CAS and Shibboleth Co-existing in Mutually Beneficial Harmony

In this blog post I discuss use of CAS and Shibboleth in harmony.

One of my favorite bad habits is that I compulsively edit the subjects of emails when I reply to them to more precisely characterize the topic of the email. There are a couple good reasons for this. Improved subjects make it easier for the conversation participants to understand what's being discussed and make the emails more easily subsequently discoverable via search. Also, clarity of subject tends towards clarity of purpose and helps focus the email to only those remarks that support that purpose. I'm told I should aspire to more brevity in my email, and here's one small tool for pursuing that.

Someone recently emailed me with the subject "CAS vs Shib". When I replied I felt compelled to change the subject line to "CAS and Shib co-existing in mutually beneficial harmony". I don't see it as CAS vs. Shibboleth. I see it as CAS and Shibboleth.

I often advocate for institutions adopting both CAS and Shibboleth. I see CAS as a flexible and capable mechanism for the Web authentication of local users. I see Shibboleth as the platform for federating that local Web authentication and implementing formal standards.

CAS has a lot to offer. Its easily customized login workflow, able support for multiple means of authenticating users, capable and growing services registry support, client libraries for many platforms, extension points, and support for n-tier authentication make it an excellent platform for implementing local authentication use cases.

Shibboleth has a lot to offer. Its worthwhile and rigorous formalisms, rich user attribute release support, adherence to standards, support for federation make it an excellent platform for implementing federated and third-party authentication use cases.

Properly configured, these platforms can be used in concert with a good, appropriately seamless user experience.

Unicon's account managers often counsel their clients on understanding CAS and Shibboleth, their differences, and how they can be used in concert. It's likely your account manager would be more than happy to set up an initial conversation to talk through these topics with you and anyone else from your institution you'd like. Please do get in touch if you're interested.

Incidentally, I found at least one site that recommends updating the subject headers of email when replying to them, so maybe one of my favorite bad habits isn't actually so bad after all.