CAS as OIDC or SAML2 Client/SP

[Teddy Brown]

Hi,

we have been using CAS for some time, but I am required to migrate our systems from doing basic LDAP authentication to using Auth0 as our new IdP 

I'd like to keep using CAS for our many applications that already do CAS and aren't currently programmed to support OIDC/SAML2.

Is it possible to deploy CAS to act as a proxy to another IdP? 

My workflow currently

App -> CAS (user provides ldap username+password) -> back to app

Ideally workflow now will be.  Ideally this will be transparent to the user, but it's acceptable to have "Sign in with Auth0" as the single option on the CAS login page.  

App -> CAS -> Auth0 Login -> CAS -> App

I see OAuth2, OpenID Connect, and SAML support under Protocols but I understand this seems to be CAS acting as the IdP itself for these protocols. 

Thanks

[Dmitriy Kopylenko]

Hi.

Have a look at this section of the docs: https://apereo.github.io/cas/7.2.x/integration/Delegate-Authentication.html

Best,

D.

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0a8cc2f-33b3-4e33-8412-307982618656n%40apereo.org.

[Teddy Brown]

Apologies, I was looking at the "Authentication" category.  I completely missed the "Delegation & Proxying" category which explains how to enable the feature and mentions both SAML2 & OpenID Connect. 

Also found the Fawnoos page that explains the feature.  https://fawnoos.com/2023/10/04/cas66-delegate-authn-saml2-idp/

I've got a preference for OIDC but this should push me in the right direction.  

I will post back here later, hopefully it's useful for someone in the future.