http://jasig.github.io/cas/development/installation/Configuring-SAML2-Authentication.html
Whether this works for your needs or not is something you should of course seriously evaluate prior to making the jump. There are overlays and such available for enthusiasts to try out this functionality and report feedback, and of course if/when you do and find missing pieces, we’d love to work with you and collaborate to add what might be missing. The changes are in the master branch, which is a functional but fairly moving target at this point. If you know what you’re doing and are comfortable merging changes back and forth, you’d be fine. But just as equally, you may want to give it one or two weeks before grabbing the latest snapshot. From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David Curry Sent: Thursday, April 21, 2016 9:13 AM To: CAS Community <cas-user@apereo.org> Subject: [cas-user] 4.x SAML documentation Hopefully this isn't too dumb a question; I haven't been able to find a definitive answer anywhere. Right now we're using CAS 3.5.x (we're waiting for summer and 4.3.x with MFA) as our primary authentication/single sign-on. We also have Shibboleth 2.4.x for those few services that don't support CAS; it's configured with shib-cas-authn2 to redirect to CAS to perform the authentication, which makes everything transparent to the users. All in all, this has been working really well. Is the improved SAML support in CAS 4.x going to let us achieve the same end result of users only having to authenticate once and then be able to access both CAS-based and SAML-based services? In other words, is the intention that we'll be able to get rid of Shibboleth, since we're not using it for anything special, and just do it all with CAS 4.x? As a follow-up, is the improved SAML support and CAS/SAML interaction documented yet? The only stuff I can find on the web site appears to be the same "we support SAML1 and SAML2 only as much as Google Apps needs" stuff that's been there since forever. Should I be looking somewhere else? Thanks, Dave Curry The New School -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To post to this group, send email to cas-user@apereo.org <mailto:cas-user@apereo.org> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/425abc37-f273-41cb-9322-741ef508c025%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/425abc37-f273-41cb-9322-741ef508c025%40apereo.org?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/002601d19bea%245980f090%240c82d1b0%24%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.