Versions Compared

Old Version 2

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The CAS protocol support is represented with a set of profile configuration beans, one for each of the primary CAS protocol URIs:

Profile Bean Name

URI Path

CAS.LoginConfiguration

/login

CAS.ProxyConfiguration

/proxy

CAS.ValidateConfiguration

/serviceValidate, /proxyValidate, /samlValidate

Each deals with configuration concerns around the related URI. The profiles are enabled as a function of relying party or relying party group as described in Profiles and Per-RelyingParty Behavior. While each profile may be enabled individually, the only configuration that provides meaningful behavior is one that includes at least CAS.LoginConfiguration and CAS.ValidateConfiguration. The CAS.ProxyConfiguration profile bean is truly optional since omitting it disables proxy support for the relying party, which is a meaningful configuration capability. The following configuration example demonstrates how to enable all CAS protocols  for the default relying party.

...

Code Block
languagexml
<util:list id="shibboleth.RelyingPartyOverrides">
		<bean id="shibboleth.regexRelyingParty" parent="RelyingParty" >
			<property name="activationCondition" >
				<bean classparent="net.shibboleth.idp.profile.logic.RelyingPartyIdPredicate" Conditions.RelyingPartyId">
					<constructor-arg name="pred" >
						<bean classparent="comshibboleth.google.common.base.Predicates" factory-method="or" Conditions.OR">
							<constructor-arg>
								<util:list><list>
									<bean class="com.google.common.base.Predicates" factory-method="containsPattern"
										c:_0="https://example1\.org\/service1\/.*" />
									<bean class="com.google.common.base.Predicates" factory-method="containsPattern"
										c:_0="https://example2\.org\/service2\/.*" />
									<bean class="com.google.common.base.Predicates" factory-method="containsPattern"
										c:_0="https://example3\.org\/service3\/.*" />
								</util:list>
							</constructor-arg>
						</bean>
					</constructor-arg>
				</bean>
			</property>
			<property name="profileConfigurations">
				<list>
					<ref bean="CAS.LoginConfiguration" />
					<ref bean="CAS.ProxyConfiguration" />
					<bean parent="CAS.ValidateConfiguration" p:userAttribute="studentId" />
				</list>
    		</property>	
	    </bean>
	</util:list>

...

As CAS is configured as a new profile for the default relying party, CAS clients should be configured with these values

Property

Value

$cas_host

idp.example.org

$cas_context

/idp/profile/cas

This example is based on PHP CAS Client from Jasig.

...