Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the relation between CAS vs SAML?

I understand that CAS and SAML are different protocols used for Single-sign on purposes but, what confuses me is articles that say "CAS has an SAML implementation".

Aren't CAS and SAML different ways of how Single Sign-on can be implemented ?

Lets say, the client's enterprise has a SAML Server but, a 3rd party website says they support CAS based SSO. In this case, the end-user would have initially logged into the enterprise system. When accessing the 3rd party website will it connect to the Enterprise SAML Server looking for a SAML assertion ?


  1. What exactly is the relation between CAS and SAML ?

  2. Where exactly would CAS come in the above said set-up ?

like image 525
yathirigan Avatar asked Apr 28 '17 09:04

yathirigan


2 Answers

There is CAS, the protocol. Then there is CAS, the software implementing that protocol and many many others.

The software is located here: https://github.com/apereo/cas

Note the README: "CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name, hosted here."

Many software products, like the Apereo CAS server, support more than one protocol at the same time. So the Apereo CAS software can support CAS, SAML2 and OAuth, etc protocols at the same time. The Shibboleth IdP for instance can support SAML2, SAML1 and CAS at the same time.

So your question of:

Aren't CAS and SAML different ways of how Single Sign-on can be implemented ?

Yes, they are different protocols in many ways providing or achieving the same thing.

Where exactly would CAS come in the above said set-up ?

The SAML server needs to also support the CAS protocol for that 3rd party website, or you need a separate CAS deployment that delegates authentication to the SAML server...or it's not happening.

like image 91
Misagh Moayyed Avatar answered Oct 21 '22 12:10

Misagh Moayyed


While the accepted answer is accurate, it is incomplete. The CAS 3.0 (protocol) specification incorporates SAML 1.1 messages directly. They are used for interacting with the /SAMLvalidate endpoint as described here: https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-Specification.html#42-samlvalidate-cas-30

like image 40
BryKKan Avatar answered Oct 21 '22 10:10

BryKKan