Sorry, let me start over explaining the environment. Our infrastructure includes a web application that is a Service Provider to our SAML IdP. Their infrastructure includes a web application that is a CAS client to their CAS server.
What we want to be able to provide our users is the ability to sign into our application, click a button, and single sign-on to their application. What I believe this means is we want to point to their CAS server and provide their application as the service, but at the same time we want their CAS server to establish trust with our IdP such that when the browser its their CAS server it will log them in as who we say they are and then direct to their application. Essentially I want their CAS server to act as a Service Provider to our IdP in an IdP Initiated scenario and then redirect into their application already logged in. Obviously this would require changes on their end, what I am trying to do is determine if it is even feasible and if so how to do it. On Fri, Dec 20, 2013 at 4:43 PM, Andrew Morgan <[email protected]> wrote: > On Fri, 20 Dec 2013, Craig St. Jean wrote: > > If I understand the CAS-Shibboleth option, it requires you to use CAS as >> your central authentication. In our environment, our IdP is the central >> authentication and we do not have CAS anywhere. We are trying to >> integrate >> with a 3rd party who uses CAS so we need their CAS to integrate with SAML >> IdP Initiated SSO. This is what I am looking to accomplish. >> > > So... who is providing identities? Your IdP or the 3rd party CAS server? > > Or maybe I'm reading that the wrong way. Is the 3rd party running a CAS > *client* (SP, in SAML parlance)? > > > Andy > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
