I'm running my InCommon membership through Shibboleth, so I'm not looking for a CAS solution. However, here is what I know:
1) R&S is documented as you point out. If you are going to provide REFEDS R&S to REFEDS R&S SPs, you probably want to go into the InCommon Federation Manager and assert that you are a R&S IdP. I would also suggest you review your error URL, and see if you can be SIRTFI compliant, as those are baseline v2 requirements. Separate from NIH, but while you are in there. 2) Parts of the NIH are also going to want assurance attributes based on the REFEDS Assurance profiles. Once you know which assurance values you can assert, they are just attributes that you return to the SP, like any other attribute. 3) MFA will come in the form of REFEDS MFA. I found this from a couple of months ago that looks promising given that Misagh wrote it: https://fawnoos.com/2020/12/07/cas63x-saml2-mfa-refeds-duo/ On Wed, 2021-03-10 at 15:19 -0800, Mike Osterman wrote: For those that are using CAS SAML IdP as their InCommon IdP (we are almost there but haven't made the switch), there are some upcoming requirements (September 21, 2021) for users of electronic Research Administration (eRA): https://incommon.org/news/nih-application-to-require-multi-factor-authentication/ The REFEDS Research & Scholarship attributes support seems well-documented: https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Attribute-Release.html#refeds-research-and-scholarship The thing that I can't find in the docs is how to express the referenced MFA Authentication Context: https://refeds.org/profile/mfa We've implemented Duo, so I'm guessing that flow would be where we would trigger this, but again, don't find in the docs how to trigger this or if it's even supported by CAS's SAML IdP. I think I saw a couple names of frequent cas-user participants on the office hours webinar today, so I expect others are looking at this as well. Thanks, Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1b141b9362d3bb665a031ed87bab1f94c1e57db.camel%40ndsu.edu.
