[cas-dev] Re: cas 6 with ws federation protcol cxf policy error

Sun, 30 Jun 2019 06:30:59 -0700 

I used to get this error in cas5 but not anymore in cas 6.0.

Here is my configuration:

cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks

cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass

cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks

cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass


cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified

cas.authn.wsfedIdp.sts.encryptTokens=true


cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks

cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass

cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas

cas.authn.wsfedIdp.sts.realm.keyPassword=cas123456

cas.authn.wsfedIdp.sts.realm.issuer=CAS


#The signing and encryption keys are both JWKs of size 512 and 256. The 
encryption algorithm is set to AES_128_CBC_HMAC_SHA_256

# Used to secure authentication requests between the IdP and STS

cas.authn.wsfedIdp.sts.crypto.enabled=false

cas.authn.wsfedIdp.sts.crypto.signing.keySize=512

#cas.authn.wsfedIdp.sts.crypto.signing.key=


cas.authn.wsfedIdp.sts.crypto.encryption.keySize=256

#cas.authn.wsfedIdp.sts.crypto.encryption.key=


and attributes:

cas.authn.attributeRepository.stub.attributes.givenName=Billy
cas.authn.attributeRepository.stub.attributes.myName=Bob


Claims do not work but  were set up as:
{
  "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
  "serviceId" : "https://xxx";,
  "realm" : "https://xxx";,
  "name" : "Sample WsFed Application",
  "id" : 100,
  "attributeReleasePolicy" : {
    "@class" : 
"org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy",
    "allowedAttributes" : {
      "@class" : "java.util.TreeMap",
      "NAME" : "givenName",
      "GIVEN_NAME" : "myName"
    }
  }
}


-- 
You received this message because you are subscribed to the Google Groups "CAS 
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-dev/c823983a-1820-4dad-8ab3-684d7e93f69f%40apereo.org.

Reply via email to