The Matrix Client-Server spec includes a section on client login using Central Authentication Service (CAS).
The spec currently fails to mention it, but this process is triggered when GET /login
returns a flow type of m.login.cas
.
Nothing in this flow is specific to CAS - it is equally applicable for other web-based single-sign-on processes, such as SAML.
Accordingly, we should rename cas
to sso
.
-
m.login.sso
should be defined as a valid login type for return fromGET /login
. (We should probably mentionm.login.cas
in the spec while we are there.) -
When a client wishes to use the SSO login type, it should redirect to
/_matrix/client/r0/login/sso/redirect
(instead of/_matrix/client/r0/login/cas/redirect
). -
Servers should treat
/_matrix/client/r0/login/sso/redirect
identically to/_matrix/client/r0/login/cas/redirect
: they should issue a redirect to their configured single-sign-on system. -
Servers which support
m.login.sso
should make sure they update their login fallback page to understand the new login type.