We're using CAS with X509 + LDAP login/password authentication against a Windows 2008R2 AD. Attribute releasing through SAML is working fine but it would be nice for client applications that some of the released attributes got mangled before.
For example, group membership is provided as :
CN=Group 1, OU=Groups, DC=example, DC=com
CN=Group 2, OU=Groups, DC=example, DC=com
CN=Group 3, OU=Groups, DC=example, DC=com
It would be more application friendly if it was provided as :
Linux CentOS 5.7 / JDK 1.6.0 / Tomcat 6.0.x