Hmm. So who is actually making the AuthnRequest and parsing the response? Or, are you saying that an attempt to access webappB will always be redirected to CAS (because of the cas client) and the AuthRequest is sent and the response parsed by the CAS server? Thanks.
----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <cas@tp.its.yale.edu> Sent: Thursday, June 12, 2008 2:22:51 PM Subject: Re: Asml I'm not sure I follow. If you've protected webapp B with the CAS client (a SAML client) and configured it to speak with CAS then it should always redirect to CAS. We're just using SAML to send back additional attributes if they are available. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jun 12, 2008 at 2:10 PM, tedzo <[EMAIL PROTECTED]> wrote: Scott, thanks for your response. I think I am stuck trying to demo Saml capability, mainly due to my lack of understanding of how things work... Let me first make sure what I understand is correct- 1. There is a webappA on ServerA that is protected by some entity (not CAS). 2. There is a webappB on ServerB that is protected by CAS (3.2.1) 3. The SamlTicketValidationFilter is setup on ServerB for webappB, meaning, the filter is triggered when a user attempts to access webappB. 4. The user accesses webappA, is asked to login by whatever is protecting webappA. User logsin successfully. 5. User clicks on a link to webappB from webappA. 6. At this point, normally, CAS would ask the user to login. However, I think I want CAS to make an authRequest to the entity that authenticated the user on webappA, parse the response it gets (essentially that the user is already authenticated and whatever details that go with it), and log the user in and provide access to webappB. That would make the entity on serverA that authenticated the user to webappA the IdProvider and CAS the ServiceProvider. Does this sound right or am I way of base? In order for me to demo CAS saml capability, I would at most require an entity that responds to an authRequest from CAS, is that correct? Thanks. I appreciate your time and interest. ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <cas@tp.its.yale.edu> Sent: Thursday, May 22, 2008 10:04:50 AM Subject: Re: Hi, If you are using the latest CAS client, you should actually only need to configure the Saml Ticket Validation Filter on the client-side (the server should already handle it). -Scott On Tue, May 20, 2008 at 7:16 PM, tedzo <[EMAIL PROTECTED]> wrote: I have downloaded the new cas-server and client versions and I want to check out saml support. How do I go about it? Specifically, I was thinking I would 1. get a hold of a saml client 2. figure out what kind of message needs to be sent to cas in order to login/set up a session 3. read the response from cas 4. figure out the username from the response. I am not familiar with saml, so excuse my naivety. What I am looking for- 1. suggestions for a client, if any. 2. What message I need to send to CAS in order to elicit a response. 3. What kind of response can I expect. 4. Any documents about cas/saml integration. I have been searching the archives and haven't found anything particularly useful... Appreciate you time. _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
