[cas-dev] SAML1.1 support in CAS3.1
Velpi
velpi at industria.be
Tue Feb 6 03:06:04 EST 2007
> I was looking at M1 (CAS 3.1) while doing a proof of concept to casyfy
> SAP portal. We were able to pretty quickly, basically effortless, set up
> CAS 3.1 and direct SAML requests at it. However our SSO target only
> supports SAML1.1, is there a way to make /samlValidate return version 1
> SAML artefacts?
SAP portal supports SAML quite badly at the moment. It does not check
some basic security constraints in the SAML statement (I forgot the
exact details), so from a security point of view the implementation is
useless. However SAML2.0 should be in the development pipeline according
to SAP.
I suggest to front the portal with a SAML enabled reverse proxy and use
the SAP http header based authentication module until SAML 2.0 is supported.
--Velpi
More information about the cas-dev
mailing list