Ok, so
https://apereo.github.io/cas/6.3.x/integration/Attribute-Definitions.html#pattern-formats
would be ok.
How to setup CAS to pass desire attribute?
I have this in my app.json. Is it ok?
{
@class: org.apereo.cas.support.saml.services.SamlRegisteredService
serviceId: MExxx_05efd170-38cd-4893-9631-6891575asa197
name: serwis
id: 1616175519923
proxyTicketExpirationPolicy:
{
@class:
org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy
}
serviceTicketExpirationPolicy:
{
@class:
org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy
}
evaluationOrder: 2
usernameAttributeProvider:
{
@class:
org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider
usernameAttribute: sAMAccountName
}
attributeReleasePolicy:
{
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
excludeDefaultAttributes: true
authorizedToReleaseAuthenticationAttributes: false
}
metadataLocation:
file://etc/cas-mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml
requiredNameIdFormat:
org.opensaml.saml.saml2.metadata.impl.NameIDFormatImpl@2afbaa5
signAssertions: true
signingCredentialType: X509
}
piątek, 19 marca 2021 o 16:30:44 UTC+1 Ray Bon napisał(a):
> Bartosz,
>
> See,
> https://apereo.github.io/cas/6.3.x/integration/Attribute-Definitions.html,
> for modifying attributes.
>
> Ray
>
> On Fri, 2021-03-19 at 01:47 -0700, Bartosz Nitkiewicz wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> One more thing. How to change LDAP user name form sAMAccountName to
> univ\sAMAccountName. Is it possible?
>
> czwartek, 18 marca 2021 o 14:05:48 UTC+1 Bartosz Nitkiewicz napisał(a):
>
> Thank You once again.
> As you said, SAML profiles did the trick.It seems to work fine. Now I have
> to pass user name from my LDAP to SAML SP. First I need to figure out
> proper value for authorization.
> Regards
> BN
>
>
> środa, 17 marca 2021 o 19:07:26 UTC+1 richard.frovarp napisał(a):
>
> The IdP automatically generates metadata. And the correct endpoints are
> listed on this page, including the metadata endpoint:
>
>
> https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html
>
>
> Usually with SAML you provide the SP with a copy of your metadata,
> ideally loaded from the URL automatically. If you need to provide
> separate URLs to the SP, you'll find the correct ones in the metadata
> and/or using the paths from documentation.
>
> On Wed, 2021-03-17 at 10:26 -0700, Bartosz Nitkiewicz wrote:
> > Hi,
> > Thanks for reply.
> > What do you mean your IdP generated metadata?
> >
> > I did something like this as they recommended:
> > https://help.servicedeskplus.com/saml-authentication$configuration
> >
> > As loginURL I've provided my https://myserver.org/cas/idp, I don't
> > know if it is correct url?
> > I'm wondering what is Assertion Consumer URL and where should I place
> > it?
> >
> > Also I've uploaded my certificate.
> >
> > my cas.properties for SAML looks like this:
> >
> > ## SAML2 ##
> >
> > cas.authn.saml-idp.entity-id: ${cas.server.prefix}/idp
> > cas.authn.saml-idp.metadata.location=file:/etc/cas/saml
> >
> > and service registry for app:
> >
> > {
> > @class: org.apereo.cas.support.saml.services.SamlRegisteredService
> > serviceId: MExx_6d2ea86d-b4e1-4473-8d4b-7a1378964e8b
> > name: serwisapp
> > id: 1615981648113
> > proxyTicketExpirationPolicy:
> > {
> > @class:
> > org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpiration
> > Policy
> > }
> > serviceTicketExpirationPolicy:
> > {
> > @class:
> > org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirati
> > onPolicy
> > }
> > evaluationOrder: 2
> > attributeReleasePolicy:
> > {
> > @class:
> > org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
> > excludeDefaultAttributes: true
> > authorizedToReleaseAuthenticationAttributes: false
> > }
> > metadataLocation: file://etc/cas-
> > mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml <- (this
> > is correct as cas-managment app create this directory)
> > requiredAuthenticationContextClass:
> > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
> > requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid-
> > format:transient
> > nameIdQualifier: ""
> > signAssertions: true
> > signingCredentialType: X509
> > assertionAudiences: https://servicedeskplus.com/SamlResponseServlet
> > }
> >
> > Regards,
> > BN
> >
> > środa, 17 marca 2021 o 16:49:11 UTC+1 richard.frovarp napisał(a):
> > > Did you provide the app your IdP generated metadata or provide the
> > > SP with the information in a different method? As that's the wrong
> > > end point for the SP to be sending you to:
> > >
> > >
> https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html
>
> > >
> > > On Wed, 2021-03-17 at 06:21 -0700, Bartosz Nitkiewicz wrote:
> > > > Hi,
> > > > Another day another CAS problem :)
> > > > I'm trying to authenticate servicedeskplus.com application
> > > > through SAML protocol.
> > > > I've compiled in cas-server-support-saml-idp in my CAS app.
> > > > Added service registry in CAS-Management app. I used xml file
> > > > form servicedesk.
> > > >
> > > > Everything seems to work but if I want to authenticate
> > > > serivcedesk it redirects me to this:
> > > >
> > > >
> https://myserver.org/cas/idp?SAMLRequest=fZJfb5swFMWf10%2BBeDdgCCFYSaS02bRI7YaSbA97qRz70loCm%2FmadNunn01XtdWkvB6f3%2F1zrpfI%2B25gm9E96j38HAFddBX96juNbHpaxaPVzHBUyDTvAZkT7LC5u2V5krHBGmeE6eJ30GWGI4J1yugA7bar%2BO7j%2FYwLSSWn5NSWOZnRuiQLkUsyP0EhOM9o3s6D%2FTtY9OQq9oUmHHGEnUbHtfNillOSFYRWR1owmrGy%2BhFcjTVnJcF%2B8bOEds9k4wdRZy%2B0vEMIWrT16yvN3dTi0bkBWZo6LwqOySj%2BQKcVT8anPgE5JkOXej1VcvjXZIriWmmp9MPlDE7PJmSfj8eGNF8Px1Bi85LMjdE49mAPYM9KwLf97es43vKk8O0QBx%2F5HnDwEASiAxevr6IPy3ALNkVk1z7krIRW0iojxUJIMlvUBannBSXzRU3LquSc1tUyfQu9FBlYiG63bUynxO%2Fok7E9d5c3DIqSpJ2sbAh3QwfaxVE6lU3%2F%2F3jrvw%3D%3D
>
> > > >
> > > > service.xlm as attachement (without real cert)
> > > >
> > > > Please help me.
> > > >
> > > >
> > > >
>
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b8986451-5824-474a-81fc-b5696b75695fn%40apereo.org.
