[cas-dev] CAS Client SAML Support Roadmap
Marvin S. Addison
serac at vt.edu
Tue Jan 29 09:18:00 EST 2008
> Has anyone tested interoperability between a SAML-enabled CAS server
> and an Apache Shibboleth SP (mod_shib)?
We have not, although we may be in a place to do so within the next
couple months.
> Since the Shibboleth SP already implements the full SAML client, would
> there be any benefit in having mod_auth_cas reproduce that
> functionality?
Yes, there is benefit in adding SAML support to mod_auth_cas. While the
Shib SP communicates via SAML messages, it doesn't integrate with CAS.
That is, it neither requests nor validates CAS service tickets.
I can see that talk of SAML would bring up Shib integration, but that is
not our primary interest. Passing SAML is the method CAS has chosen to
allow clients to participate in single sign-out, and CAS clients need to
be able to consume SAML and provide session destruction on request (via
SAML logout assertion) to fully implement that feature.
M
More information about the cas-dev
mailing list