Shibboleth 1.3

Owned by Howard Gilbert
Last updated: Mar 17, 2005Version comment
1 min read

Shibboleth provides a way for the local CAS server to obtain credentials from a remote institution. To use Shibboleth, the Browser must be redirected back to the servers at the ID Provider so that it can return with an authentication and the ability to fetch attributes.

The Shibboleth Resource Manager Filter can be inserted as a front-end to CAS. If so, then the redirection is transparent and the information about the remote user is returned in a wrapped Request object. If necessary, small adjustments in the Filter logic may be required to get the best user experience and widest support of services.

Since remote authentication is a less common requirement, the proposed user interface is to present on the CAS Userid/Password form a "Logon from another college" button that triggers the use of Shibboleth (similar to the NTLM proposal).

CAS 3 will require the Java Service Provider of Shibboleth 1.3. Both are expected to be released in the same time frame, which by itself poses a problem. CAS support of Shibboleth, or Shibboleth support of CAS, can only be declared as Beta or sample code until the other product is formally released. Since release cannot be coordinated, CAS 3.0 will probably regard the Shibboleth code as test or sample support, with a final version coming in 3.1