Asml

Mon Jun 16 13:32:12 EDT 2008

Any ideas?

----- Original Message ----
From: tedzo <tedzo2003 at yahoo.com>
To: Yale CAS mailing list <cas at tp.its.yale.edu>
Sent: Thursday, June 12, 2008 3:30:21 PM
Subject: Re: Asml

Hmm. So who is actually making the AuthnRequest and parsing the response? Or, are you saying that an attempt to access webappB will always be redirected to CAS (because of the cas client) and the AuthRequest is sent to and the response parsed by the CAS server?

Thanks.

----- Original Message ----
From: Scott Battaglia <scott.battaglia at gmail.com>
To: Yale CAS mailing list <cas at tp.its.yale.edu>
Sent: Thursday, June 12, 2008 2:22:51 PM
Subject: Re: Asml

I'm not sure I follow. If you've protected webapp B with the CAS client (a SAML client) and configured it to speak with CAS then it should always redirect to CAS.

We're just using SAML to send back additional attributes if they are available.

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia 

On Thu, Jun 12, 2008 at 2:10 PM, tedzo <tedzo2003 at yahoo.com> wrote:

Scott, thanks for your response.

I think I am stuck trying to demo Saml capability, mainly due to my lack of understanding of how things work...
Let me first make sure what I understand is correct-
1. There is a webappA on ServerA that is protected by some entity (not CAS).
2. There is a webappB on ServerB that is protected by CAS (3.2.1)
3. The SamlTicketValidationFilter is setup on ServerB for webappB, meaning, the filter is triggered when a user attempts to access webappB.
4. The user accesses webappA, is asked to login by whatever is protecting webappA. User logsin successfully.
5. User clicks on a link to webappB from webappA.
6. At this point, normally, CAS would ask the user to login. However, I think I want CAS to make an authRequest to the entity that authenticated the user on webappA, parse the response it gets (essentially that the user is already authenticated and whatever details that go with it), and log the user in and provide access to webappB.

That would make the entity on serverA that authenticated the user to webappA the IdProvider and CAS the ServiceProvider.

Does this sound right or am I way of base? In order for me to demo CAS saml capability, I would at most require an entity that responds to an authRequest from CAS, is that correct?

Thanks. I appreciate your time and interest.

----- Original Message ----
From: Scott Battaglia <scott.battaglia at gmail.com>
To: Yale CAS mailing list <cas at tp.its.yale.edu>
Sent: Thursday, May 22, 2008 10:04:50 AM
Subject: Re:

Hi,

If you are using the latest CAS client, you should actually only need to configure the Saml Ticket Validation Filter on the client-side (the server should already handle it).

-Scott

On Tue, May 20, 2008 at 7:16 PM, tedzo <tedzo2003 at yahoo.com> wrote:

I have downloaded the new cas-server and client versions and I want to check out saml support. How do I go about it? Specifically, I was thinking I would 
1. get a hold of a saml client
2. figure out what kind of  message needs to be sent to cas in order to login/set up a session
3. read the response from cas
4. figure out the username from the response.

I am not familiar with saml, so excuse my naivety. What I am looking for-
1. suggestions for a client, if any.
2. What message I need to send to CAS in order to elicit a response.
3. What kind of response can I expect.
4. Any documents about cas/saml integration. I have been searching the archives and haven't found anything particularly useful...

Appreciate you time.

_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas

-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia

_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080616/ddc99474/attachment.html 