Thank You once again. As you said, SAML profiles did the trick.It seems to work fine. Now I have to pass user name from my LDAP to SAML SP. First I need to find out proper value for authorization. Regards BN
środa, 17 marca 2021 o 19:07:26 UTC+1 richard.frovarp napisał(a): > The IdP automatically generates metadata. And the correct endpoints are > listed on this page, including the metadata endpoint: > > > https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html > > Usually with SAML you provide the SP with a copy of your metadata, > ideally loaded from the URL automatically. If you need to provide > separate URLs to the SP, you'll find the correct ones in the metadata > and/or using the paths from documentation. > > On Wed, 2021-03-17 at 10:26 -0700, Bartosz Nitkiewicz wrote: > > Hi, > > Thanks for reply. > > What do you mean your IdP generated metadata? > > > > I did something like this as they recommended: > > https://help.servicedeskplus.com/saml-authentication$configuration > > > > As loginURL I've provided my https://myserver.org/cas/idp, I don't > > know if it is correct url? > > I'm wondering what is Assertion Consumer URL and where should I place > > it? > > > > Also I've uploaded my certificate. > > > > my cas.properties for SAML looks like this: > > > > ## SAML2 ## > > > > cas.authn.saml-idp.entity-id: ${cas.server.prefix}/idp > > cas.authn.saml-idp.metadata.location=file:/etc/cas/saml > > > > and service registry for app: > > > > { > > @class: org.apereo.cas.support.saml.services.SamlRegisteredService > > serviceId: MExx_6d2ea86d-b4e1-4473-8d4b-7a1378964e8b > > name: serwisapp > > id: 1615981648113 > > proxyTicketExpirationPolicy: > > { > > @class: > > org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpiration > > Policy > > } > > serviceTicketExpirationPolicy: > > { > > @class: > > org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirati > > onPolicy > > } > > evaluationOrder: 2 > > attributeReleasePolicy: > > { > > @class: > > org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy > > excludeDefaultAttributes: true > > authorizedToReleaseAuthenticationAttributes: false > > } > > metadataLocation: file://etc/cas- > > mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml <- (this > > is correct as cas-managment app create this directory) > > requiredAuthenticationContextClass: > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid- > > format:transient > > nameIdQualifier: "" > > signAssertions: true > > signingCredentialType: X509 > > assertionAudiences: https://servicedeskplus.com/SamlResponseServlet > > } > > > > Regards, > > BN > > > > środa, 17 marca 2021 o 16:49:11 UTC+1 richard.frovarp napisał(a): > > > Did you provide the app your IdP generated metadata or provide the > > > SP with the information in a different method? As that's the wrong > > > end point for the SP to be sending you to: > > > > > > > https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html > > > > > > On Wed, 2021-03-17 at 06:21 -0700, Bartosz Nitkiewicz wrote: > > > > Hi, > > > > Another day another CAS problem :) > > > > I'm trying to authenticate servicedeskplus.com application > > > > through SAML protocol. > > > > I've compiled in cas-server-support-saml-idp in my CAS app. > > > > Added service registry in CAS-Management app. I used xml file > > > > form servicedesk. > > > > > > > > Everything seems to work but if I want to authenticate > > > > serivcedesk it redirects me to this: > > > > > > > > > https://myserver.org/cas/idp?SAMLRequest=fZJfb5swFMWf10%2BBeDdgCCFYSaS02bRI7YaSbA97qRz70loCm%2FmadNunn01XtdWkvB6f3%2F1zrpfI%2B25gm9E96j38HAFddBX96juNbHpaxaPVzHBUyDTvAZkT7LC5u2V5krHBGmeE6eJ30GWGI4J1yugA7bar%2BO7j%2FYwLSSWn5NSWOZnRuiQLkUsyP0EhOM9o3s6D%2FTtY9OQq9oUmHHGEnUbHtfNillOSFYRWR1owmrGy%2BhFcjTVnJcF%2B8bOEds9k4wdRZy%2B0vEMIWrT16yvN3dTi0bkBWZo6LwqOySj%2BQKcVT8anPgE5JkOXej1VcvjXZIriWmmp9MPlDE7PJmSfj8eGNF8Px1Bi85LMjdE49mAPYM9KwLf97es43vKk8O0QBx%2F5HnDwEASiAxevr6IPy3ALNkVk1z7krIRW0iojxUJIMlvUBannBSXzRU3LquSc1tUyfQu9FBlYiG63bUynxO%2Fok7E9d5c3DIqSpJ2sbAh3QwfaxVE6lU3%2F%2F3jrvw%3D%3D > > > > > > > > service.xlm as attachement (without real cert) > > > > > > > > Please help me. > > > > > > > > > > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c4e954d5-8a05-437a-83a3-665b421bb070n%40apereo.org.
