...
The CAS protocol support is represented with a set of profile configuration beans, one for each of the primary CAS protocol URIs:
Profile Bean Name | URI Path |
---|---|
CAS.LoginConfiguration | /login |
CAS.ProxyConfiguration | /proxy |
CAS.ValidateConfiguration | /serviceValidate, /proxyValidate, /samlValidate |
Each deals with configuration concerns around the related URI. The profiles are enabled as a function of relying party or relying party group as described in Profiles and Per-RelyingParty Behavior. While each profile may be enabled individually, the only configuration that provides meaningful behavior is one that includes at least CAS.LoginConfiguration and CAS.ValidateConfiguration. The CAS.ProxyConfiguration profile bean is truly optional since omitting it disables proxy support for the relying party, which is a meaningful configuration capability. The following configuration example demonstrates how to enable all CAS protocols for the default relying party.
...
Code Block | ||
---|---|---|
| ||
<util:list id="shibboleth.RelyingPartyOverrides"> <bean id="shibboleth.regexRelyingParty" parent="RelyingParty" > <property name="activationCondition" > <bean classparent="net.shibboleth.idp.profile.logic.RelyingPartyIdPredicate" Conditions.RelyingPartyId"> <constructor-arg name="pred" > <bean classparent="comshibboleth.google.common.base.Predicates" factory-method="or" Conditions.OR"> <constructor-arg> <util:list><list> <bean class="com.google.common.base.Predicates" factory-method="containsPattern" c:_0="https://example1\.org\/service1\/.*" /> <bean class="com.google.common.base.Predicates" factory-method="containsPattern" c:_0="https://example2\.org\/service2\/.*" /> <bean class="com.google.common.base.Predicates" factory-method="containsPattern" c:_0="https://example3\.org\/service3\/.*" /> </util:list> </constructor-arg> </bean> </constructor-arg> </bean> </property> <property name="profileConfigurations"> <list> <ref bean="CAS.LoginConfiguration" /> <ref bean="CAS.ProxyConfiguration" /> <bean parent="CAS.ValidateConfiguration" p:userAttribute="studentId" /> </list> </property> </bean> </util:list> |
...
As CAS is configured as a new profile for the default relying party, CAS clients should be configured with these values
Property | Value |
---|---|
$cas_host | idp.example.org |
$cas_context | /idp/profile/cas |
This example is based on PHP CAS Client from Jasig.
...