Bartosz, See, https://apereo.github.io/cas/6.3.x/integration/Attribute-Definitions.html, for modifying attributes.
Ray On Fri, 2021-03-19 at 01:47 -0700, Bartosz Nitkiewicz wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. One more thing. How to change LDAP user name form sAMAccountName to univ\sAMAccountName. Is it possible? czwartek, 18 marca 2021 o 14:05:48 UTC+1 Bartosz Nitkiewicz napisał(a): Thank You once again. As you said, SAML profiles did the trick.It seems to work fine. Now I have to pass user name from my LDAP to SAML SP. First I need to figure out proper value for authorization. Regards BN środa, 17 marca 2021 o 19:07:26 UTC+1 richard.frovarp napisał(a): The IdP automatically generates metadata. And the correct endpoints are listed on this page, including the metadata endpoint: https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html Usually with SAML you provide the SP with a copy of your metadata, ideally loaded from the URL automatically. If you need to provide separate URLs to the SP, you'll find the correct ones in the metadata and/or using the paths from documentation. On Wed, 2021-03-17 at 10:26 -0700, Bartosz Nitkiewicz wrote: > Hi, > Thanks for reply. > What do you mean your IdP generated metadata? > > I did something like this as they recommended: > https://help.servicedeskplus.com/saml-authentication$configuration > > As loginURL I've provided my https://myserver.org/cas/idp, I don't > know if it is correct url? > I'm wondering what is Assertion Consumer URL and where should I place > it? > > Also I've uploaded my certificate. > > my cas.properties for SAML looks like this: > > ## SAML2 ## > > cas.authn.saml-idp.entity-id: ${cas.server.prefix}/idp > cas.authn.saml-idp.metadata.location=file:/etc/cas/saml > > and service registry for app: > > { > @class: org.apereo.cas.support.saml.services.SamlRegisteredService > serviceId: MExx_6d2ea86d-b4e1-4473-8d4b-7a1378964e8b > name: serwisapp > id: 1615981648113 > proxyTicketExpirationPolicy: > { > @class: > org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpiration > Policy > } > serviceTicketExpirationPolicy: > { > @class: > org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirati > onPolicy > } > evaluationOrder: 2 > attributeReleasePolicy: > { > @class: > org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy > excludeDefaultAttributes: true > authorizedToReleaseAuthenticationAttributes: false > } > metadataLocation: file://etc/cas- > mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml <- (this > is correct as cas-managment app create this directory) > requiredAuthenticationContextClass: > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid- > format:transient > nameIdQualifier: "" > signAssertions: true > signingCredentialType: X509 > assertionAudiences: https://servicedeskplus.com/SamlResponseServlet > } > > Regards, > BN > > środa, 17 marca 2021 o 16:49:11 UTC+1 richard.frovarp napisał(a): > > Did you provide the app your IdP generated metadata or provide the > > SP with the information in a different method? As that's the wrong > > end point for the SP to be sending you to: > > > > https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html > > > > On Wed, 2021-03-17 at 06:21 -0700, Bartosz Nitkiewicz wrote: > > > Hi, > > > Another day another CAS problem :) > > > I'm trying to authenticate > > > servicedeskplus.com<http://servicedeskplus.com> application > > > through SAML protocol. > > > I've compiled in cas-server-support-saml-idp in my CAS app. > > > Added service registry in CAS-Management app. I used xml file > > > form servicedesk. > > > > > > Everything seems to work but if I want to authenticate > > > serivcedesk it redirects me to this: > > > > > > https://myserver.org/cas/idp?SAMLRequest=fZJfb5swFMWf10%2BBeDdgCCFYSaS02bRI7YaSbA97qRz70loCm%2FmadNunn01XtdWkvB6f3%2F1zrpfI%2B25gm9E96j38HAFddBX96juNbHpaxaPVzHBUyDTvAZkT7LC5u2V5krHBGmeE6eJ30GWGI4J1yugA7bar%2BO7j%2FYwLSSWn5NSWOZnRuiQLkUsyP0EhOM9o3s6D%2FTtY9OQq9oUmHHGEnUbHtfNillOSFYRWR1owmrGy%2BhFcjTVnJcF%2B8bOEds9k4wdRZy%2B0vEMIWrT16yvN3dTi0bkBWZo6LwqOySj%2BQKcVT8anPgE5JkOXej1VcvjXZIriWmmp9MPlDE7PJmSfj8eGNF8Px1Bi85LMjdE49mAPYM9KwLf97es43vKk8O0QBx%2F5HnDwEASiAxevr6IPy3ALNkVk1z7krIRW0iojxUJIMlvUBannBSXzRU3LquSc1tUyfQu9FBlYiG63bUynxO%2Fok7E9d5c3DIqSpJ2sbAh3QwfaxVE6lU3%2F%2F3jrvw%3D%3D > > > > > > service.xlm as attachement (without real cert) > > > > > > Please help me. > > > > > > > > > -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/440539bf91f636cd490ab88b59b3b2ec5095bc85.camel%40uvic.ca.
