Hrm. Sadly that doesn't seem to be working. It's so annoying that I don't even have any indication as to why. If the logs would spit out what is broken I could fix it but it seems like CAS isn't even aware that I've enabled WS-FED. :c
On Wednesday, June 10, 2020 at 9:55:00 AM UTC-5, Robert Bond wrote: > > Hi Tobey, > > Thanks for the further insight. To potentially simplify your setup, is > there a reason you cannot use just cas? > After taking a look I am guessing you do not have an option. Looks like > ADFS is controlled by your regents? https://adfs.sdbor.edu/ > > Unfortunately I have not setup a relaying trust with ADFS before. I have > configured CAS to work with an SP using ADFS. > Potentially this guide can help: > https://apereo.github.io/2018/07/31/cas6-delegated-authn-adfs/ > > Hope that helps! > > > > > On Wed, Jun 10, 2020 at 9:09 AM Toby Archer <[email protected] > <javascript:>> wrote: > >> Oh, and yes, this is our current functioning configuration in production >> with CAS5. Works like a charm. >> >> On Wednesday, June 10, 2020 at 9:02:25 AM UTC-5, Toby Archer wrote: >>> >>> Thank you for your help. Yes, a little more detail. ADFS will be doing >>> the authenticating, so if I've got my abbreviations straight, yes it will >>> be SP. You hit CAS, it redirects you to ADFS where you login, and ADFS >>> sends you back to CAS which sends you back to the service requesting a >>> login. Through this whole process, the user never sees CAS. CAS adds no >>> information to the ADFS responses, so it can be thought of as strictly a >>> relying party which acts as a translator/adapter for services that can't >>> connect directly to ADFS. >>> >> >>> On Monday, June 8, 2020 at 2:10:10 PM UTC-5, Robert Bond wrote: >>>> >>>> >>>> Hi Tobey, >>>> >>>> Can you explain the scenario a little more? >>>> >>>> What Role is the ADFS server playing? SP? >>>> >>>> What role is the cas server fulfilling? IDP? >>>> >>>> Do you have this working on CAS 5? >>>> >>>> Thanks! >>>> >>>> >>>> On Thursday, June 4, 2020 at 11:40:47 AM UTC-5, Toby Archer wrote: >>>>> >>>>> We are looking to upgrade from CAS 5 to CAS 6. I have a fresh setup so >>>>> I've just got the default json services and ADFS.. This >>>>> <https://apereo.github.io/cas/6.0.x/integration/ADFS-Integration.html> >>>>> guide >>>>> suggests I need this line: >>>>> >>>>> compile >>>>>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" >>>>> >>>>> >>>>> In my build.gradle file. Presumably in the area right below: >>>>> >>>>> dependencies { >>>>>> // Other CAS dependencies/modules may be listed here... >>>>>> // implementation >>>>>> "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" >>>>>> compile >>>>>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" >>>>> >>>>> >>>>> And then I copied over the attributes from our test box, which appears >>>>> to be the same in 5.x as it is in 6.x: >>>>> <https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html> >>>>> >>>>> cas.authn.wsfed[0].identityProviderUrl=https://adfs.usd.edu/adfs/ls/ >>>>>> cas.authn.wsfed[0].identityProviderIdentifier= >>>>>> http://adfs.usd.edu/adfs/services/trust >>>>>> cas.authn.wsfed[0].relyingPartyIdentifier=urn:cas:test-sso.usd.edu >>>>>> cas.authn.wsfed[0].attributesType=WSFED >>>>>> cas.authn.wsfed[0].autoRedirect=true >>>>>> >>>>>> cas.authn.wsfed[0].signingCertificateResources=file:/etc/cas/adfs_signing2019.cer >>>>> >>>>> >>>>> But nothing happens. No redirect, no mention of ADFS in the logs. Was >>>>> there something else I had to do? >>>>> >>>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e80feb56-1d2a-42f7-a13b-753cd20bd745o%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e80feb56-1d2a-42f7-a13b-753cd20bd745o%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > > -- > Robert Bond > Network Administrator > (918) 444-5886 > Northeastern State University > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/96336766-536b-43ba-aada-c576c924b187o%40apereo.org.
