Bumping this. Has anyone had any luck configuring this or a suitable work around that keeps CAS within the auth flow?
On Monday, June 28, 2021 at 12:22:07 PM UTC-4 Josh G wrote: > We are currently running CAS 6.3 as a CAS and SAML IdP, both of which use > LDAP for authentication. We have Azure AD (as a service) configured to > authenticate through CAS using SAML which has been working perfectly fine > for years. > > Our Desktop Management team is looking to expand our usage of Azure AD to > include services that will require additional protocols other than SAML to > work properly. I was wondering if anyone has had any success configuring > CAS as a WS-Trust provider with the necessary claims. If anyone has this > working, I would very much appreciate seeing how you did it! > > What I am looking for is this: > https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains > > specifically the following: > > *A federated environment should have an identity provider that supports > the following requirements. If you have a federated environment using > Active Directory Federation Services (AD FS), then the below requirements > are already supported.* > > - *WIAORMULTIAUTHN claim: This claim is required to do hybrid Azure AD > join for Windows down-level devices.* > - *WS-Trust protocol: This protocol is required to authenticate > Windows current hybrid Azure AD joined devices with Azure AD. When you're > using AD FS, you need to enable the following WS-Trust endpoints: > /adfs/services/trust/2005/windowstransport > /adfs/services/trust/13/windowstransport > /adfs/services/trust/2005/usernamemixed > /adfs/services/trust/13/usernamemixed > /adfs/services/trust/2005/certificatemixed > /adfs/services/trust/13/certificatemixed* > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c580d399-b85b-44b6-a5ff-96bc10106e24n%40apereo.org.
