IdPv3 CAS questions

Baron Fujimoto baron at
Fri Aug 14 20:55:10 EDT 2015

I didn't find answers to these questions in the wiki, but happy to RTFM
if someone points me to the relevant pages.

Is there anything that describes in detail Shib's implementation of the
CAS protocol, at least in terms of its flow? Or is the Jasig CAS
documentation considered the reference? I.e.,


According to Shib's CAS Protocol Configuration page the IdP supports most
of the CAS protocol v2 spec: /login, /proxy, /serviceValidate,
/proxyValidate, and /samlValidate, with /logout potentially slated for
v3.2.0. I assume this means that CAS protocol v1 URI /validate is not
supported, and there are no plans to? Is there a roadmap where we can
generally track these?

We encountered a difference affecting older version of CAS that has been
addressed in more recent versions where user authentication was occuring
before verifying the CAS service URL against the service registry. Does
the IdP implementation verify the service URL against the registry before
proceding with the user authentication?

Baron Fujimoto <baron at> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

More information about the users mailing list