[cas-user] Re: Lernaean Hydra and cas 6 ws-federation claims

Sun, 30 Jun 2019 06:32:37 -0700 

Here is my full idp configuration:

cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks

cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass

cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks

cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass


cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified

cas.authn.wsfedIdp.sts.encryptTokens=true


cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks

cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass

cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas

cas.authn.wsfedIdp.sts.realm.keyPassword=cas123456

cas.authn.wsfedIdp.sts.realm.issuer=CAS


#The signing and encryption keys are both JWKs of size 512 and 256. The 
encryption algorithm is set to AES_128_CBC_HMAC_SHA_256

# Used to secure authentication requests between the IdP and STS

cas.authn.wsfedIdp.sts.crypto.enabled=false

cas.authn.wsfedIdp.sts.crypto.signing.keySize=512

#cas.authn.wsfedIdp.sts.crypto.signing.key=


cas.authn.wsfedIdp.sts.crypto.encryption.keySize=256

#cas.authn.wsfedIdp.sts.crypto.encryption.key=


and attributes:

cas.authn.attributeRepository.stub.attributes.givenName=Billy
cas.authn.attributeRepository.stub.attributes.myName=Bob


Claims do not work but  were set up as:
{
  "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
  "serviceId" : "https://xxx";,
  "realm" : "https://xxx";,
  "name" : "Sample WsFed Application",
  "id" : 100,
  "attributeReleasePolicy" : {
    "@class" : 
"org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy",
    "allowedAttributes" : {
      "@class" : "java.util.TreeMap",
      "NAME" : "givenName",
      "GIVEN_NAME" : "myName"
    }
  }
}

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/289bf6e9-ca7b-45bc-93d9-ac573a30c452%40apereo.org.

Reply via email to