On Wed, Jan 23, 2013 at 2:10 PM, jleleu <[email protected]> wrote: > Hi, > > The logout feature has always been a "big" topic. So I propose to keep it "as > is" for CAS-1188 (enabled by default) and start a new project on SLO just > after that and before working on LOA. I remember that we had already many > impassioned discussions on SLO.
That's fine. It does mean that there will still be "SAML stuff" left in the core. > > I understand your point of view Bill, but I tend to agree with Marvin and > Scott. > I wouldn't be categorical on this (and we can change our mind later), but I > feel it better to gather all SAML stuffs in the same module. I did that for > OAuth instead of creating one module for Facebook, one module for Google, one > module for Yahoo... SAML2 Google, and SAML1 CAS Attributes aren't logically related in a way that OAuth for various providers might be, and the code is essentially orthogonal. They are also not related in a way that a deployer would automatically want to deploy both. That said I won't stand in the way of a single module, if consensus is otherwise. I'll still be happy with SAML mostly out of the core. > > Thus, unless Misagh or Andrew disapprove it strongly, I will just create one > module for SAML support. Regardless of module organization, I think we should be very careful with the words "SAML support". You will have one module that supports CAS Attribute Resolution via SAML1 artifact and SAML2 Web Browser SSO Profile support sufficient for Google authentication (and Jenzabar JICS Portal). Best, Bill > > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
