The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
CASProxyAuthenticatorDeprecation
- Scott Cantor
- Rod Widdowson
API change from IdP 3.3.3 to IdP 3.4.0.
In IdP versions prior to 3.4.0, the ProxyAuthenticator interface was available for advanced proxy endpoint validation. The file conf/cas-protocol.xml offered a user space configuration point to wire in a third-party component that implemented that interface.
As of IdP 3.4.0 this component is deprecated in favor of ProxyValidator which provides access to the context tree via an instance of ProfileRequestContext. This offers the ability for far more complex validation strategies based on all accumulated information about a relying party; most notably, it offers access to relying party metadata. The default implementation offers a secure and flexible method for deriving trust material to authenticate the endpoint via TLS negotiation that should be sufficient for all deployers. While third-party components that extend ProxyAuthenticator will still compile, they are not wired into the CAS proxy flows. Moreover, all user-space configuration points other than the interface itself have been removed intentionally to discourage extending proxy validation behavior.