Home | about | blogs | shib-cas-authn3-supports-shib-idp-v30

shib-cas-authn3 supports Shib IdP v3.0

Share it now!

The shib-cas-authn extensions, developed as part of Unicon's Open Source Support program, is used to delegate the Shibboleth IdP's user authentication to a CAS Server. Whether the client application is a CAS client or a Shibboleth/SAML SP, the integration presents the user with a single SSO experience. Today, Unicon's IAM team released the next version of the shib-cas-authn extension.

shib-cas-authn version 3, affectionately known as the shib-cas-authn3, provides support for the recently release Shibboleth IdP version 3.0. Also new to this version, shib-cas-authn3 self registers the servlet with the Java Web Container of choice meaning that now custom edits to the web.xml file are needed to enable the functionality. It continues to support passing Shib forceAuth request as CAS's renew request and Shib passive request as CAS's gateway request. Besides adding support for IdP v3.0, shib-cas-authn3 fixes some issues by url encoding the entityId and service querystring parameters being passed to CAS.

Multifactor authentication (MFA) is going to become increasingly more important as attacks get more pervasive. Currently, MFA must be managed at the IdP and CAS Server individually. As it becomes more clear how IdP v3 presents an SP's request for high levels of assurance, it should be possible to pass that information to CAS Server so that the CAS-MFA solution can handle the request allowing MFA to be managed with CAS Server.

Take a look at the extension and test it out. You'll find the project at https://github.com/unicon/shib-cas-authn3. You can likely deploy it in less than 5 minutes. Should you run into an issue or have a question, please submit an issue and we'll do our best to work through it with you.

(Shibboleth IdP v2.4.3 deployers should continue to use shib-cas-authn2.)

Return to the blog listing page