For Dave's docs: We too have been working on using cas 5.2's saml2 capabilities to replace a full shibboleth. Not quite there yet, but still working on it.
FWIW - We use apache's mod_ajp to front tomcat and these lines are what we use in proxy_ajp.conf: ProxyPass /cas ajp://localhost:8009/cas # CAS for IDP ProxyPass /idp/shibboleth ajp://localhost:8009/cas/idp/metadata ProxyPass /idp ajp://localhost:8009/cas/idp The first is just for regular cas redirects to the cas app on the local tomcat. The latter is specific for the IDP. We publish our IDP metadata to InCommon which is turn published to all it's subscribers in their metadata aggregate. We could republish of course changing host/idp to host/cas/idp, but to make the switch seamless, and to not break non-incommon SP's that we have to manually exchange metadata with, we use proxy_ajp to send host/idp requests to localhost/cas/idp with this line: ProxyPass /idp ajp://localhost:8009/cas/idp We have also found that some SP's specifically check idp/shibboleth which is not an endpoint cas provides, cas publishes it's IDP metadata as /cas/idp/metadata so we use this line to send /idp/shibboleth requests to /cas/idp/metadata. ProxyPass /idp/shibboleth ajp://localhost:8009/cas/idp/metadata Fortunately, the way ajp works is top to bottom order so the more specific /idp/shibboleth is used before the more generic /idp line. You may need to similar, perhaps with your load balancer. We use a load balancer as well, in front of apache, but found the redirect easiest with apache's ajp. -W On Monday, February 5, 2018 at 12:14:53 PM UTC-6, Chris Cheltenham wrote: > > Hello, > > I am not understanding how to bundle the LDAP authentication handler into > the cas.war file. > > Any suggestions? > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f4df5045-a965-4a24-9243-b611b2d304af%40apereo.org.
