This repository has been archived by the owner on Oct 24, 2020. It is now read-only.
Releases: Unicon/shib-cas-authn3
Releases · Unicon/shib-cas-authn3
3.3.0
- The plugin design now builds on top of Shibboleth IdP's External authentication flow, and no longer requires one to create a separate
Shibcas
flow. - Shibboleth IdP v3.4.6 is the required IdP version compatible with this version of the plugin.
- The CAS client core library is also upgraded to version 3.6.0.
Upgrade Instructions
When upgrading from a previous version of the plugin, please follow the below steps:
- Modify the ShibCas Auth Servlet entry in
IDP_HOME/edit-webapp/WEB-INF/web.xml
and update the<url-pattern>
:
Example snippet web.xml
:
...
<!-- Servlet for receiving a callback from an external CAS Server and continues the IdP login flow -->
<servlet>
<servlet-name>ShibCas Auth Servlet</servlet-name>
<servlet-class>net.unicon.idp.externalauth.ShibcasAuthServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ShibCas Auth Servlet</servlet-name>
<url-pattern>/Authn/External/*</url-pattern>
</servlet-mapping>
...
- Update the
idp.authn.flows
toExternal
. Or, for advance cases, addExternal
to the list.
idp.authn.flows = External
- Remove the
authn/Shibcas
bean inIDP_HOME/conf/authn/general-authn.xml
:
...
<util:list id="shibboleth.AvailableAuthenticationFlows">
<bean id="authn/Shibcas" parent="shibboleth.AuthenticationFlow"
p:passiveAuthenticationSupported="true"
p:forcedAuthenticationSupported="true"
p:nonBrowserSupported="false" />
...
Note that if you an additional settings for this bean defined, such as one for supportedPrincipals
, they need to be moved and applied to the authn/External
bean instead in the same file, such that:
<bean id="authn/External" parent="shibboleth.AuthenticationFlow"
p:passiveAuthenticationSupported="true"
p:forcedAuthenticationSupported="true"
p:nonBrowserSupported="false">
<property name="supportedPrincipals">
<list>
<bean parent="shibboleth.SAML2AuthnContextClassRef"
c:classRef="https://refeds.org/profile/mfa" />
<bean parent="shibboleth.SAML2AuthnContextClassRef"
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
</list>
</property>
</bean>
- Remove the
flows/authn/Shibcas
directory from your IDP_HOME directory (i.e/opt/shibboleth-idp
). - Remove the jars for
cas-client-core-xxx.jar
andshib-cas-authenticator-xxx.jar
and replace them with the versions supplied with this version.
3.2.4-beta4
attempt to override context class by specifying an operator for the p…
3.2.4-beta3
override context classes if nothing is provided by the sp
3.2.4-beta2
make sure things are pushed
3.2.4-beta1
updated
3.2.3
3.2.3-beta1
Testing an issue with embedded entityId
v3.2.2
Merge branch 'master' of https://github.com/Unicon/shib-cas-authn3
- EntityId can be included in the service url querystring
- Switch to JDK 8
- Bump cas version to
5.0.5