Skip to content
This repository has been archived by the owner on Oct 24, 2020. It is now read-only.

3.3.0

Latest
Latest
Compare
Choose a tag to compare
@mmoayyed mmoayyed released this 09 Oct 07:45
· 4 commits to master since this release
3.3.0
e539f05
This commit was signed with the committer’s verified signature.
mmoayyed Misagh Moayyed
GPG key ID: 11BDC3BA6A2EF9AA
Learn about vigilant mode.
  1. The plugin design now builds on top of Shibboleth IdP's External authentication flow, and no longer requires one to create a separate Shibcas flow.
  2. Shibboleth IdP v3.4.6 is the required IdP version compatible with this version of the plugin.
  3. The CAS client core library is also upgraded to version 3.6.0.

Upgrade Instructions

When upgrading from a previous version of the plugin, please follow the below steps:

  • Modify the ShibCas Auth Servlet entry in IDP_HOME/edit-webapp/WEB-INF/web.xml and update the <url-pattern>:

Example snippet web.xml:

...
    <!-- Servlet for receiving a callback from an external CAS Server and continues the IdP login flow -->
    <servlet>
        <servlet-name>ShibCas Auth Servlet</servlet-name>
        <servlet-class>net.unicon.idp.externalauth.ShibcasAuthServlet</servlet-class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>ShibCas Auth Servlet</servlet-name>
        <url-pattern>/Authn/External/*</url-pattern>
    </servlet-mapping>
...
  • Update the idp.authn.flows to External. Or, for advance cases, add External to the list.
idp.authn.flows = External
  • Remove the authn/Shibcas bean in IDP_HOME/conf/authn/general-authn.xml:
...
    <util:list id="shibboleth.AvailableAuthenticationFlows">

        <bean id="authn/Shibcas" parent="shibboleth.AuthenticationFlow"
                p:passiveAuthenticationSupported="true"
                p:forcedAuthenticationSupported="true"
                p:nonBrowserSupported="false" />
...

Note that if you an additional settings for this bean defined, such as one for supportedPrincipals, they need to be moved and applied to the authn/External bean instead in the same file, such that:

<bean id="authn/External" parent="shibboleth.AuthenticationFlow"
  p:passiveAuthenticationSupported="true"
  p:forcedAuthenticationSupported="true"
  p:nonBrowserSupported="false">
    <property name="supportedPrincipals">
        <list>
            <bean parent="shibboleth.SAML2AuthnContextClassRef"
                  c:classRef="https://refeds.org/profile/mfa" />
              <bean parent="shibboleth.SAML2AuthnContextClassRef"
                  c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
        </list>
    </property>
</bean>
  • Remove the flows/authn/Shibcas directory from your IDP_HOME directory (i.e /opt/shibboleth-idp).
  • Remove the jars for cas-client-core-xxx.jar and shib-cas-authenticator-xxx.jar and replace them with the versions supplied with this version.
Assets 4
Loading