I think you still need to have a valid PGT Callback URL which is a bit strange as you don't need to use it to retrieve the PGT.
I got it working as follows: curl -X GET -k "https://cas-server:8443/cas/p3/serviceValidate?ticket=ST-*******&service=https://*****&pgtUrl=https://*****:4443 If the CAS Server is able to communicate to the pgtUrl, it will send the PGT and PGTIOU to this URL as normal, but it will also return the PGT in the XML response to the above request. Sean On Monday, August 6, 2018 at 5:57:52 PM UTC+1, Dirk Tepe wrote: > > I am interested in developing a proof-of-concept based on the "PGT in > Validation Response" feature documented here: > > > https://apereo.github.io/cas/5.3.x/installation/Configuring-Proxy-Authentication.html#pgt-in-validation-response > > We are running CAS 5.3.2 and have successfully used public/private keys in > services for ClearPass, so we believe we understand the expected operation. > > I have successfully had a release of the PGTiou to a service using the > traditional PGTurl feature, so I believe the basic proxy authorization is > also functional for the service. > > I am trying to address a situation "such that invoking a callback url to > receive the proxy granting ticket is not feasible, CAS may be configured to > return the proxy-granting ticket id directly in the validation response". I > am unclear how to trigger the release of the proxyGrantingTicketId in the > validation response, though. The documentation only describes the need to > set up the public key and ensure authorizedToReleaseProxyGrantingTicket is > true for the service. There is no mention of how to elicit the release in > the validation response rather than expecting the PGTurl. > > I had hoped the presence of authorizedToReleaseProxyGrantingTicket would > trigger that behavior, but that does not appear to be the case. I have been > unable to find any solution after hours of searching and testing. > > Any suggestions or clarification of the expected behavior would be welcome. > > Dirk Tepe > Miami University > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ae837ca9-6f0e-4bdc-93fa-369ca6882df2%40apereo.org.
