Page under development
The CAS server functionality page is under development. You can not yet use this page to get a working CAS server in your Shibboleth server.
Shibboleth IdP version 3 supports most of the CAS protocol version 2 including attribute release and CAS proxy support however this page describes the basic configuration for a normal CAS client. For a more complete information on how to configure Shibboleth CAS server please see the page CasProtocolConfiguration on the Shibbolth Wiki.
To configure Shibboleth CAS Server you need to theese steps:
CAS URI compability chart for Shibboleth CAS Server
CAS URIs | Supported |
---|---|
/login | Yes |
/proxy | Yes, but advanced configuration |
/logout | Yes |
/validate | No, CAS protocol version 1 |
/serviceValidate | Yes |
/samlValidate | Yes, but advanced configuration |
/proxyValidate | Yes, but advanced configuration |
/p3/serviceValidate | No, CAS protocol version 3 |
/p3/proxyValidate | No, CAS protocol version 3 |
CAS client configuration (i.e. CAS Service Provider)
The base URL for the CAS protocol on Shibboleth is https://HOSTNAME/idp/profile/cas where HOSTNAME is the DNS service name for the Shibboleth Identity Provider, for example https://idp.example.edu/idp/profile/cas.
Configure CAS storage for CAS tickets and IdP sessions
In all SWAMID Shibboleth IdP configurations SWAMID suggests that JPA Storage Service is used.
- If you do not already use JPA Storage Service configure the service.
- Activate JPA Storrage Service for idp.session.StorageService and idp.cas.idp.session.StorageService in idp.properties by removing # and changing the values to shibboleth.JPAStorageService.
idp.session.StorageService = shibboleth.JPAStorageService idp.cas.idp.session.StorageService = shibboleth.JPAStorageService
- If you use the Shibboleth Consent module, Terms of use module or High availability settings these must also use JPA Storage Service.
Configure CAS protocol settings
Block the generation of ePTID for CAS
Activate CAS protocol