On Fri, 20 Dec 2013, Craig St. Jean wrote:
Sorry, let me start over explaining the environment.
Our infrastructure includes a web application that is a Service Provider to
our SAML IdP.
Their infrastructure includes a web application that is a CAS client to
their CAS server.
What we want to be able to provide our users is the ability to sign into
our application, click a button, and single sign-on to their application.
What I believe this means is we want to point to their CAS server and
provide their application as the service, but at the same time we want
their CAS server to establish trust with our IdP such that when the browser
its their CAS server it will log them in as who we say they are and then
direct to their application. Essentially I want their CAS server to act as
a Service Provider to our IdP in an IdP Initiated scenario and then
redirect into their application already logged in.
Obviously this would require changes on their end, what I am trying to do
is determine if it is even feasible and if so how to do it.
Okay! Now I understand the situation. :)
Wow, I've been brainstorming but I can't come up with something good. Is
CASShib an option?
http://code.google.com/p/casshib/wiki/CASShibExplained
The general idea you need is a federation between your IdP and the CAS
server (IdP).
Sorry I'm not more help. Maybe someone else on the list will chime in?
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
