Hi Tobey, Thanks for the further insight. To potentially simplify your setup, is there a reason you cannot use just cas? After taking a look I am guessing you do not have an option. Looks like ADFS is controlled by your regents? https://adfs.sdbor.edu/
Unfortunately I have not setup a relaying trust with ADFS before. I have configured CAS to work with an SP using ADFS. Potentially this guide can help: https://apereo.github.io/2018/07/31/cas6-delegated-authn-adfs/ Hope that helps! On Wed, Jun 10, 2020 at 9:09 AM Toby Archer <sandsl...@gmail.com> wrote: > Oh, and yes, this is our current functioning configuration in production > with CAS5. Works like a charm. > > On Wednesday, June 10, 2020 at 9:02:25 AM UTC-5, Toby Archer wrote: >> >> Thank you for your help. Yes, a little more detail. ADFS will be doing >> the authenticating, so if I've got my abbreviations straight, yes it will >> be SP. You hit CAS, it redirects you to ADFS where you login, and ADFS >> sends you back to CAS which sends you back to the service requesting a >> login. Through this whole process, the user never sees CAS. CAS adds no >> information to the ADFS responses, so it can be thought of as strictly a >> relying party which acts as a translator/adapter for services that can't >> connect directly to ADFS. >> > >> On Monday, June 8, 2020 at 2:10:10 PM UTC-5, Robert Bond wrote: >>> >>> >>> Hi Tobey, >>> >>> Can you explain the scenario a little more? >>> >>> What Role is the ADFS server playing? SP? >>> >>> What role is the cas server fulfilling? IDP? >>> >>> Do you have this working on CAS 5? >>> >>> Thanks! >>> >>> >>> On Thursday, June 4, 2020 at 11:40:47 AM UTC-5, Toby Archer wrote: >>>> >>>> We are looking to upgrade from CAS 5 to CAS 6. I have a fresh setup so >>>> I've just got the default json services and ADFS.. This >>>> <https://apereo.github.io/cas/6.0.x/integration/ADFS-Integration.html> >>>> guide >>>> suggests I need this line: >>>> >>>> compile >>>>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" >>>> >>>> >>>> In my build.gradle file. Presumably in the area right below: >>>> >>>> dependencies { >>>>> // Other CAS dependencies/modules may be listed here... >>>>> // implementation >>>>> "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" >>>>> compile >>>>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" >>>> >>>> >>>> And then I copied over the attributes from our test box, which appears >>>> to be the same in 5.x as it is in 6.x: >>>> <https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html> >>>> >>>> cas.authn.wsfed[0].identityProviderUrl=https://adfs.usd.edu/adfs/ls/ >>>>> cas.authn.wsfed[0].identityProviderIdentifier= >>>>> http://adfs.usd.edu/adfs/services/trust >>>>> cas.authn.wsfed[0].relyingPartyIdentifier=urn:cas:test-sso.usd.edu >>>>> cas.authn.wsfed[0].attributesType=WSFED >>>>> cas.authn.wsfed[0].autoRedirect=true >>>>> >>>>> cas.authn.wsfed[0].signingCertificateResources=file:/etc/cas/adfs_signing2019.cer >>>> >>>> >>>> But nothing happens. No redirect, no mention of ADFS in the logs. Was >>>> there something else I had to do? >>>> >>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/e80feb56-1d2a-42f7-a13b-753cd20bd745o%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e80feb56-1d2a-42f7-a13b-753cd20bd745o%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Robert Bond Network Administrator (918) 444-5886 Northeastern State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6qfeata-5BAtVWptc92JAT8wiwEvJ5ManrPB38%3DHAmgOA%40mail.gmail.com.
