I am not sure exactly where you are having problems, but this is the high
level process you need to work through:
1) Make sure CAS is built with the PAC4J-webflow depedency
Use the Maven or Gradle properties defined here and use them for
the cas.war build:
https://apereo.github.io/cas/5.1.x/integration/Delegate-Authentication.html
2) Configure SAML in the cas.properties file
Review pac4j.saml properties here:
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#saml
See: Delegate authentication to an external SAML2 IdP
You may be able to start with some of the SAML Keystore information
(keystore password and private key password) blank and CAS can generate the
keystore on an initial test.
THIS IS ONLY FOR DEV and test Purpose. In a working DEV/PROD environment
you should set up a real private key and keystore with passwords and enter
this information in cas.properties using pac4j.saml properties defined in
the document above.
You need fill in the pac4j.saml properties to provide a path to the SAML
keystore and CAS needs to be able to read from and write to that path to
create and use the file
You need fill in the pac4j.saml properties to provide the IDP entity ID.
You need fill in the pac4j.saml properties to provide a path to the IDP
metadata. This could be a file path or a URL.Either way CAS needs read
permissions to the path.
I direct the metadata to /etc/cas/config and the keystores to another
folder /etc/cas/keystore.
If set up correctly and keystore is usable CAS will generate sp-metada.xml
file
The IDP will need the ACS and entity ID from the SP Metadata.
That should get you started. If you have done ALL of this then please
include details from logs, etc of where you are having problems.
Mike
On Monday, January 7, 2019 at 4:06:12 AM UTC-5, sairam wrote:
>
> Hi all,
> I'm trying to integrate CAS with SAML using
> pac4j(CAS-server-support-pac4j-web flow) support project from CAS by
> following below document :
> https://apereo.github.io/cas/5.1.x/integration/Delegate-Authentication.html
> I am using SSO(ACS) URL as https://witty.wavity.net/saml/login to
> consume SAML assertion. Now, when the user gets logged in at IDP i,e at
> okta it was redirecting to ACS URL with the forbidden error. So how can I
> configure CAS to consume SAML assertion from IDP and assert CAS to grant
> TGT to the SAML asserted user?
>
> Can you please help me out with the steps I need to follow at CAS once it
> receives SAML assertion from any of the IDP and also with the steps to be
> followed at java-cas-client.
>
> Thanks & Regards,
> Sairam
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6ead2756-de50-4f44-8a77-b5380afd7917%40apereo.org.
