Hello,
I am trying to understand how exactly CAS supports saml in the context of SSO
using saml and I am confused. The way I see it-
1. User logs into some application (App1) by providing username/password.
2. User is redirected to an application protected by cas while working on App1.
At this point, for true SSO, Cas should make a saml request and parse the saml
response and figure out the username and allow access (or deny I suppose)
OR
Cas is posted the saml response during the redirect and it parses the response
and figures out the username and allows/denies access. This is kind of similar
to the Browser/POST binding I think (in saml 1.1) which requires a well known
end-point called "samlConsumer".
So what exactly happens?
From what I see,
- user is redirected to cas loginUrl due to AuthenticationFilter.
- User presents username/password, ticket is issued etc.
- Saml11TicketValidationFilter appears to make a saml request to the server.
- Saml10SuccessResponseView responds with saml describing user attributes.
- Saml11TicketValidationFilter parses the response, gets the user information
and redirects to destination.
If I have configured the AuthenticationFilter, I am always going to be
redirected to the login page. How do I tell Cas to not go to the login page but
to obtain a saml response and parse it to find the user information?
I think I am thoroughly confused now.
Appreciate your thoughts.
Thanks.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
