Is SAML 1 still in issue with CAS Shib (v6.3.x)? Also, current standalone shib is at /idp-security/ I would like to use the out of the box shib instead. Is there any way to change the cas shib from /auth/idp to /idp-security so that I don't have to ask my SAML clients to change? Or do I need a URL rewrite on the apache end? I suppose I need the rewrite since cas is running on /auth context.
-psv On Saturday, April 11, 2020 at 7:41:26 PM UTC-5 Jason Everling wrote: > I didn't know that about SAML 1, I would have to dig into our services and > see if any are still using it, but thanks, these kinds of things is what I > was looking for, I would have been in the same boat as you. We have ADFS as > well but even that uses Shib ( from the olden days when Shib barely > supported o365 and still needed ADFS) which in turn redirects to CAS, so > nobody ever sees ADFS, really would like to get down to just a single sso > platform since I have CAS automated and its just way to simple to update > and change configurations with a few commands from dev to prod deployment. > > Thanks! > Jason > > On Sat, Apr 11, 2020 at 5:27 PM stonej <sto...@hope.ac.uk> wrote: > >> We use CAS in front of Shib, I wanted to move to CAS Shib, which as you >> say reduces complexity etc, I had done it all, got everything running, but >> couldn't get SAML1 working correctly, and a few of our providers still use >> SAML1 so had to back track and move to the unicorn shib-cas plugin with CAS >> 6.1.4. >> >> If you only need SAML2 then CAS Shib works fine, but for SAML1 as well, >> you still need to use shibboleth. >> >> >> On Thursday, April 9, 2020 at 8:26:19 PM UTC+1, Jason Everling wrote: >>> >>> Has anyone moved from standalone Shib to the built-in CAS Shib? I am >>> looking to migrate ours, reduce complexity in our sso environment, we never >>> really used Shib as a login source, CAS was always redirected to by Shib >>> and I am curious on how you handled the new deployment. Did you just update >>> DNS and create rewrite rules so that requests are still routed correctly >>> without having to tell every service provider to update their urls? Was >>> there anything missing that you had to come up with a unique solution for >>> or was a straight forward migration? >>> >>> Thanks for any insights you might be able to share! >>> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2fdaa8f0-7000-46a8-a9e5-70c196164020%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2fdaa8f0-7000-46a8-a9e5-70c196164020%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f023b371-c428-4769-ad20-d1855014110bn%40apereo.org.
