CAS in IdP v3

Brian Biggs brian.biggs at sonoma.edu
Tue Feb 2 13:35:32 EST 2016


Further info:

I see in the logs:

DEBUG 
[net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:221] 
- Profile Action UpdateSessionWithAuthenticationResult: Creating new 
session for principal biggsb

DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:533] 
- Created new session 
b245fe9c76e75b5f54430df0d4c3b98fc376611cd5782c2d6bad504c537d13c4 for 
principal biggsb

...

DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:131] - 
Profile Action PopulateSessionContext: No session found for client

which seems to indicate that the IdP successfully created an idp session 
for me, but when I came back to the same page it didn't find the idp 
session?

Any help appreciated.

Thanks,
-Brian

On 02/02/2016 09:45 AM, Brian Biggs wrote:
> Hi,
>
> I have in my idp.properties file:
>
> idp.session.StorageService = shibboleth.StorageService
> idp.cas.StorageService=shibboleth.StorageService
>
> Those are correct, yes? Still experiencing the issue.
>
> Thanks,
> -Brian
>
> On 02/02/2016 09:38 AM, Kevin Foote wrote:
>>> On Feb 2, 2016, at 9:34 AM, Brian Biggs <brian.biggs at sonoma.edu> wrote:
>>>
>>> I'm fairly new to both Shibboleth and CAS, and I am trying to deploy 
>>> IdP v3.2.1 with CAS enabled.
>>> The issue I'm having is that every interaction with a CAS client 
>>> requires authentication.
>>>
>>> I have read through the CAS documentation and I have upped the 
>>> expire time on the CAS service ticket to 5 minutes, but still have 
>>> the re-authentication issue.
>>> Expected behavior is that I should be able to interact with the CAS 
>>> client for at least 5 minutes (30 minutes would be better) before 
>>> having to re-authenticate.
>>>
>>> Any tips or ideas about what to change? Has anyone else encountered 
>>> this?
>>
>> Most likely you need to use a suitable server-side storage option for 
>> the IdP session.
>> The default client side is not suitable for the CAS client validate 
>> routines.
>>
>> This is covered in the CAS option doc [1]
>>
>> [1] 
>> https://wiki.shibboleth.net/confluence/display/IDP30/CasProtocolConfiguration
>>
>> --------
>> thanks
>>   kevin.foote
>>
>>
>

-- 

Brian Biggs
Sonoma State University



More information about the users mailing list