archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
release/v1.16
release/v1.15
release/1.14
release/v1.13
release/v1.12
release/v1.11
tulir/msc4142
release/v1.10
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e8674688e6'
${ noResults }
matrix-spec/proposals/1721-rename-cas-to-sso.md

1.4 KiB
Raw Blame History

MSC1721: Rename m.login.cas to m.login.sso

The Matrix Client-Server spec includes a section on client login using Central Authentication Service (CAS).

The spec currently fails to mention it, but this process is triggered when GET /login returns a flow type of m.login.cas.

Nothing in this flow is specific to CAS - it is equally applicable for other web-based single-sign-on processes, such as SAML.

Accordingly, we should rename cas to sso.

Proposal

  1. m.login.sso should be defined as a valid login type for return from GET /login. (We should probably mention m.login.cas in the spec while we are there.)

  2. When a client wishes to use the SSO login type, it should redirect to /_matrix/client/r0/login/sso/redirect (instead of /_matrix/client/r0/login/cas/redirect).

  3. Servers should treat /_matrix/client/r0/login/sso/redirect identically to /_matrix/client/r0/login/cas/redirect: they should issue a redirect to their configured single-sign-on system.

  4. Servers which support m.login.sso should make sure they update their login fallback page to understand the new login type.