Brent,
Steps 3) and 4) are confusing. If IdP is performing authentication in 3), why
is CAS also validating credentials?
Picking from a list (or typing it in) is frequently used as a method for IdP
selection. User name would also work but may be a little confusing to users
when they enter the
Hey Ray,
We want to delegate authentication from CAS to these client IdPs. We'll
either use an IdP-initiated flow, or we'll build out an "SP-initiated flow"
in CAS. Something like this,
1) User hits protected service and is redirected to CAS
2) "Magic IdP resolution" (TBD) forwards them to c
Brent,
Are you saying that the user authenticates first with CAS and is then
redirected to a SAML IdP? Or how will you determine to which IdP a user will be
sent?
Ray
On Tue, 2019-05-21 at 07:45 -0700, Brent Smith wrote:
Hi,
I'm trying to set up a new CAS implementation that delegates to mult
Hi,
I'm trying to set up a new CAS implementation that delegates to multiple
SAML IdPs, with each IdP representing a distinct slice of the user base
(one IdP per customer).
Is there a way for me to restrict one IdP from attempting to authenticate a
user from another IdP?
I thought about b
