Mihir, Let me know what changes you're making. Maybe in the short term before full SAML2 support, we can get apps working on a one-off basis (I know someone who was interested in Yammer support also).
Cheers, Scott On Wed, Aug 4, 2010 at 4:06 PM, Mihir Patel <exploremi...@gmail.com> wrote: > Hi Matt, > > I just checked out 3.4.2 code and looked at SAML related configs and java > files, doesn't seem that they are any different than 3.3.x so may not > support Browser POST profile. CAS has support for Browser Artifact profile > where CAS receives a request with TARGET value and it responds back with > SAMLart (SAML ticket) which SP needs to validate (by calling > /cas/samlValidate) to get SAML response enclosed in SOAP body. I tried that > with Salesforce and did not work. > > I also looked at SAML 2.0 which is supported for Google (which POSTs SAML > response) and then modified the response Template locally (just for > verification) and have a working setup with Salesforce. My changes are > expecting a request parameters (which will identify this service as a > SalesforceSamlService and where response should be posted) and generates > response in a format which Salesforce is expecting (by modifying the > TEMPLATE_SAML_RESPONSE) . > > Not sure what I might need to add/change to comply with SAML 2.0 > request/response format, so the next step for me is to study the protocol > and see what I am missing. > > Thanks, > Mihir > > On Wed, Aug 4, 2010 at 8:55 AM, Matt Brooks <m...@msbrooks.com> wrote: > >> Mihir, >> >> Yes, CAS version 3.4 supports SAML. CAS version 3.3 does not. >> >> I believe 3.4 supports POST profile, however, like I said earlier, I >> haven't had a chance to test that it is actually working. I don't have a >> production server running CAS version 3.4 up and running yet. SAML pretty >> much requires a valid domain name and SSL certificate to work properly and >> that's been my main issue right now with testing. >> >> -Matt B. >> >> >> On Wed, Aug 4, 2010 at 10:15 AM, Mihir Patel <exploremi...@gmail.com>wrote: >> >>> Thanks for the reply, Matt. When you say newest CAS, is it version 3.4? >>> >>> We are using CAS 3.3.5 in our environment and trying to integrate SSO >>> with Salesforce. First, we tried SAML 1.1 from CAS 3.3.5 but realized that >>> CAS does not support browser POST profile ( >>> http://en.wikipedia.org/wiki/SAML_1.1#Browser.2FPOST_Profile), can >>> anyone confirm? >>> >>> Thanks, >>> Mihir >>> >>> On Wed, Aug 4, 2010 at 5:09 AM, Matt Brooks <m...@msbrooks.com> wrote: >>> >>>> Mihir, >>>> >>>> The newest CAS server supports SAML 1.1 which salesforce supports. The >>>> only catch is that there needs to be an email attribute added to the SAML >>>> response from CAS. I am currently working on integrating salesforce and CAS >>>> but have not got it working fully yet mainly due to production server setup >>>> issues. I should be further along in a month or so, but pretty confident >>>> it >>>> will work. >>>> >>>> Thanks, >>>> -Matt B. >>>> >>>> >>>> On Aug 4, 2010, at 1:26 AM, Mihir Patel <exploremi...@gmail.com> wrote: >>>> >>>> Hi, >>>> >>>> Does CAS 3.3 (or 3.4) provide Salesforce SAML 2.0 support? If not, is >>>> CAS 3.5 going to provide the support going forward, if yes, what may be the >>>> time line? >>>> >>>> Thanks, >>>> Mihir >>>> >>>> -- >>>> You are currently subscribed to >>>> <cas-dev@lists.jasig.org>cas-dev@lists.jasig.org as: >>>> <m...@msbrooks.com>m...@msbrooks.com >>>> >>>> >>>> >>>> >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> <http://www.ja-sig.org/wiki/display/JSG/cas-dev>http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>> >>>> -- >>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>> exploremi...@gmail.com >>>> >>>> >>>> >>>> >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>> >>>> >>> -- >>> You are currently subscribed to cas-dev@lists.jasig.org as: >>> m...@msbrooks.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>> >>> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> exploremi...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
