> If we've settled on adding attributes to the CAS payload as part of
> CAS 4.0 (CAS Protocol 2.1 rev), that would mostly make the SAML1
> payload obsolete.
Virginia Tech and many other members of our community are happily
using SAML for CAS attribute release throughout the enterprise where
there
BTW, the lightweight JSON validation response with released attributes
already exists in cas-addons and could be the basis for the revised CAS
response protocol in 4.0
https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response
Cheers,
Dmitriy.
On Thu, Sep 6, 2012 at 2:54 PM,
If we've settled on adding attributes to the CAS payload as part of
CAS 4.0 (CAS Protocol 2.1 rev), that would mostly make the SAML1
payload obsolete.
Why not make SAML1 / GoogleAppsSaml2 support (and their dependancies)
optional like the rest of the modules for 4.0?
Bill
On Thu, Sep 6, 2012 at
Or there is another option - use an excellent SAML plugin for CAS called
Shibboleth :-)
Cheers,
D.
Sent from my iPhone
On Sep 6, 2012, at 9:39, Marvin Addison wrote:
>> Between 3.5.0 and 3.5.1-SNAPSHOT versions, the size of the webapp has
>> increased strongly : 22M -> 31M.
>
> That's a ~50
On Sep 6, 2012, at 1:25 AM, jleleu wrote:
> Hi,
>
> I deserve the question ;-)
> I really appreciate all feedbacks on use cases and solutions, but when it
> comes to contribute, things are getting a little harder.
> We have to re-challenge the functional need and the technical solution.
>
> Le
Thank you Marvin and Dale for the precious remarks.
I followed the advice of Dale (I knew that page, but I was looking at the Java
example only, as I don't know Python) I've changed the code in order to follow
the Spring Security calls.
I obtain exactly the same result, but now, looking at the
> Between 3.5.0 and 3.5.1-SNAPSHOT versions, the size of the webapp has
> increased strongly : 22M -> 31M.
That's a ~50% increase. Bummer.
> I see that all big libraries come from SAML dependency.
> It happens with "CAS-951 Upgrade to OpenSAML 2.x"
> https://github.com/Jasig/cas/pull/91/files.
>
> In order to discard old TGT with different IP, you have to query your ticket
> registry with the username : it's not in the default API, I don't like the
> idea to expose this as a default method as for security reason, ticket
> registries should only be queried by (ticket) id. So it's so
