Adding Shibboleth to CAS

[Cantor, Scott]

On 2/26/13 3:59 PM, "Stein, Eric" <steine at locustec.com> wrote:

>Hi,
>  My organization is currently using CAS as our SSO application, based
>off of authentication information in a database. We'd like to support a
>client who has their own SSO solution and wants to connect to our
>CAS-protected applications using SAML 2.0. We are not interested in
>moving away from CAS or our database authentication store.

Shibboleth is not one product, and it isn't really that clear which part
you're evaluating. At the end of the day, you can bridge the systems in
either direction, with some significant impact on what's involved.

Shibboleth isn't necessarily the best option for bridging but there are
various options like:

- protect a CAS login server with a Shibboleth SP, and point your customer
at that SP as the integration point

- protect the application with a Shibboleth SP, and then protect a
Shibboleth IdP with CAS as Mike described or in other ways

- possibly look at the new SP feature for plugging in external
authentication so that you can deploy the SP and support CAS at the same
time at the application end

> Is this
>something that Shibboleth can support? I know there's a plug-in for CAS.
>I just want to make sure we can leverage Shibboleth without making us
>migrate our user/password info from the database to Shibboleth.

Neither Shibboleth nor CAS store user data inside themselves, that part is
outside both.

-- Scott