Hi Mike,
Thanks for the reply, I have done the configurations in cas to
delegate auth to external-idp so once after the delegation the idp will
send the saml response. So what changes need to be done in cas in order to
consume that saml assertion and to grant a TGT.
I mean the CAS webflow once after it gets SAML Response from idp.
Thanks & Regards,
Sairam
On Mon, Jan 7, 2019 at 11:06 PM Mike Kriwonos <kriwon...@gmail.com> wrote:
>
> I am not sure exactly where you are having problems, but this is the high
> level process you need to work through:
>
> 1) Make sure CAS is built with the PAC4J-webflow depedency
> Use the Maven or Gradle properties defined here and use them for
> the cas.war build:
> https://apereo.github.io/cas/5.1.x/integration/Delegate-Authentication.html
>
> 2) Configure SAML in the cas.properties file
> Review pac4j.saml properties here:
> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#saml
> See: Delegate authentication to an external SAML2 IdP
>
> You may be able to start with some of the SAML Keystore information
> (keystore password and private key password) blank and CAS can generate the
> keystore on an initial test.
> THIS IS ONLY FOR DEV and test Purpose. In a working DEV/PROD environment
> you should set up a real private key and keystore with passwords and enter
> this information in cas.properties using pac4j.saml properties defined in
> the document above.
>
> You need fill in the pac4j.saml properties to provide a path to the SAML
> keystore and CAS needs to be able to read from and write to that path to
> create and use the file
> You need fill in the pac4j.saml properties to provide the IDP entity ID.
> You need fill in the pac4j.saml properties to provide a path to the IDP
> metadata. This could be a file path or a URL.Either way CAS needs read
> permissions to the path.
> I direct the metadata to /etc/cas/config and the keystores to another
> folder /etc/cas/keystore.
> If set up correctly and keystore is usable CAS will generate sp-metada.xml
> file
>
> The IDP will need the ACS and entity ID from the SP Metadata.
>
> That should get you started. If you have done ALL of this then please
> include details from logs, etc of where you are having problems.
> Mike
>
>
> On Monday, January 7, 2019 at 4:06:12 AM UTC-5, sairam wrote:
>>
>> Hi all,
>> I'm trying to integrate CAS with SAML using
>> pac4j(CAS-server-support-pac4j-web flow) support project from CAS by
>> following below document :
>>
>> https://apereo.github.io/cas/5.1.x/integration/Delegate-Authentication.html
>> I am using SSO(ACS) URL as https://witty.wavity.net/saml/login to
>> consume SAML assertion. Now, when the user gets logged in at IDP i,e at
>> okta it was redirecting to ACS URL with the forbidden error. So how can I
>> configure CAS to consume SAML assertion from IDP and assert CAS to grant
>> TGT to the SAML asserted user?
>>
>> Can you please help me out with the steps I need to follow at CAS once it
>> receives SAML assertion from any of the IDP and also with the steps to be
>> followed at java-cas-client.
>>
>> Thanks & Regards,
>> Sairam
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6ead2756-de50-4f44-8a77-b5380afd7917%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6ead2756-de50-4f44-8a77-b5380afd7917%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEFi7rkzpFPhtbUueB8cH7qiYi9yAF3yvqfWXZMm5SCH%2Bxh%2Bzg%40mail.gmail.com.
