[email protected]> > On Wed, Oct 16, 2013 at 5:26 AM, Hardik J Sheth <[email protected]> wrote: > > Thanks Jerome for your reply. > > > > Will CAS 4.0 release have full SAML 2.0 capability? > > What do you mean by "full SAML2.0 capability"? > > If you mean complete coverage of the SAML2 specification, than that > answer is a definite no. > > If you mean ability to do SAML2 Web Browser SSO Profile, than the > answer is at least enough to interop with Google Apps and some others. > > I should point out that it is unclear if there is any complete > implementation of the "full" SAML2 spec, as even Shibboleth skips some > of it. > > > > > Will it be possible to do Federated SSO using CAS 4.0? > > What do you mean by "Federated SSO"? > > If you mean WebSSO across domains, then the answer is yes. CAS has > always been able to do WebSSO across domains and CAS4 doesn't change > that. > > If you mean WebSSO across domains via SAML, see above about limited > SAML2 Web Browser SSO Profile support. > > If you mean consuming aggregated SAML metadata to order to participate > in a federation like InCommon, the answer is no. You are better off > with Shibboleth or better yet CAS/Shibboleth. > > Best, > Bill > > > > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Regards, Maxime BOSSARD. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
