[cas-dev] Implementing Single Log Out w/SAML 2.0

[Scott Battaglia]

Marvin,

No work has been started on the single log out feature.  I'm currently
looking into the Single Log Out that the SAML 2.0 protocol specifies.  There
are parts of the specification that don't make sense in CAS (nor would they
work extremely well).  What we may end up doing is using the XML itself and
enacting policies that state which way SLO can be used.  For example, my
personal preference would be not to allow CAS clients to initiate single log
out. It also looks like we need a way to specify a callback url dynamically
(instead of having some meta data on the server).  Anyone who's read the
spec, do they have any thoughts on which parts make the most sense to
support in CAS?

I'm away for the next 9 days, starting tomorrow night, so no major work
would probably start on this until after I came back.  Whichever protocol we
choose to support, I know there will need to be work effort involved in
coding the clients, for anyone who is interested in contributing.

-Scott

On 9/4/06, Marvin Addison <serac at vt.edu> wrote:
>
> We are very interested in a Single Sign Out feature for CAS.  I recently
> read the following on a post on the CAS mailing list:
>
> "We are looking at the SAML 2.0 protocol for supporting Single Log Out
> in CAS 3.1"
>
> I also saw that some code for sending/receiving SAML messages has been
> posted for review on CAS-Dev.  Can someone explain the current state of
> the Single Log Out feature?  If developer effort is needed to make it
> happen, we may be able to lend a hand.
>
> Thanks,
> Marvin Addison
> Application Programming Analyst
> Collaborative Technologies Unit
> Virginia Tech
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20060906/785b7cb5/attachment.html