Shibboleth 3 and CAS integration

Mathis, Bradley bmathis at pima.edu
Mon Sep 24 17:52:58 EDT 2018 

I hope this is what you are looking for.  Warning I'm a novice so take my
input with a grain of salt ...but ...

Here are some old notes I had from quite a long time ago .... it worked for
me.
Though we did not use it in production as we will now actually switch to
using the CAS
protocol that's part of idp3.x but hopefully it will help.  I think the
original link I used to help figure out how to do it has been moved.




   - edit the edit-webapp/WEB-INF/web.xml
   - add this the context params section  (please modify to fit your
   environment .. obviously you can remove the references to "BRAD"  LOL.


*<!--  CAS context params section added by BRAD -->*
*<!-- For CAS client support -->*
*<context-param>*
*  <param-name>serverName</param-name>*
*  <param-value>yourcasserver.edu <http://yourcasserver.edu></param-value>*
*</context-param>*
*<!-- end of  CAS context params section added by BRAD -->*


   - add this to the Filter and Mapping section


*<!--  CAS Filter and Mappings section added by BRAD -->*
*<filter>*
*  <filter-name>CAS Authentication Filter</filter-name>*
*  <filter-class>*
*      org.jasig.cas.client.authentication.AuthenticationFilter*
*  </filter-class>*
*  <init-param>*
*    <param-name>casServerLoginUrl</param-name>*
*    <param-value>https://yourcasserver.edu/
<http://yourcasserver.edu/>cas/login</param-value>*
*  </init-param>*
*</filter>*

*<filter-mapping>*
*  <filter-name>CAS Authentication Filter</filter-name>*
*  <url-pattern>/Authn/RemoteUser</url-pattern>*
*</filter-mapping>*

*<filter>*
*  <filter-name>CAS Validation Filter</filter-name>*
*  <filter-class>*
*
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter*
*  </filter-class>*
*  <init-param>*
*    <param-name>casServerUrlPrefix</param-name>*
*    <param-value>https://yourcasserver.edu
<http://yourcasserver.edu>/cas/</param-value>*
*  </init-param>*
*  <init-param>*
*    <param-name>redirectAfterValidation</param-name>*
*    <param-value>true</param-value>*
*  </init-param>*
*</filter>*

*<filter-mapping>*
*  <filter-name>CAS Validation Filter</filter-name>*
*  <url-pattern>/Authn/RemoteUser</url-pattern>*
*</filter-mapping>*

*<filter>*
*  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>*
*  <filter-class>*
*    org.jasig.cas.client.util.HttpServletRequestWrapperFilter*
*  </filter-class>*
*</filter>*

*<filter-mapping>*
*  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>*
*  <url-pattern>/Authn/RemoteUser</url-pattern>*
*</filter-mapping>*

*<!--  end of CAS Filter and Mappings section added by BRAD -->*


*IMPORTANT*

   - Include CAS Client Library in IDP Deployable
   - Download the a Jasig/apero client jar file .. I would say get the
   version that matches your CAS server.  Since our CAS server is 3.5.2.1 I
   downloaded a 3.x cas client.jar file   (wget
   http://central.maven.org/maven2/org/jasig/cas/client/cas-client-core/3.3.3/cas-client-core-3.3.3.jar)
   and place it in /opt/shibboleth-idp/edit-webapp/WEB-INF/lib


   - rebuild the idp.war file
   - cd /opt/shibboleth-idp/bin
   - run  "build.sh"
   - stop tomcat or jetty and make user the new idp.war is redployed.






Brad Mathis
Principal Systems Analyst
Pima Community College
IT - Technical Services
520.206.4826
bmathis at pima.edu









On Mon, Sep 24, 2018 at 2:22 PM sherrera <sherrera at bradley.edu> wrote:

> We are currently running CAS and Shibboleth 2 in production. Shibboleth2 is
> configured to use our CAS front end login page for users to authenticate.
> We
> are in the middle of upgrading to Shib 3. We have tested our attribute
> releases against testshib and things look to work as expected. What we can
> not figure out is how to replicate what we had before with using the CAS
> signin page. This is important to use because we are trying to train our
> users to not input their credentials into every site that requests them.
>
> I think I need to use the third-party ticket service but I'm not seeing or
> finding how to configure it. Is it still possible to accomplish this with
> Shib 3?
>
> Thanks
>
>
>
> --
> Sent from:
> http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180924/ddb76205/attachment.html>

More information about the users mailing list