> > https://wiki.jasig.org/display/CAS/Shawn+CAS+and+SAML
First, that document is very old. May still be relevant, but just as likely not. I was under the impression that when using SAML you initiate a SSO with a > so called authnRequest. https://wiki.jasig.org/display/CASUM/SAML+1.1 provides actual messages captured from log output of an old but not ancient client and server conversation. That's a better reference for understanding message exchange. In SAML parlance, this is an SSO browser/artifact profile request over SOAP binding. Note that neither the request nor the response are signed, which is uncommon in the SAML world. The JASIG CAS server implementation of SAML 1.1 derives security from the bearer token model used in the CAS protocol. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
