Vikash, If you are setting up app.example.com with shibboleth, see shib docs, https://wiki.shibboleth.net/confluence/display/SP3/Home. There is also a mailing list, https://wiki.shibboleth.net/confluence/display/WEB/Mailing+Lists
Ray On Sun, 2020-07-19 at 17:33 +0530, Vikash Chandra Ansh wrote: HI All, CAS version I am using is 6.1.2 I am stuck with my other Client applications(https://app.example.com) integration with CAS(https://cas.example.com) using SAML. IDp is my CAS server and Shibboleth is my SP. When no application is integrated with it, the request is going directly to my IDP via SAML like when a user hits the https://localhost:443/index.html(present in httpd client/ htdocs/index.html) I got a SAML assertion. My CAS is also deployed in Apache tomcat. But when I am deploying app.example war in my tomcat,request is going to my IDP directly without any intercept of SP. Previously, we used to deploy the client app and add the particular JSON for it in CAS services folder,hence whenever a user requests for app.example.com<http://app.example.com>, request goes to CAS server using CAS protocol and in JSON we provide AD group for authorized access. Can you suggest how to achieve the same using SAML Please give me a step by step solution to achieve this. Do any changes in JSON required for app.example.com<http://app.example.com> or any configuration wise changes in shibboleth ,httpd client or CAS client? Thanks and regards Vikash Chandra On Wed, Jul 15, 2020 at 1:04 AM Vikash Chandra Ansh <[email protected]<mailto:[email protected]>> wrote: I can't do this as m using client vdi for development. On Wed 15 Jul, 2020, 00:35 David Curry, <[email protected]<mailto:[email protected]>> wrote: Can you attach the relevant piece of the cas log? (Not the whole thing, just the lines around the error.) --Dave -- DAVID A. CURRY, CISSP DIRECTOR • INFORMATION SECURITY & PRIVACY THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • [email protected]<mailto:[email protected]> On Tue, Jul 14, 2020 at 2:56 PM Vikash Chandra Ansh <[email protected]<mailto:[email protected]>> wrote: Hi David. I am seeing this in cas log. Can we connect David? On Wed 15 Jul, 2020, 00:21 David Curry, <[email protected]<mailto:[email protected]>> wrote: When you say you're "getting an error," where are you getting it? In the browser window? In the CAS log file? In the Tomcat log file? I'm not sure off the top of my head what it could be, as none of what we're doing here (installing Shib, Apache, etc.) has anything to do with columns or databases. --Dave -- DAVID A. CURRY, CISSP DIRECTOR • INFORMATION SECURITY & PRIVACY THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • [email protected]<mailto:[email protected]> On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh <[email protected]<mailto:[email protected]>> wrote: Hi Ray, I have added all the configuration accordingly and deployed the war file. I am getting an error invalid column name"expired". I don't have any clue on this.. Nothing as such is printed in logs. I am using Mssql as dB. Thanks & Regards On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, <[email protected]<mailto:[email protected]>> wrote: Thanks Ray, I will check and let you know in case of any issues. On Mon, Jul 13, 2020 at 3:58 AM David Curry <[email protected]<mailto:[email protected]>> wrote: The Shibboleth SP lets web services use SAML2 to authenticate and do single sign-on. So if you have configured an Apache server with mod_shib, then you would use the Apache config files to define a protected area on your web server, and put your web-based application into that protected area. When the user tries to access the application, mod_shib will intercept the request for a protected file, and redirect to the Shib SP, which will in turn talk to the CAS IdP. For a simple example with just a dumb PHP script as the "application," see this link: https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html It's for CAS 5.2.x rather than 6.x, but except for a configuration property name here or there, it should give you the idea. -- DAVID A. CURRY, CISSP DIRECTOR • INFORMATION SECURITY & PRIVACY THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • [email protected]<mailto:[email protected]> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <[email protected]<mailto:[email protected]>> wrote: Hi all. Kindly reply for my query. Thanks & Regards Vikash Chandra On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <[email protected]<mailto:[email protected]>> wrote: And moreover how cas will know that request will go to SP. I have added a json for the Sp using saml registry class proving SP url and metadata location of SP. PLEASE SUGGEST THANKS AND REGARDS VIKASH CHANDRA On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <[email protected]<mailto:[email protected]>> wrote: Hi all, I have successfully configured Shibboleth as SP on Apache server. My cas will work as IDP. Now, I have an application ABC which is integrated with CAS, so now how request will go via SP through my IDP?And what will be the format of url when I hit ABC application. Previously it used to be like cas url + service+ ABC url and after submit a service ticket is generated and validated. Now after this SAML change how will be my request look like on submit? Json for ABC application has been added in cas services folder. My cas version is 6.1.2. Thanks and regards Vikash Chandra On Thu 9 Jul, 2020, 21:39 Ray Bon, <[email protected]<mailto:[email protected]>> wrote: Vikash, Shib SP is described at https://wiki.shibboleth.net/confluence/display/SP3/Home Ray On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi all, I have made CAS as idp and added properties for SAML. I am able to extract metadata.xml. Now I want to make shibboleth as SP that need to be configured on Apache httpd client 2.4. Could you suggest how to implement this? Note:my httpd Apache client is running on https as well. Thanks and regards Vikash Chandra -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjQCbTcqunQbw7nvqTd3X-FAtVQ9CjS1qF3VVAwn0QxCQ%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjQCbTcqunQbw7nvqTd3X-FAtVQ9CjS1qF3VVAwn0QxCQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPZWnWCFW3OrHkdov15d6VAR9qnaP4zHOCdqbs7KpWhTA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPZWnWCFW3OrHkdov15d6VAR9qnaP4zHOCdqbs7KpWhTA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxhZ4gb4a%3DjD-yPyfNc7XF%3DY2HSEE2HDgVC00ryROxP9Xg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxhZ4gb4a%3DjD-yPyfNc7XF%3DY2HSEE2HDgVC00ryROxP9Xg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAN_oLfey1%3DQpRj7tUUqgd%2BzPKHxBX6ETYHEB5AHtpwNYA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAN_oLfey1%3DQpRj7tUUqgd%2BzPKHxBX6ETYHEB5AHtpwNYA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdrvxjuo-AZzgwy5pYp9tzRiRB8f-BkUUTczR5cpHVXkYNVvg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdrvxjuo-AZzgwy5pYp9tzRiRB8f-BkUUTczR5cpHVXkYNVvg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOV%3D%2Ba%2BgbG1ALAvc0X9_vjqmhx7HwbQyDOgNd99eQnkig%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOV%3D%2Ba%2BgbG1ALAvc0X9_vjqmhx7HwbQyDOgNd99eQnkig%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3c3f062266d796f8fb41a7a43bc82ab993c927bf.camel%40uvic.ca.
