On Tue, Jan 22, 2013 at 3:59 AM, jleleu <[email protected]> wrote: > Hi Bill, > > For logout requests, I'm not sure to understand what you mean by "off by > default" : > Do not send SAML logout requests or send simpler (not SAML) logout requests ?
The back-channel logout requests are problematic for a variety of reasons in a typical enterprise-wide roll out of CAS. This has little to do with SAML per se. Experience with client engagements over the years indicates that it would be more in-line with community practice if the the logout requests where not sent by default, but rather had to be turned on via configuration. (i.e. "off by default"). > > It looks like I missed many interesting discussions at the unconference (but > AZ is far from France). I'm looking forward to your reports. > > SAML validation and SAML login requests are quite different, but I like the > idea of having just one module for SAML to maintain instead of several > modules with just a few classes in it. > What would you do with the SAML 1.1 login requests (SamlArgumentExtractor and > SamlService classes) ? Create a third module : > cas-server-support-generic-saml1 ? The SAML1.1 login requests are logically coupled with SAML1.1 validate, so putting them in the same module probably makes sense. The same is probably true of the Google SAML2 support. I haven't looked into this very deeply, but was hoping something like this was possible: * cas-server-support-google-saml2 All the bits needed for Google SAML2 support. The Google SAML2 support could also likely be evolved into a generic SAML2 Web Browser SSO Profile handler for simple bilateral federation (see https://wiki.jasig.org/display/CAS/CASifying+Jenzabar+JICS+Portal). * cas-server-support-attributes-saml1 All the bits needed for CAS Attributes support via SAML1. The need for this is likely to be mostly eclipsed by CAS attributes in CAS4. Best, Bill > > Thanks, > Jérôme > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
