access to authentication method
Sarah Arnott
sarnott at mun.ca
Wed Jun 6 14:08:33 EDT 2007
Hi guys,
I know this was discussed on the list last year
(http://tp.its.yale.edu/pipermail/cas/2006-February/002168.html) but I'm
just wondering exactly how Rutgers and Dartmouth implemented it.
Our situation here at Memorial is very similar to Dartmouth College's -
we want to authenticate prospective students (and other guests) with CAS
and protect our sensitive applications by requiring not only a CAS
authentication ticket but an "authentication method" assertion as well.
I know CAS 3.1 supports SAML but we're at version 3.0.7, plus it would
be nice if this could be implemented such that it won't break the
clients and we could modify specific clients to check for the assertion.
I can see a few ways of implementing this (e.g. create a new Principal
and UsernamePasswordCredentialsToPrincipalResolver classes) but I'm
curious to see how you guys did it.
TIA,
Sarah
More information about the cas
mailing list