Hi
For a while I've been unsure on the benefits of performing the Shibboleth authentication via CAS, there seems to be some controversy as to whether this is necessary/valuable. However, there seems to be a business case for our library systems so I decided to give it a go.
I followed the useful instructions at:
http://shibsp.ntu.ac.uk/confluence/display/Shibboleth/Add+CAS+client+to+Shibboleth+%28Windows%29 with reference to:
http://www.switch.ch/aai/docs/shibboleth/SWITCH/1.1/origin/install-cas.html and
http://shib.kuleuven.be/docs/idp/install-idp-1.3.shtml
These all use CAS v3 server but CAS client 2.1.1. I've added the CAS filter into the barebones shibboleth web.xml (having stripped out all the bits I added to make tomcat ldap authentication work) and I've managed to get this to work, but in my situation I had to add a line in the apache conf file for:
ProxyPass /cas etc.etc...
so that it could find the cas server, no-one else seems to mention this?
I'm on a steep learning curve with the deployment of applications in Tomcat so maybe doing something daft - I would value comments from anyone else who's been down this route.
On the principal that the latest is always the best (yes, I know that this is not always true!) I've tried to use the newest CAS java client 3.1.1, with complete failure. Tomcat refuses to start shibboleth complaining that it can't find the CASFilter class. But how did it work with 2.1.1, all I did was copy the casclient.jar to the lib folder just the same? Any ideas how I can get the newer client to work - is it worth it anyway?
TIA for any hints.
Andy
--
*********
Andy Swiffin
Senior Network Specialist, Corporate Information systems
Information & Communications Services (ICS)
University of Dundee, Computing Centre, Park Place, Dundee, DD1 4HN
Direct: 01382 388000 (Service Desk)
Visit our website at: www.dundee.ac.uk/ics
*********
The University of Dundee is a registered Scottish charity, No: SC015096
|