ADFS CASification (SSO for Office365 Apps?)

[rdev5]

Copied from apero/cas #1085:

Does the ADFS CASification project now mean that:

CAS can be used to single sign-on into ADFS such that logging into CAS will authorize you in ADFS and it follows that CAS may now be used to single sign-on users into Office 365 apps. (ADFS CASification)

[rdev5]

Also, it does not appear that this method is a valid approach in ADFS 3.0 as IIS has been removed as a requirement now:

• https://technet.microsoft.com/en-us/library/dn636121(v=ws.11).aspx
• https://technet.microsoft.com/en-us/library/dn280950(v=ws.11).aspx

[jtgasper3]

Yes, it is turning ADFS into a CAS client. It is likely still do able in v3, however ADFS stores the code as literals/resources in a .dll. It is possible to use Visual Studio (or other resource aware utility) to extract the strings as files, edit the change and re-insert the updated file(s).

I should warn you that the CASification approach is highly problematic as it uses ClearPass, which uses CAS proxy (unless on a very recent release of CAS Server) and if using the legacy ClearPass approach, then the CAS client's proxy ticket registry on ADFS must be clustered if you are running multiple ADFS nodes.

You'd be better off using something like Shibboleth IdP to bridge CAS and ADFS. Unicon has successfully helped many clients do exactly that.