Adding Shibboleth to CAS

Mike Flynn shibbolethlynda at
Wed Feb 27 10:33:03 EST 2013

FWIW, I have an academic IdP that runs CAS and connects to my Shib SP via SAML.  Works fine.

 From: "Cantor, Scott" <cantor.2 at>
To: Shib Users <users at> 
Sent: Tuesday, February 26, 2013 4:22 PM
Subject: Re: Adding Shibboleth to CAS
On 2/26/13 3:59 PM, "Stein, Eric" <steine at> wrote:

>  My organization is currently using CAS as our SSO application, based
>off of authentication information in a database. We'd like to support a
>client who has their own SSO solution and wants to connect to our
>CAS-protected applications using SAML 2.0. We are not interested in
>moving away from CAS or our database authentication store.

Shibboleth is not one product, and it isn't really that clear which part
you're evaluating. At the end of the day, you can bridge the systems in
either direction, with some significant impact on what's involved.

Shibboleth isn't necessarily the best option for bridging but there are
various options like:

- protect a CAS login server with a Shibboleth SP, and point your customer
at that SP as the integration point

- protect the application with a Shibboleth SP, and then protect a
Shibboleth IdP with CAS as Mike described or in other ways

- possibly look at the new SP feature for plugging in external
authentication so that you can deploy the SP and support CAS at the same
time at the application end

> Is this
>something that Shibboleth can support? I know there's a plug-in for CAS.
>I just want to make sure we can leverage Shibboleth without making us
>migrate our user/password info from the database to Shibboleth.

Neither Shibboleth nor CAS store user data inside themselves, that part is
outside both.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list