Shibboleth IdP freezing issue
moses.feinstein at touro.edu
Sun Nov 1 02:28:52 UTC 2020
This is very helpful, thank you so much for your input.
Sr. Software / IAM Engineer, App Dev Dept
Emaill: moses.feinstein at touro.edu<mailto:moses.feinstein at touro.edu>
From: users <users-bounces at shibboleth.net> On Behalf Of IAM David Bantz
Sent: Monday, October 26, 2020 2:17 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Shibboleth IdP freezing issue
FWIW, we recently successfully pointed our CAS-protocol-reliant services (Banner and closely related services) to our existing Shibboleth IdP (they had relied on separate CAS servers for what I'll call historical reasons), enabling us to decommission multiple dedicated CAS servers. Configuration of CAS-protocol-reliant services is somewhat different than either (Apereo) CAS or the SAML2-protocol-reliant services in Shibboleth, but the switch is essentially invisible to users while providing them a more valuable SSO session. In our case, the actual change-over was merely a DNS change for the CAS service to point to the Shibboleth IdP and required 0 changes to CAS-reliant services themselves.
On Mon, Oct 26, 2020 at 8:55 AM Cantor, Scott <cantor.2 at osu.edu<mailto:cantor.2 at osu.edu>> wrote:
On 10/26/20, 12:32 PM, "users on behalf of Feinstein, Moses" <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> on behalf of moses.feinstein at touro.edu<mailto:moses.feinstein at touro.edu>> wrote:
> Would you recommend any alternatives to our current setup (We have several clients that integrate directly with the
> CAS protocol)
I'd recommend using the IdP as a CAS server, or dumping the IdP and using CAS as the SAML server, but I have no idea why the CAS extension would requires server side storage.
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg<https://urldefense.com/v3/__https:/wiki.shibboleth.net/confluence/x/coFAAg__;!!HoV-yHU!6ELCZoOpC0nWZ93s1AuTmId8-YpnB1A2ptKOqfjejfjNwOlfO2ADlbJmgU2cJ_j_Mxx-NA$>
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users