On Tue, Apr 10, 2012 at 10:17 AM, Ben Branch <bbra...@uco.edu> wrote: > I've reviewed the shib-cas-authenticator project and that looks very > interesting. I had a few more questions with regards to the Shibboleth-CAS > integration. Our main use for this will be for services that do not use CAS > for authentication, but prefer to use Shibboleth. Our goal is to have an > environment where we can use both CAS based services and Shibboleth based > services. We feel that this will increase our ability to accept hosted > solutions and broaden our scope of applications for which we can use.
Indeed! > So, my question...is the Shib-CAS Authenticator project meant to be a total > replacement for CAS or is it merely a couple of java webapps that we deploy > with our existing CAS deployment? shib-cas-authenticator is essentially a plug-in for your Shib IdP that provides better (meaning more SAML to CAS bridging behavior) than the RemoteUser authentication method described in https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration. > My second question is, if we follow the Shib-CAS integration document on the > CAS Wiki, will it also help us achieve the goals I've stated above? Yes, either approach will enable users to access Shib SP or CAS client protected sites. The shib-cas-authenticator would also preserve the Forced Auth (renew=true) and isPassive (gateway) behavior of SAML authN requests. > And if so, under the "Modify IDP Deployable web.xml", is this speaking of the > CAS web.xml or the Shibboleth IDP web.xml? This is the IdPs web.xml and is for configuring the CAS client that sits in front of the IdP. Best, Bill > > > Ben Branch > Sun Administrator > University of Central Oklahoma > ITIL Foundation v3, Network+ > > 100 N. University Drive, Box 122 > Edmond, OK 73034 > D: 405.974.2649 | M: 405.550.6804 | bbra...@uco.edu | www.uco.edu > > "If you wish to know your past, look at your present conditions. If you wish > to know your future, look at your present actions." - Siddhartha Gautama > > -----Original Message----- > From: William G. Thompson, Jr. [mailto:wgt...@gmail.com] > Sent: Monday, April 09, 2012 11:40 AM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] Integrating Shibboleth into CAS Documentation > > Unicon has done of bunch of these over the years and we usually recommend > turning off the Shib SSO auth handler so that only CAS maintains the SSO > session. This has the nice side effect of enabling users to end the CAS/Shib > SSO session via /cas/logout. > > Ben, you might also be interested in an improved Shib/CAS integration > approach that bridges more of the SAML feature space: > > https://github.com/Unicon/shib-cas-authenticator > > Best, > Bill > > > On Mon, Apr 9, 2012 at 11:09 AM, Marvin S. Addison <marvin.addi...@gmail.com> > wrote: >>> How up2date is the Shibboleth-CAS documentation? >> >> >> If you're referring to >> https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration, I >> recently reviewed and updated it within the past 60 days. >> >> As for your stated understanding of the behavior, it's correct. Note >> that the CAS SSO session and Shib IdP SSO sessions are totally >> independent after creation. This has the notable consequence that >> logging out of CAS, even with single sign-out configured, has no effect on >> the Shib SSO session. >> >> >> M >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> wgt...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: bbra...@uco.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and > Green! Please print this e-mail only if absolutely necessary! > > **CONFIDENTIALITY** This e-mail (including any attachments) may contain > confidential, proprietary and privileged information. Any unauthorized > disclosure or use of this information is prohibited. > > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: wgt...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user