Hi, I'm running the Internet2 Shibboleth IdP and delegating authentication to CAS v6.2 for authentication. I know CAS can do its own SAML negotiation, but this is configuration my institution is currently happy with.
We are using the Unicon shibcas authenticator 3 ( https://github.com/Unicon/shib-cas-authn3) to make this work. When the IdP passes authentication to CAS, I can have CAS service entries set up that can be used for displaying service info on our CAS login page just like a service using the CAS protocol. However, the "accessStrategy" configuration doesn't seem to be working for this service. Is this configuration not supported? Authentication is successful despite the fact that the principal doesn't have the required attributes. Here is my example service configuration: { "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": " https://account-d.docusign.com/organizations/7b69e84c-b873-4923-85b7-b9930c08d975/saml2 ", "id": 6860, "attributeReleasePolicy": { "@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", "allowedAttributes": [ "java.util.ArrayList", [ "eduPersonEntitlement" ] ], "attributeFilter": { "@class": "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter", "completeMatch": false, "excludeUnmappedAttributes": false, "order": 0, "patterns": { "@class": "java.util.HashMap", "eduPersonEntitlement": "^ https://docusign-sandbox.lafayette.edu/$"; } } }, "accessStrategy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "unauthorizedRedirectUrl": " https://cas.stage.lafayette.edu/cas/html/403.html";, "requiredAttributes": { "@class": "java.util.HashMap", "eduPersonEntitlement": [ "java.util.HashSet", [ "https://docusign-sandbox.lafayette.edu/"; ] ] } }, "evaluationOrder": 6860, "name": "DocuSign Sandbox", "description": "DocuSign is an electronic signature and document routing service that securely transmits documents for signing.", "logo": "https://cdn.lafayette.edu/images/logos/docusign-100x100.png";, "properties": { "@class": "java.util.HashMap", "InformationURL": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty", "values": [ "java.util.HashSet", [ "https://help.lafayette.edu/docusign"; ] ] } } } Any help would be appreciated! Thanks, Carl Waldbieser ITS Lafayette College -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbMsLYd5TjSWbN7nZRXUi0tNTBHCf05PtbWF-EL4Rp9SMQ%40mail.gmail.com.
![https://cdn.lafayette.edu/images/logos/docusign-100x100.png"](https://cdn.lafayette.edu/images/logos/docusign-100x100.png"){kind=link}