← Back to context

Comment by mooreds

8 months ago

Hmmm. Here's details about using CAS as an OpenID Connect provider: https://apereo.github.io/cas/7.0.x/authentication/OIDC-Authe...

Looks like it doesn't support multiple issuers: " CAS primarily supports a single issuer per deployment/host." Have you run into any issues with that?

It also looks like it supports a number of optional standards: DPoP, JARM, PAR. Have you seen use cases for these?

1 comment

mooreds

Reply
mrweasel  8 months ago

> Looks like it doesn't support multiple issuers

Yeah, we only have the one issuer, so it's not a concern. For pretty much every KeyCloak project I've done, we have also favored doing separate deployments for separate issuers, so I'd say it's not much of an issue, in most cases.

Regarding the optional standards, no. We've not run into an clients that would require or in many cases even support anything but the most basic OpenID Connect. I'm sure there's a point to supporting them, but I've never seen it being needed for your average use case.