3.3.0

1. The plugin design now builds on top of Shibboleth IdP's External authentication flow, and no longer requires one to create a separate Shibcas flow.
2. Shibboleth IdP v3.4.6 is the required IdP version compatible with this version of the plugin.
3. The CAS client core library is also upgraded to version 3.6.0.

Upgrade Instructions

When upgrading from a previous version of the plugin, please follow the below steps:

• Modify the ShibCas Auth Servlet entry in IDP_HOME/edit-webapp/WEB-INF/web.xml and update the <url-pattern>:

Example snippet web.xml:

...
    <!-- Servlet for receiving a callback from an external CAS Server and continues the IdP login flow -->
    <servlet>
        <servlet-name>ShibCas Auth Servlet</servlet-name>
        <servlet-class>net.unicon.idp.externalauth.ShibcasAuthServlet</servlet-class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>ShibCas Auth Servlet</servlet-name>
        <url-pattern>/Authn/External/*</url-pattern>
    </servlet-mapping>
...

• Update the idp.authn.flows to External. Or, for advance cases, add External to the list.

idp.authn.flows = External

• Remove the authn/Shibcas bean in IDP_HOME/conf/authn/general-authn.xml:

...
    <util:list id="shibboleth.AvailableAuthenticationFlows">

        <bean id="authn/Shibcas" parent="shibboleth.AuthenticationFlow"
                p:passiveAuthenticationSupported="true"
                p:forcedAuthenticationSupported="true"
                p:nonBrowserSupported="false" />
...

Note that if you an additional settings for this bean defined, such as one for supportedPrincipals, they need to be moved and applied to the authn/External bean instead in the same file, such that:

<bean id="authn/External" parent="shibboleth.AuthenticationFlow"
  p:passiveAuthenticationSupported="true"
  p:forcedAuthenticationSupported="true"
  p:nonBrowserSupported="false">
    <property name="supportedPrincipals">
        <list>
            <bean parent="shibboleth.SAML2AuthnContextClassRef"
                  c:classRef="https://refeds.org/profile/mfa" />
              <bean parent="shibboleth.SAML2AuthnContextClassRef"
                  c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
        </list>
    </property>
</bean>

• Remove the flows/authn/Shibcas directory from your IDP_HOME directory (i.e /opt/shibboleth-idp).
• Remove the jars for cas-client-core-xxx.jar and shib-cas-authenticator-xxx.jar and replace them with the versions supplied with this version.

3.2.4-beta4

attempt to override context class by specifying an operator for the p…

…rincipal predicate factory

3.2.4-beta3

override context classes if nothing is provided by the sp

3.2.4-beta2

make sure things are pushed

3.2.4-beta1

updated

3.2.3

Merge pull request #29 from Unicon/3.2.3

fixed the embedded Id validation issue

3.2.3-beta1

Testing an issue with embedded entityId

v3.2.2

Merge branch 'master' of https://github.com/Unicon/shib-cas-authn3

• EntityId can be included in the service url querystring
• Switch to JDK 8
• Bump cas version to 5.0.5

v3.2.1

Updated to support missing conversation key exception

v3.2.0

• Support for Shibboleth IdP 3.3.0
• Fixing some webflow linkage issues
• Ability to choose between CAS 2.0 and CAS 3.0 protocol (thanks @acvcu).
• Cleaned up some compile warnings