Hi Tobey, Thanks for the further insight. To potentially simplify your setup, is there a reason you cannot use just cas? After taking a look I am guessing you do not have an option. Looks like ADFS is controlled by your regents? https://adfs.sdbor.edu/
Unfortunately I have not setup a relaying trust with ADFS before. I have configured CAS to work with an SP using ADFS. Potentially this guide can help: https://apereo.github.io/2018/07/31/cas6-delegated-authn-adfs/ Hope that helps! On Wed, Jun 10, 2020 at 9:09 AM Toby Archer <[email protected]> wrote: > Oh, and yes, this is our current functioning configuration in production > with CAS5. Works like a charm. > > On Wednesday, June 10, 2020 at 9:02:25 AM UTC-5, Toby Archer wrote: >> >> Thank you for your help. Yes, a little more detail. ADFS will be doing >> the authenticating, so if I've got my abbreviations straight, yes it will >> be SP. You hit CAS, it redirects you to ADFS where you login, and ADFS >> sends you back to CAS which sends you back to the service requesting a >> login. Through this whole process, the user never sees CAS. CAS adds no >> information to the ADFS responses, so it can be thought of as strictly a >> relying party which acts as a translator/adapter for services that can't >> connect directly to ADFS. >> > >> On Monday, June 8, 2020 at 2:10:10 PM UTC-5, Robert Bond wrote: >>> >>> >>> Hi Tobey, >>> >>> Can you explain the scenario a little more? >>> >>> What Role is the ADFS server playing? SP? >>> >>> What role is the cas server fulfilling? IDP? >>> >>> Do you have this working on CAS 5? >>> >>> Thanks! >>> >>> >>> On Thursday, June 4, 2020 at 11:40:47 AM UTC-5, Toby Archer wrote: >>>> >>>> We are looking to upgrade from CAS 5 to CAS 6. I have a fresh setup so >>>> I've just got the default json services and ADFS.. This >>>> <https://apereo.github.io/cas/6.0.x/integration/ADFS-Integration.html> >>>> guide >>>> suggests I need this line: >>>> >>>> compile >>>>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" >>>> >>>> >>>> In my build.gradle file. Presumably in the area right below: >>>> >>>> dependencies { >>>>> // Other CAS dependencies/modules may be listed here... >>>>> // implementation >>>>> "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" >>>>> compile >>>>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" >>>> >>>> >>>> And then I copied over the attributes from our test box, which appears >>>> to be the same in 5.x as it is in 6.x: >>>> <https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html> >>>> >>>> cas.authn.wsfed[0].identityProviderUrl=https://adfs.usd.edu/adfs/ls/ >>>>> cas.authn.wsfed[0].identityProviderIdentifier= >>>>> http://adfs.usd.edu/adfs/services/trust >>>>> cas.authn.wsfed[0].relyingPartyIdentifier=urn:cas:test-sso.usd.edu >>>>> cas.authn.wsfed[0].attributesType=WSFED >>>>> cas.authn.wsfed[0].autoRedirect=true >>>>> >>>>> cas.authn.wsfed[0].signingCertificateResources=file:/etc/cas/adfs_signing2019.cer >>>> >>>> >>>> But nothing happens. No redirect, no mention of ADFS in the logs. Was >>>> there something else I had to do? >>>> >>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/e80feb56-1d2a-42f7-a13b-753cd20bd745o%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e80feb56-1d2a-42f7-a13b-753cd20bd745o%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Robert Bond Network Administrator (918) 444-5886 Northeastern State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6qfeata-5BAtVWptc92JAT8wiwEvJ5ManrPB38%3DHAmgOA%40mail.gmail.com.
