AnsweredAssumed Answered

Use CAS only for second factor authentication in SAML

Question asked by Falco Dussault on Apr 14, 2020

Hello,

We have a web application that requests username + password to access, checking the credentials in the AD.

We need to add another authentication factor (like pin+token) and we have in place AM+IDR+CAS and only hardware tokens.

The application can only talk SAML and so we are thinking to integrate the application with CAS using SAML.

My question: how can I integrate my application with RSA CAS, using the CAS just only for prompt users to insert pin+token , while user/password are handled by the application we have?

So the flow should be:

1. User click to the application link

2. Application asks for username+password; user enters username+password

3. User is redirect to CAS and insert pin+token (hardware token)

4. CAS validate and redirects user to the target application

 

How can I obtain it? It is a SAML configuration where my app is IDP and CAS SP? Can you suggest me the best approach?

Thanks

Outcomes