> > Would the idp multifactor mechanisms be usable for CAS clients? >
Yes, though it may be better to discuss further on the related shib-users thread. > I don't > particularly like the memcached backend, which looks like the only > current option (other than a database) to cluster idp 3. I'd be curious to know why you don't like it. I encourage you to discuss further on shib-users. Yes, from what I've seen the attribute filter basically functions as the > service registry for CAS clients, but gives you the idp feature of only > allowing certain values of some attributes rather than all. > The ability to mutate attributes is a notable capability of the IdP attribute engine. > I need to decide > whether to keep a separate CAS deployment ... or migrate CAS clients to > the idp CAS support. I was in the same situation, so I'll share my decision FWIW. I'm a single FTE running two production systems, Shib IdP and Jasig CAS server, that have the same purpose but with complementary capabilities. It made all the sense in the world to consolidate onto a single platform that could provide everything we needed. Fortunately I had the benefit of developing the CAS protocol support in the IdP expressly to meet our requirements. Thus we had assurance our needs would be met by a single platform and it became a straightforward economic decision: consolidate and save. Of course our needs and yours are likely different; you'll have to evaluate for yourself whether a single platform meets your requirements. M <http://www.ja-sig.org/wiki/display/JSG/cas-user> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
