Hi Andy, Can you help me in configuring Shibboleth idp? It looks like a nightmare to me when I started to read how to configure shibboleth...
Actually I am confused how to configure shibboleth and which feature of it to make it work with my cas and with running applications at my org. Farzan Qureshi ------------------ Rosmini College Network Administrator & Helpdesk support Sent from my SIII On 12/01/2013 1:46 PM, "Andrew Morgan" <[email protected]> wrote: > On Wed, 9 Jan 2013, Andrew Petro wrote: > > Hi Farzan, >> >> Shibboleth can be complex, yes, with much to learn about it and many >> opportunities to configure. >> >> The CAS-Shibboleth bridging piece isn't too bad. Here's my favorite >> solution: >> >> https://github.com/Unicon/**shib-cas-authenticator<https://github.com/Unicon/shib-cas-authenticator> >> >> I thought this presentation was pretty good: >> >> https://wiki.jasig.org/x/**AxMoAw <https://wiki.jasig.org/x/AxMoAw> >> >> Hope that helps, >> >> Andrew >> > > I watched this presentation and read about the shib-cas-authenticator. > Neat stuff! > > I have already configured Shibboleth IdP v2.3.8 to use CAS authentication > as described here: > > > https://wiki.jasig.org/**display/CASUM/Shibboleth-CAS+**Integration<https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration> > > (Install the CAS Client for Java, configure IdP to use the RemoteUser > LoginHandler). > > After seeing your presentation, I commented out the PreviousSession > LoginHandler in handler.xml, thinking that all requests to the IdP would go > back to CAS. My goal was to have just a single SSO session rather than CAS > + Shibboleth SSO sessions. > > However, it appears that the CAS Client for Java in the IdP is keeping the > session "alive". Even if I logout of CAS, I am not redirected to CAS for a > new ST the next time use the IdP. I assume the CAS Client for Java is > storing my authenticated state in the Jsession. > > Any thoughts on this? Would setting useSession=false on the CAS > Validation Filter work? Can the CAS and Shibboleth sessions be bridged > without using the shib-cas-authenticator? > > Thanks, > Andy > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ( [email protected]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini Collegeaccepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
