I went the other way (Shibboleth over CAS) with great success. Exposes CAS to cas clients and Shibboleth to Shibboleth clients and creates a faked SSO between CAS and Shibboleth clients. Does require medium level knowledge of Shibboleth to pull off though. BTW, did not intend this to spark a debate, we had an existing Shibboleth deployment and needed to add CAS support.
http://code.google.com/p/casshib/ Todd Dergenski Old Dominion University Senior Security Administrator 4700 Elkhorn Ave - Room 4300 Norfolk, Va, 23529 USA (757) 683-4301 [email protected]<mailto:[email protected]> From: Farzan Qureshi [mailto:[email protected]] Sent: Wednesday, January 09, 2013 3:27 PM To: [email protected] Subject: Re: [cas-user] CAS and IDP solution It's whole new project, I must say :) Thanks Andrew. I will look into it. Farzan On 10 January 2013 08:21, Andrew Petro <[email protected]<mailto:[email protected]>> wrote: Hi Farzan, Shibboleth can be complex, yes, with much to learn about it and many opportunities to configure. The CAS-Shibboleth bridging piece isn't too bad. Here's my favorite solution: https://github.com/Unicon/shib-cas-authenticator I thought this presentation was pretty good: https://wiki.jasig.org/x/AxMoAw Hope that helps, Andrew On Wed, Jan 9, 2013 at 2:13 PM, Farzan Qureshi <[email protected]<mailto:[email protected]>> wrote: Hi Andrew, Do you know any source of good documentation on bridging CAS and Shiboleth? Shibboleth is very complex to configurebut as it is now a requirement at my organization thus i am studying how it works. Please guide me how to start. We have a working cas install and several applications are casified and running successfully. Thanks for your help. Farzan On Thursday, 10 January 2013, Andrew Petro <[email protected]<mailto:[email protected]>> wrote: > Hi Farzan, > If you want to do SAML integrations complete with IdP metadata and so forth, > I recommend bridging to the Shibboleth IdP to handle SAML heavy lifting. > Shibboleth IdP is CASifiable such that users log in via CAS. End user > experience is still CAS login. Vendor / integrator experience is > full-featured SAML2 with metadata and federation support and all the > excruciatingly rigorous standards you can stand. :) The combination has > worked out pretty well at numerous adopters. > Kind regards, > Andrew > > > On Tue, Jan 8, 2013 at 4:18 PM, Farzan Qureshi > <[email protected]<mailto:[email protected]>> wrote: >> >> Hi, >> >> We are running an application. The vendor of the application is asking us to >> send an idp metadata file so that they can generate saml response and enable >> SSO functionality in the app. May I know how I should go about this? We have >> casified several applications but haven't gone through this step thus not >> sure what they are asking for or how do I provide the requested metadata >> file. Does anyone of you have ideas? >> >> Kind regards, >> >> Farzan >> >> This email and any files transmitted with it are confidential and intended >> solely for the use of the individual or entity to whom they are addressed. >> If you have received this email in error please notify the system manager >> ([email protected]<mailto:[email protected]>). Please note that >> any views or opinions presented in this email are solely those of the author >> and do not necessarily represent those of the company. Finally, the >> recipient should check this email and any attachments for the presence of >> viruses. Rosmini College accepts no liability for any damage caused by any >> virus transmitted by this email. >> >> -- >> You are currently subscribed to >> [email protected]<mailto:[email protected]> as: >> [email protected]<mailto:[email protected]> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to > [email protected]<mailto:[email protected]> as: > [email protected]<mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([email protected]<mailto:[email protected]>). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([email protected]<mailto:[email protected]>). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user ________________________________ Spam<https://www.spamtrap.odu.edu/canit/b.php?i=02IJU7juP&m=f3b28c72400a&t=20130109&c=s> Not spam<https://www.spamtrap.odu.edu/canit/b.php?i=02IJU7juP&m=f3b28c72400a&t=20130109&c=n> Forget previous vote<https://www.spamtrap.odu.edu/canit/b.php?i=02IJU7juP&m=f3b28c72400a&t=20130109&c=f> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
