Ah, OK. So if I understand correctly, the CAS SAML implementation can not interoperate with non-CAS SAML implementations i.e. only works with CAS.
We've tended/started to avoid using CAS for vendor integrations (1) because of a management wish to pursue SAML, (2) [no reflection on official ones] a 'bad taste' from poorly-implemented CAS clients (the protocol is so simple 'everyone' thinks they can write a client), and (3) currently not running a service registry so trying to reduce the dependency cf. control over clients. We still want to use CAS for SSO because it's very good at that, only limit what services use it directly. Looking forward to when we can find/make time to deploy the integrated IdP 3.x (which might solve some of the edge cases). Thanks. Tom. > On Aug 26, 2015, at 3:47 PM, Misagh Moayyed <[email protected]> wrote: > > Yes. Your vendor has a CAS client, so it would need to talk to something > that understands CAS. Whether that's the CAS server or the IdP's CAS > support makes very little difference in terms of feasibility. You don't > need to fetch metadata for anything SAML-like even if you went the IdP v3 > route. > > Out of curiosity, why do you avoid that option? > >> -----Original Message----- >> From: Tom Poage [mailto:[email protected]] >> Sent: Wednesday, August 26, 2015 3:42 PM >> To: [email protected] >> Subject: Re: [cas-user] SAML 2 metadata for CAS SP? >> >> Unfortunately, we're still at IdP 2.x. >> >> We try to avoid this, but maybe all we can do is have the vendor use CAS >> directly (which provides SSO for our IdP). >> >> Tom. >> >> On 08/26/2015 01:50 PM, Misagh Moayyed wrote: >>> What version of the IdP is this? >>> >>> If your IdP is anything v3+, you can just turn on its CAS support, >>> register the client and have it talk CAS protocol to the IdP directly. >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] To unsubscribe, change settings or access archives, >> see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
