CAS 6.x as a Shibboleth replacement ?

[spfma...@e.mail.fr]

Hi,

 

After a long work on a modern version of CAS, it is now time for me to deploy a new Shibboleth Idp.

 

Of course, both are tied in our current infrastructure (CAS is the external auth source for a federated Shibboleth server), and some comments here https://github.com/Unicon/shib-cas-authn suggest CAS server is now a good IdP too (as Shibboleth is also a capable CAS protocol provider).

 

Is this totally true as of today ?

 

If I don't have to invest time and energy in another product, I would appreciate !

 

Regards

---

FreeMail powered by mail.fr

[Ray Bon]

We run both. I have a low priority ticket to do a comparison of capabilities so that we can switch to one or the other.

Shibboleth has a lot of flexibility in config to handle the crap that vendors will ask of you.

I have not used cas saml 2.0 capabilities enough to know what it can do.

Ray

On Fri, 2022-04-08 at 14:06 +0200, spfma...@e.mail.fr wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

[William Jojo]

FWIW, we were once a Shib shop. Then we went to SimpleSAMLphp for the SAML piece while CAS served only the CAS protocol. We have since moved everything into CAS starting in 6.1. The config is very versatile in the service properties. We have some interesting vendors who want the craziest names for attributes and we have never had an issue meeting the need.

A lot of our configs were built with the CAS Management app that uses HJSON in the properties files. Frankly, that format is much more intuitive since there is a lot less eye-twisting punctuation than traditional JSON.

Happy to help, if needed. 

Bill