...
Synopsis:
| Excerpt |
|---|
Shibboleth/CAS integration. SAML. CAS 3 protocol. |
The main topic of this meeting was how to integrate Shibboleth into CAS. After some discussion, Howard convinced us that CAS will, in effect, become a WAYF (Where Are You From?). An application that chooses to accept credentials from Yale and other Shibboleth entities would convey this information to CAS upon the login redirect. CAS would then allow the user to somehow specify they are a remote user, and where they are from. This could be done either with a pulldown or with some namespace distinction such as "@harvard.edu" appended to the username. If the user is remote, they will be redirected to their own sign-on system to present credentials which will be forwarded through Shibboleth to the "Local Shib Authority." Remote users will not provide their password to Yale CAS directly. They provide their username only for the purpose of helping determine what Handle Server they ultimately end up at.
...