Usually CAS client's useSession=true is the culprit here. Dmitriy.
Sent from my iPhone On Jan 11, 2013, at 19:45, Andrew Morgan <[email protected]> wrote: > On Wed, 9 Jan 2013, Andrew Petro wrote: > >> Hi Farzan, >> >> Shibboleth can be complex, yes, with much to learn about it and many >> opportunities to configure. >> >> The CAS-Shibboleth bridging piece isn't too bad. Here's my favorite >> solution: >> >> https://github.com/Unicon/shib-cas-authenticator >> >> I thought this presentation was pretty good: >> >> https://wiki.jasig.org/x/AxMoAw >> >> Hope that helps, >> >> Andrew > > I watched this presentation and read about the shib-cas-authenticator. Neat > stuff! > > I have already configured Shibboleth IdP v2.3.8 to use CAS authentication as > described here: > > https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration > > (Install the CAS Client for Java, configure IdP to use the RemoteUser > LoginHandler). > > After seeing your presentation, I commented out the PreviousSession > LoginHandler in handler.xml, thinking that all requests to the IdP would go > back to CAS. My goal was to have just a single SSO session rather than CAS + > Shibboleth SSO sessions. > > However, it appears that the CAS Client for Java in the IdP is keeping the > session "alive". Even if I logout of CAS, I am not redirected to CAS for a > new ST the next time use the IdP. I assume the CAS Client for Java is > storing my authenticated state in the Jsession. > > Any thoughts on this? Would setting useSession=false on the CAS Validation > Filter work? Can the CAS and Shibboleth sessions be bridged without using > the shib-cas-authenticator? > > Thanks, > Andy > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
