On Wed, 9 Jan 2013, Andrew Petro wrote:
Hi Farzan,
Shibboleth can be complex, yes, with much to learn about it and many
opportunities to configure.
The CAS-Shibboleth bridging piece isn't too bad. Here's my favorite
solution:
https://github.com/Unicon/shib-cas-authenticator
I thought this presentation was pretty good:
https://wiki.jasig.org/x/AxMoAw
Hope that helps,
Andrew
I watched this presentation and read about the shib-cas-authenticator.
Neat stuff!
I have already configured Shibboleth IdP v2.3.8 to use CAS authentication
as described here:
https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration
(Install the CAS Client for Java, configure IdP to use the RemoteUser
LoginHandler).
After seeing your presentation, I commented out the PreviousSession
LoginHandler in handler.xml, thinking that all requests to the IdP would
go back to CAS. My goal was to have just a single SSO session rather than
CAS + Shibboleth SSO sessions.
However, it appears that the CAS Client for Java in the IdP is keeping the
session "alive". Even if I logout of CAS, I am not redirected to CAS for
a new ST the next time use the IdP. I assume the CAS Client for Java is
storing my authenticated state in the Jsession.
Any thoughts on this? Would setting useSession=false on the CAS
Validation Filter work? Can the CAS and Shibboleth sessions be bridged
without using the shib-cas-authenticator?
Thanks,
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
