IdP 3.4.0 provides a new facility to register CAS services in SAML metadata. The following CAS protocol configuration points are configurable via metadata:

...

The full specification is described in detail in the CAS metadata profile specification, but there are a few notable configuration points for creating a CAS protocol entry in SAML metadata.

Additionally, note that the resulting relying party "identifier" used throughout the IdP as a policy tool is now configurable. By default, it matches previous behavior and will be the CAS server URL, but the idp.cas.relyingPartyIdFromMetadata property can be enabled to allow the entityID from the SAML metadata instance to be exposed in its place. The use of this property is recommended and seems to be more intutive to most deployers.

CAS Protocol Support

The SPSSODescriptor is the container for all CAS protocol configuration bits. Add https://www.apereo.org/cas/protocol to the protocolSupportEnumeration attribute to identify an entity that supports the CAS protocol.

...

• https://alpha.example.org/users
• https://alpha.example.org/admins?grp=1
• https://alpha.example.org/secure/dashboard

In order to index ACS endpoints to support the matching process, a CAS-specific index, shibboleth.CASMetadataIndices, must be applied to metadata sources that contain CAS protocol entries. The following configuration snippet from conf/metadata-providers.xml provides an example:

...