Shibboleth IdP 4.0.1 and CAS

[Michael Grady]

> On Jan 21, 2021, at 11:31 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> 
> On 1/21/21, 11:54 AM, "users on behalf of Max via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> 
>>   It seems that the /cas and /sCAS Context Roots are no longer present.
> 
> Neither have ever existed. CAS flows live under /idp/profile/cas and are automatically registered and logged at startup. Trying to run them at other locations is something that theoretically can be done but has never been tested to my knowledge.
> 
>>   In the file %{idp.home}/conf/services.xml the CASServiceRegistryResources is 
>>   enabled:
> 
> That has nothing to do with the processing of requests in the path handling sense, a 404 is a fundamentally broken container or webapp not starting up to begin with.
> 
>>   These are the entries we have in the idp-process.log file related to CAS 
>>   during startup:
> 
> It logs all the flow definitions and their locations at startup before that ever happens, but the literal notion of anything but /idp as a context root (or I guess anything else, doesn't literally have to be /idp), that doesn't exist. There's one context root and it usually lives at /idp
> 
> -- Scott
> 

Perhaps you had servlet-based rewrite rules in place that allowed you to send to the "classic CAS Server" endpoints, but were then rewritten into the actual Shib IdP CAS endpoints? We've worked with Tomcat's Rewrite Valve/rewrite.config to help folks do that, where for one reason or another they did not want to change all the existing CAS client/app config.

--
Michael A. Grady
IAM Architect, Unicon, Inc.