Borchers, Kristopher C. wrote: > > We recently launched Gmail at our school and we are receiving > complaints from users that they can not set up IMAP or POP3 for their > e-mail clients. I am assuming this is because we are using CAS and > SAML to authenticate our users and when they try to use IMAP or POP3, > the authentication is failing. >
Yes, that is my understanding. The SAML SSO solution only works for the web-based components, not IMAP, POP, GoogleTalk, etc. The latter are password-based only. > Has anyone else run into this and found a way to make it work or even > had ideas on how to make it work which I can try to implement? > > > Someone from the USC middleware group presented on their Google Apps project at the recent Internet2 meeting. Link to presentation below. They use Shibboleth for SAML SSO support, not CAS, but same issues, I imagine. My understanding is that non-web based components are authenticated by a separate Google password, distinct from the USC password, which is stored/maintained on Google's systems and managed via USC provided tools which invoke Google's provisioning API. Or something along those lines. http://www.internet2.edu/presentations/fall08/20081015-googleapps-bellina.pdf Don't know for sure whether Google exposes any other authN options which CAS could leverage for non-web-based apps, but I haven't heard of any. --Brent
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
