We have a web application that requests username + password to access, checking the credentials in the AD.
We need to add another authentication factor (like pin+token) and we have in place AM+IDR+CAS and only hardware tokens.
The application can only talk SAML and so we are thinking to integrate the application with CAS using SAML.
My question: how can I integrate my application with RSA CAS, using the CAS just only for prompt users to insert pin+token , while user/password are handled by the application we have?
So the flow should be:
1. User click to the application link
2. Application asks for username+password; user enters username+password
3. User is redirect to CAS and insert pin+token (hardware token)
4. CAS validate and redirects user to the target application
How can I obtain it? It is a SAML configuration where my app is IDP and CAS SP? Can you suggest me the best approach?