> Has anyone tested interoperability between a SAML-enabled CAS server > and an Apache Shibboleth SP (mod_shib)?
We have not, although we may be in a place to do so within the next couple months. > Since the Shibboleth SP already implements the full SAML client, would > there be any benefit in having mod_auth_cas reproduce that > functionality? Yes, there is benefit in adding SAML support to mod_auth_cas. While the Shib SP communicates via SAML messages, it doesn't integrate with CAS. That is, it neither requests nor validates CAS service tickets. I can see that talk of SAML would bring up Shib integration, but that is not our primary interest. Passing SAML is the method CAS has chosen to allow clients to participate in single sign-out, and CAS clients need to be able to consume SAML and provide session destruction on request (via SAML logout assertion) to fully implement that feature. M _______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
