What is the relation between CAS vs SAML?

yathirigan picture yathirigan · Apr 28, 2017 · Viewed 11.8k times · Source

I understand that CAS and SAML are different protocols used for Single-sign on purposes but, what confuses me is articles that say "CAS has an SAML implementation".

Aren't CAS and SAML different ways of how Single Sign-on can be implemented ?

Lets say, the client's enterprise has a SAML Server but, a 3rd party website says they support CAS based SSO. In this case, the end-user would have initially logged into the enterprise system. When accessing the 3rd party website will it connect to the Enterprise SAML Server looking for a SAML assertion ?


  1. What exactly is the relation between CAS and SAML ?

  2. Where exactly would CAS come in the above said set-up ?

Answer

Misagh Moayyed picture Misagh Moayyed · Apr 29, 2017

There is CAS, the protocol. Then there is CAS, the software implementing that protocol and many many others.

The software is located here: https://github.com/apereo/cas

Note the README: "CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name, hosted here."

Many software products, like the Apereo CAS server, support more than one protocol at the same time. So the Apereo CAS software can support CAS, SAML2 and OAuth, etc protocols at the same time. The Shibboleth IdP for instance can support SAML2, SAML1 and CAS at the same time.

So your question of:

Aren't CAS and SAML different ways of how Single Sign-on can be implemented ?

Yes, they are different protocols in many ways providing or achieving the same thing.

Where exactly would CAS come in the above said set-up ?

The SAML server needs to also support the CAS protocol for that 3rd party website, or you need a separate CAS deployment that delegates authentication to the SAML server...or it's not happening.