Shibboleth IdP 4.0.1 and CAS

IAM David Bantz dabantz at
Thu Jan 21 18:43:35 UTC 2021

 Just confirming Mike’s prescription: close attention to tomcat rewrite
rules* to map existing cas service point urls to the appropriate idp
endpoints enabled all of our existing cas-protocol services to rely on the
shibboleth idp with zero changes to the cad-based services. * (in
combination with DNS change to make cas…. a CNAME for idp…so the shibboleth
idp receives requests directed to cas...)

David Bantz
UAlaska IAM

On 21Jan, 2021 at 09:35:58, Michael Grady <mgrady at> wrote:

> Perhaps you had servlet-based rewrite rules in place that allowed you to
> send to the "classic CAS Server" endpoints, but were then rewritten into
> the actual Shib IdP CAS endpoints? We've worked with Tomcat's Rewrite
> Valve/rewrite.config to help folks do that, where for one reason or another
> they did not want to change all the existing CAS client/app config.
> --
> Michael A. Grady
> IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list