Adding Shibboleth to CAS
Joel Goguen
joel.goguen at unb.ca
Wed Feb 27 10:42:32 EST 2013
We have CAS for our primary authentication source. Using directions found on the CAS wiki at https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration we configured Shibboleth to delegate authentication to CAS. Works great for the services we interface with that require Shibboleth or SAML2, everything in Shibboleth for attribute release is configured exactly as standard Shibboleth documentation dictates but CAS is trusted to handle the authentication.
--
Joel Goguen
Developer / System Administrator
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: joel.goguen at unb.ca
Phone: (506) 453-4872
Fax: (506) 453-3590
From: Mike Flynn <shibbolethlynda at yahoo.com<mailto:shibbolethlynda at yahoo.com>>
Reply-To: Shibboleth Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Date: Wednesday, 27 February 2013 11:33 AM
To: Shibboleth Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: Re: Adding Shibboleth to CAS
FWIW, I have an academic IdP that runs CAS and connects to my Shib SP via SAML. Works fine.
________________________________
From: "Cantor, Scott" <cantor.2 at osu.edu<mailto:cantor.2 at osu.edu>>
To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Sent: Tuesday, February 26, 2013 4:22 PM
Subject: Re: Adding Shibboleth to CAS
On 2/26/13 3:59 PM, "Stein, Eric" <steine at locustec.com<mailto:steine at locustec.com>> wrote:
>Hi,
> My organization is currently using CAS as our SSO application, based
>off of authentication information in a database. We'd like to support a
>client who has their own SSO solution and wants to connect to our
>CAS-protected applications using SAML 2.0. We are not interested in
>moving away from CAS or our database authentication store.
Shibboleth is not one product, and it isn't really that clear which part
you're evaluating. At the end of the day, you can bridge the systems in
either direction, with some significant impact on what's involved.
Shibboleth isn't necessarily the best option for bridging but there are
various options like:
- protect a CAS login server with a Shibboleth SP, and point your customer
at that SP as the integration point
- protect the application with a Shibboleth SP, and then protect a
Shibboleth IdP with CAS as Mike described or in other ways
- possibly look at the new SP feature for plugging in external
authentication so that you can deploy the SP and support CAS at the same
time at the application end
> Is this
>something that Shibboleth can support? I know there's a plug-in for CAS.
>I just want to make sure we can leverage Shibboleth without making us
>migrate our user/password info from the database to Shibboleth.
Neither Shibboleth nor CAS store user data inside themselves, that part is
outside both.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130227/4dc7026d/attachment.html
More information about the users
mailing list