Support for authentication with SAML (Google Accounts)

[GoogleCodeExporter]

We want to know whether RubyCAS-Server is usable for the certification of
Google Apps. 

I seem to support SAML in CAS3.1, but does RubyCAS-Server have a plan of
the implementation?
http://www.ja-sig.org/wiki/display/CASUM/SAML+2.0+(Google+Accounts+Integration)

Original issue reported on code.google.com by gt.w...@gmail.com on 19 Oct 2007 at 3:34

[GoogleCodeExporter]

The short answer is that right now, no, there is no support for SAML.

However, this is something I had a quick look at a while back and thought it 
might be
interesting. It hasn't made it on the to-do list yet mainly because the 
organization
for which I primarily develop RubyCAS-Server has no current need for SAML
authentication. It would have to be something I (or perhaps someone else?) 
implements
on my spare time, of which I have very little lately.

That said, I really like the idea of making RubyCAS-Server compatible with 
Google's
SSO scheme, so this is something that will almost certainly get implemented 
sooner or
later.

Original comment by matt.zuk...@gmail.com on 19 Oct 2007 at 4:49

• Changed title: Support for authentication with SAML (Google Accounts)
• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

I give an early answer, and thank you. 

I think the appearance of the application such as Google Apps to spread
authentication system such as the CAS. 

It wants us in reality early. 

Can I cooperate with us?

Original comment by gt.w...@gmail.com on 19 Oct 2007 at 5:25

[GoogleCodeExporter]

Original comment by matt.zuk...@gmail.com on 22 Feb 2008 at 4:39

• Added labels: Milestone-0.7.0

[GoogleCodeExporter]

Are you looking just for a Google Accounts authenticator (so that you can log 
in to a
CAS server using your Google username and password), or are you looking for 
full SAML
support?

The former appears to be fairly easy to do, the latter considerably harder. Not
wanting to hold back the release of RubyCAS-Server 0.7.0 I think I will 
implement the
easy Google authenticator for now, and hold off on the full-fledged SAML
authenticator until later.

If anyone wants to help with the SAML effort, please by all means let me know. 
Full
SAML support is currently not something that RubyCAS-Server's sponsoring 
organization
is interested in, so it will be difficult to get the resources needed to 
implement
this for the time being.

Original comment by matt.zuk...@gmail.com on 18 Jun 2008 at 9:58

• Removed labels: Milestone-0.7.0

[GoogleCodeExporter]

Is the google authenticator still going to be included in the 0.7.0 release ?

Original comment by naisa...@gmail.com on 17 Sep 2008 at 1:24

[GoogleCodeExporter]

Yes, the basic Google Authenticator will be included.

Original comment by matt.zuk...@gmail.com on 26 Sep 2008 at 6:38

• Added labels: Milestone-0.7.0

[GoogleCodeExporter]

Original comment by matt.zuk...@gmail.com on 26 Sep 2008 at 6:39

• Changed state: OnHold

[GoogleCodeExporter]

FYI I've added the Google authenticator to RubyCAS-Server as of rev. 328. This 
will
be released in 0.7.0 in the next week or so. If possible, I would appreciate if 
you
tested this new functionality for me before it gets released.

Original comment by matt.zuk...@gmail.com on 26 Sep 2008 at 7:31

[GoogleCodeExporter]

If anyone else has an issue with this, I found a workaround using simpleSAMLphp 
until 
this is implemented. Contact me for details if you're curious.

Original comment by pho3nixf1re84 on 12 May 2010 at 10:02

[GoogleCodeExporter]

 pho3nixf1re84 - what was your approach?

Original comment by woodh...@gmail.com on 20 May 2010 at 9:44

[GoogleCodeExporter]

simpleSAMLphp provides our SAML service and uses RubyCAS as the identity 
provider. 
simpleSAMLphp takes a bit of figuring out but it's not too bad. Took us about a 
day 
to get everything working correctly. It requires the ability to contact your 
LDAP 
service as well, so be sure whatever server it lives on can do that. We put 
both 
RubyCAS and simpleSAMLphp on the same box. The whole setup was a life saver as 
none 
of us know Java well enough to get Jasig's version running securely and 
correctly.

Here's the flow:

  1. Google domain login redirects to simpleSAMLphp service
  2. simpleSAMLphp redirects to RubyCAS
  3. User authenticates
  4. RubyCAS sends ticket to simpleSAMLphp
  5. simpleSAMLphp sends the user back to Google with SAML response

Original comment by pho3nixf1re84 on 20 May 2010 at 10:10

[GoogleCodeExporter]

Issue 96 has been merged into this issue.

Original comment by matt.zuk...@gmail.com on 8 Jun 2010 at 9:53

[GoogleCodeExporter]

Original comment by matt.zuk...@gmail.com on 8 Jun 2010 at 9:53

• Removed labels: Milestone-0.7.0

[GoogleCodeExporter]

I was just wondering whether any progress had been made on this?

I'm using mod_auth_cas (on an updated branch with SAML support) so that I can 
authenticate certain users to certain sites. At the moment, this can only be 
done via SAML attributes, which it appears rubycas-server doesn't support. In 
the mean time, I may give the simpleSAMLphp suggestion a go.

Original comment by jgxenite on 17 Apr 2012 at 11:51