Re: [cas-user] CAS 5 + phpCAS client + SAML 1.1 service validation

Misagh Moayyed Wed, 10 Aug 2016 04:58:15 -0700

I don’t think you have. Go ahead and file an issue please.

On Wednesday, August 10, 2016 at 4:46:07 AM UTC-7, Philippe MARASSE wrote:
>
> BTW, The sample request found on the wiki ( 
> https://apereo.github.io/cas/development/protocol/SAML-Protocol.html ) 
> shows :
>
> POST /cas/samlValidate?ticket=
> Host: cas.example.com
> Content-Length: 491
> Content-Type: text/xml
>  <SOAP-ENV:Envelope 
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; 
> <http://schemas.xmlsoap.org/soap/envelope/>>
>   <SOAP-ENV:Header/>
>   <SOAP-ENV:Body>
>     <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
> MajorVersion="1"
>       MinorVersion="1" RequestID="_192.168.16.51.1024506224022"
>       IssueInstant="2002-06-19T17:03:44.022Z">
>       <samlp:AssertionArtifact>
>         ST-1-u4hrm3td92cLxpCvrjylcas.example.com
>       </samlp:AssertionArtifact>
>     </samlp:Request>
>   </SOAP-ENV:Body></SOAP-ENV:Envelope>
>
> but phpCAS does not use POST /cas/samlValidate?ticket= but 
> /cas/samlValidate?TARGET=
>
> Regards.
>
> Le 10/08/2016 à 12:39, Philippe MARASSE a écrit :
>
> Folks,
>
> I'm testing basic authentication (casuser:Mellon) with CAS 5 server and
> official phpCAS 1.3.4 client with SAML 1.1 validation, and it does not
> seem to work.
>
> Cas Client send post data :
>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; 
> <http://schemas.xmlsoap.org/soap/envelope/>>
> <SOAP-ENV:Header/>
> <SOAP-ENV:Body>
>     <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
> MajorVersion="1" MinorVersion="1"
> RequestID="_192.168.16.51.1024506224022"
> IssueInstant="2002-06-19T17:03:44.022Z">
>    
> <samlp:AssertionArtifact>ST-2-aghFC3hJ2dnePztkMfbK-devcas1</samlp:AssertionArtifact>
> </samlp:Request>
> </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
>
> to 
> :https://php-dev.mydomain.com/cas/samlValidate?TARGET=http%3A%2F%2Fphp-dev.mydomain.com%2Fphilippe%2Feclipse%2Ftestcas%2Fwww%2Fsaml11.php
>
> I got this answer from CAS Server :
>
> <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; 
> <http://schemas.xmlsoap.org/soap/envelope/>>
> <SOAP-ENV:Body>
>     <saml1p:Response InResponseTo="_192.168.16.51.1024506224022"
> IssueInstant="2016-08-10T09:44:12.393
> Z" MajorVersion="1" MinorVersion="1"
> ResponseID="_2905923a3d94406937598b14f57e8043"
> xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"><saml1p:Status><saml1p:StatusCode
> Value="saml1p:RequestDenied"/><saml1p:StatusMessage>
> Les paramètres 'service' et 'ticket' sont tous deux
> nécessaires</saml1p:StatusMessage></saml1p:Status>
> </saml1p:Response>
> </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
>
> Server complains about missing ticket and/or service parameter ??
> Validation works for both CASv2 and CASv3 protocol but not with SAMLv1.1.
> SAMLv1.1 works against our production CAS v3.5 servers.
>
> Relevant part of my pom.xml (maven war overlay method) :
>         <cas.groupId>org.apereo.cas</cas.groupId>
>         <cas.version>5.0.0.RC1-SNAPSHOT</cas.version>
>
>         <dependency>
>             <groupId>${cas.groupId}</groupId>
>             <artifactId>cas-server-support-spnego</artifactId>
>             <version>${cas.version}</version>
>             <scope>runtime</scope>
>         </dependency>
>         <dependency>
>             <groupId>${cas.groupId}</groupId>
>             <artifactId>cas-server-support-spnego-webflow</artifactId>
>             <version>${cas.version}</version>
>             <scope>runtime</scope>
>         </dependency>
>         <dependency>
>             <groupId>${cas.groupId}</groupId>
>            
> <artifactId>cas-server-support-json-service-registry</artifactId>
>             <version>${cas.version}</version>
>         </dependency>
>        
>         <!-- Support SAMLv1.1 et v2 -->
>         <dependency>
>             <groupId>org.apereo.cas</groupId>
>             <artifactId>cas-server-support-saml</artifactId>
>             <version>${cas.version}</version>
>         </dependency>
>
> Am I missing something (again :-) ) ?
>
> Regards.
>
>
>
> -- 
> Philippe MARASSE
>
> Responsable pôle Infrastructures - DSIO
> Centre Hospitalier Henri Laborit
> CS 10587 - 370 avenue Jacques Cœur 
> 86021 Poitiers Cedex
> Tel : 05.49.44.57.19
>
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bd2fcb58-7247-4691-ad7e-b07de233c87d%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] CAS 5 + phpCAS client + SAML 1.1 service validation

Reply via email to
