Shibboleth IdP 4.0.1 and CAS
Andrew Jason Morgan
morgan at oregonstate.edu
Thu Jan 21 18:58:12 UTC 2021
A long time ago, we had /cas as our endpoint when we used Apereo CAS. When we migrated to Shibboleth, we used these Apache rewrite rules:
# Rewrite cas URLs to Shibboleth
RewriteRule ^/cas/+serviceValidate$ /idp/profile/cas/serviceValidate [PT]
RewriteRule ^/cas/+proxyValidate$ /idp/profile/cas/proxyValidate [PT]
RewriteRule ^/cas/+samlValidate$ /idp/profile/cas/samlValidate [PT]
RewriteRule ^/cas/+validate$ /idp/profile/cas/validate [PT]
RewriteRule ^/cas/+(.+)$ /idp/profile/cas/$1 [R,NE,L]
We still have these in place today, working fine.
Andy
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Cantor, Scott <cantor.2 at osu.edu>
Sent: Thursday, January 21, 2021 9:31 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Shibboleth IdP 4.0.1 and CAS
[This email originated from outside of OSU. Use caution with links and attachments.]
On 1/21/21, 11:54 AM, "users on behalf of Max via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> It seems that the /cas and /sCAS Context Roots are no longer present.
Neither have ever existed. CAS flows live under /idp/profile/cas and are automatically registered and logged at startup. Trying to run them at other locations is something that theoretically can be done but has never been tested to my knowledge.
> In the file %{idp.home}/conf/services.xml the CASServiceRegistryResources is
> enabled:
That has nothing to do with the processing of requests in the path handling sense, a 404 is a fundamentally broken container or webapp not starting up to begin with.
> These are the entries we have in the idp-process.log file related to CAS
> during startup:
It logs all the flow definitions and their locations at startup before that ever happens, but the literal notion of anything but /idp as a context root (or I guess anything else, doesn't literally have to be /idp), that doesn't exist. There's one context root and it usually lives at /idp
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210121/791bf75f/attachment.htm>
More information about the users
mailing list