> Are those doing this generally taking CAS SSO, fronting it with a Shib IdP, > then integrating with ADFS as a relying-party, that SharePoint uses for > authentication ?
We considered this path but aborted. In short, we needed close collaboration with the Microsoft folks at our institution and couldn't achieve it. It's also insanely complex. Federations are complex in themselves; inter-federation trusts are approaching insanity. Lots of folks make it work, but we felt it was overly complex for the relatively narrow use case of supporting CAS-Sharepoint integration. > We're about to take such a path here at UVic, and I'm in the process of > gathering community-thoughts for this journey. I believe you'll be in good company with that approach. We are attempting a direct WS-Federation integration with CAS and have some promising results in a preliminary R&D experiment. I should note that it's technically different than the EWU approach that Scott cited previously. I'm fairly ignorant of the Sharepoint side, but I believe our approach amounts to hosting the WSFed components as a Sharepoint module that wraps the .NET CAS client. Development is still ongoing, but I can share further details as we progress if anyone is interested. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
