Posted by Cirrus Learning Center Team on Oct 4, 2023 1:52:51 PM
Cirrus Learning Center Team

The Cirrus CAS Bridge supports relying parties (service providers and applications) requiring the CAS protocol. The following is guidance for customers who have implemented the Cirrus CAS Bridge and need to add additional CAS relying parties.

• If the new CAS relying party has the same access requirements as a previously configured Cirrus CAS Bridge enterprise application, open a support ticket with Cirrus Identity, support@cirrusidentity.com, and provide the following information:

a. New CAS Service URL(s)

Cirrus accepts URL patterns matching simple URL prefix or regex.

b. Entity ID of the Cirrus CAS Bridge Enterprise Application

This is the Entity ID of the previously configured Cirrus CAS Bridge enterprise application in your Entra ID or Okta portal that will handle access requests for the new CAS application. This may be the default Cirrus CAS Bridge enterprise application. If so, just indicate default.

Next Steps: 

1. Cirrus Support will acknowledge the request. 

2. Cirrus Support will respond back when Cirrus has added the CAS Service URL. This usually takes 2 -3 business days.

3. The previously configured Cirrus CAS Bridge enterprise application is now able to accept login requests from the new CAS relying party.

If the new CAS relying party has access requirements that differ from the previously configured default Cirrus CAS Bridge enterprise applications, you will need to create and configure another Cirrus CAS Bridge enterprise application. 

The new Cirrus CAS Bridge enterprise application will need a unique Entity ID.  The Entity ID will be built off the base Entity ID of the Cirrus CAS Bridge default enterprise application. You will need to provide Cirrus Support an meaningful application identifier label, <<some appid>>, which will be appended to the base Entity ID.  The resulting Entity ID will be of the form:

https://<<base EntityID>>/<<some appid>>

Here are the steps to follow to add a CAS relying party that requires an additional Cirrus CAS Bridge enterprise application:

1. Open a support ticket with Cirrus Identity, support@cirrusidentity.com, and provide the following information:

a. New CAS Service URL(s)

Cirrus accepts URL patterns matching simple URL prefix or regex.

b. Application Identifier Label <<some appid>>

2. Cirrus Support will acknowledge receipt of the request.

3. Cirrus Support will respond back when Cirrus has updated the configuration on the Cirrus side. This usually takes 2 to 3 business days. They will also provide you with the Entity ID, using your application identifier label, to set up your new Cirrus CAS Bridge.

4. Set up another Cirrus Bridge enterprise application in your Microsoft Entra ID(Azure AD) or Okta tenant following the Add Application step in the Cirrus CAS Bridge setup instructions.

The Cirrus CAS Bridge setup instructions can be found on Cirrus Identity's website https://blog.cirrusidentity.com/documentation/cas-bridge-setup

The name of the new Cirrus Bridge enterprise application should reference the name of the CAS relying party it is created for and/or indicate how the attribute release differs from the default. 

Be sure to use the Entity ID provided by Cirrus in Step 3.

5. The new Cirrus CAS Bridge enterprise application is now configured to accept login requests from the new CAS relying party.