Yan, If you have control of the client app, then set up CAS protocol. Many third party apps and cloud service providers use SAML 2 or one of its 'descendants' as a protocol. It has a rich set of features (more than SAML 1.1) and existed prior to CAS protocol 3 (I think).
Ray On Wed, 2019-02-13 at 08:58 -0800, Yan Zhou wrote: We have both CAS 4.1.9 and CAS 5.3.5. True, we could support, but I do not see any benefit with all the extra work. I am reading about Open ID Connect, other than the flow/payload, CAS protocol has very similar concepts. Technically, we can replace OpenID Connect with CAS protcol, and it should be just as secure, is not it? Yan On Wednesday, February 13, 2019 at 10:41:30 AM UTC-5, oneill wrote: Yan, Sounds like you’re on the right track and CAS can probably continue to meet your SSO needs. What version of CAS are you on now? With the right modules and configuration, a CAS server could support Open ID and SAML 2.0, in addition to CAS. Tom From: cas-...@apereo.org<javascript:> <cas-...@apereo.org<javascript:>> On Behalf Of Yan Zhou Sent: Wednesday, February 13, 2019 10:28 AM To: CAS Community <cas-...@apereo.org<javascript:>> Subject: [cas-user] CAS is Federated SSO? Hello! We have been using CAS in our enterprise quite well. Various apps inside our corporation use the CAS protocol to achieve SSO. A vendor wants to integrate with us and they agree that CAS is the single identity provider. But, they want Open ID Connect or SAML2, not CAS protocol. It is true that using standards is better, CAS protocol is very light-weight, but it is not an industry standard. As far as I can tell, CAS4 and CAS5 does provide federated SSO (provided that CAS is the only identity provider). Does that sound right? If there is one single identity provider, user does not authenticate against any app., and app talks to CAS server. It all sound Federated SSO to me. In this particular context, I do not know what Open ID Connect or SAML2 will offer that CAS protocol does not, other than we would be using a standard protocol but a lot more complicated. Thx! Yan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<javascript:>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/87a9ab48-0fd0-45d8-a492-8b671ea11abd%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/87a9ab48-0fd0-45d8-a492-8b671ea11abd%40apereo.org?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1550081866.3634.20.camel%40uvic.ca.