Shibboleth IdP 4.0.1 and CAS
IAM David Bantz
dabantz at alaska.edu
Thu Jan 21 18:43:35 UTC 2021
Just confirming Mike’s prescription: close attention to tomcat rewrite
rules* to map existing cas service point urls to the appropriate idp
endpoints enabled all of our existing cas-protocol services to rely on the
shibboleth idp with zero changes to the cad-based services. * (in
combination with DNS change to make cas…. a CNAME for idp…so the shibboleth
idp receives requests directed to cas...)
David Bantz
UAlaska IAM
On 21Jan, 2021 at 09:35:58, Michael Grady <mgrady at unicon.net> wrote:
>
> Perhaps you had servlet-based rewrite rules in place that allowed you to
> send to the "classic CAS Server" endpoints, but were then rewritten into
> the actual Shib IdP CAS endpoints? We've worked with Tomcat's Rewrite
> Valve/rewrite.config to help folks do that, where for one reason or another
> they did not want to change all the existing CAS client/app config.
>
> --
> Michael A. Grady
> IAM Architect, Unicon, Inc.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210121/039d33c3/attachment.htm>
More information about the users
mailing list