Is SAML 1 still in issue with CAS Shib (v6.3.x)? Also, current standalone shib is at /idp-security/ I would like to use the out of the box shib instead. Is there any way to change the cas shib from /auth/idp to /idp-security so that I don't have to ask my SAML clients to change? Or do I need a URL rewrite on the apache end? I suppose I need the rewrite since cas is running on /auth context.
-psv On Saturday, April 11, 2020 at 7:41:26 PM UTC-5 Jason Everling wrote: > I didn't know that about SAML 1, I would have to dig into our services and > see if any are still using it, but thanks, these kinds of things is what I > was looking for, I would have been in the same boat as you. We have ADFS as > well but even that uses Shib ( from the olden days when Shib barely > supported o365 and still needed ADFS) which in turn redirects to CAS, so > nobody ever sees ADFS, really would like to get down to just a single sso > platform since I have CAS automated and its just way to simple to update > and change configurations with a few commands from dev to prod deployment. > > Thanks! > Jason > > On Sat, Apr 11, 2020 at 5:27 PM stonej <[email protected]> wrote: > >> We use CAS in front of Shib, I wanted to move to CAS Shib, which as you >> say reduces complexity etc, I had done it all, got everything running, but >> couldn't get SAML1 working correctly, and a few of our providers still use >> SAML1 so had to back track and move to the unicorn shib-cas plugin with CAS >> 6.1.4. >> >> If you only need SAML2 then CAS Shib works fine, but for SAML1 as well, >> you still need to use shibboleth. >> >> >> On Thursday, April 9, 2020 at 8:26:19 PM UTC+1, Jason Everling wrote: >>> >>> Has anyone moved from standalone Shib to the built-in CAS Shib? I am >>> looking to migrate ours, reduce complexity in our sso environment, we never >>> really used Shib as a login source, CAS was always redirected to by Shib >>> and I am curious on how you handled the new deployment. Did you just update >>> DNS and create rewrite rules so that requests are still routed correctly >>> without having to tell every service provider to update their urls? Was >>> there anything missing that you had to come up with a unique solution for >>> or was a straight forward migration? >>> >>> Thanks for any insights you might be able to share! >>> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2fdaa8f0-7000-46a8-a9e5-70c196164020%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2fdaa8f0-7000-46a8-a9e5-70c196164020%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f023b371-c428-4769-ad20-d1855014110bn%40apereo.org.
