WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
To view the documentation for a specific Apereo CAS server release, please choose an appropriate version. The release schedule is available here.Overview
CAS can be integrated with the Shibboleth federated SSO platform by a couple different strategies. It is possible to designate CAS to serve as the authentication provider for the Shibboleth IdP. With such a setup, when user is routed to the IdP, the following may take place:
- If the user has already authenticated to CAS and has a valid CAS SSO session, the IdP will transparently perform the requested action, e.g. attribute release.
- If the user does not have a valid CAS SSO session, the user will be redirected to CAS and must authenticate before the IdP proceeds with the requested action.
Remember that this page is specifically dedicated to integration options with the Shibboleth Identity Provider. If you need CAS to act as a SAML2 identity provider on its own, you should start here instead.
SSO for Shibboleth IdP (External)
This is a Shibboleth IdP external authentication plugin that delegates
the authentication to CAS. This solution has the ability to
utilize a full range of native CAS protocol features such as renew
and gateway
.
The plugin is available for both Shibboleth Identity Provider v2 and v3 and v4.
Support is enabled by including the following dependency in the WAR overlay:
implementation "org.apereo.cas:cas-server-support-shibboleth:${project.'cas.version'}"
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-shibboleth</artifactId>
<version>${cas.version}</version>
</dependency>
dependencyManagement {
imports {
mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
}
}
dependencies {
implementation "org.apereo.cas:cas-server-support-shibboleth"
}
The following settings and properties are available from the CAS configuration catalog:
cas.authn.shib-idp.server-url=localhost
The server url of the shibboleth idp deployment. |