Trusted authentication (pre authentication) as an auth source for SAML in CAS

[Krzysztof Zych]

Hi all,

I have following flow to support:

1) User goes to application.

2) Pre-authentication method checks if user is authenticated and redirect the user to application with additional header(s).

3) An application sends a SAML2 AuthnRequest to CAS IdP with additional header(s) from point 2.

4) CAS read additional header(s) and authenticates the user and sends a SAML2 response.

Point 2 is not always present, but we can assume that CAS will always get SAML2 AuthnRequest with additional header(s) that identify the user.

The reason why we do not want to support pre-authentication in the application is that we have them many.

Is it possible to support that flow above with current authentication methods and services? If yes, can you give me clue how to do it right?

Thanks,

Krzysztof