Unicon has done of bunch of these over the years and we usually recommend turning off the Shib SSO auth handler so that only CAS maintains the SSO session. This has the nice side effect of enabling users to end the CAS/Shib SSO session via /cas/logout.
Ben, you might also be interested in an improved Shib/CAS integration approach that bridges more of the SAML feature space: https://github.com/Unicon/shib-cas-authenticator Best, Bill On Mon, Apr 9, 2012 at 11:09 AM, Marvin S. Addison <[email protected]> wrote: >> How up2date is the Shibboleth-CAS documentation? > > > If you're referring to > https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration, I recently > reviewed and updated it within the past 60 days. > > As for your stated understanding of the behavior, it's correct. Note that > the CAS SSO session and Shib IdP SSO sessions are totally independent after > creation. This has the notable consequence that logging out of CAS, even > with single sign-out configured, has no effect on the Shib SSO session. > > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
