Hello Josh, We have exactly the same scenario you described. I was wondering if you have been able to configure the AD Azure service using WS Trust protocol with CAS. Thank you.
On Thursday, September 23, 2021 at 6:51:44 AM UTC-4 Josh G wrote: > Bumping this. Has anyone had any luck configuring this or a suitable work > around that keeps CAS within the auth flow? > > On Monday, June 28, 2021 at 12:22:07 PM UTC-4 Josh G wrote: > >> We are currently running CAS 6.3 as a CAS and SAML IdP, both of which use >> LDAP for authentication. We have Azure AD (as a service) configured to >> authenticate through CAS using SAML which has been working perfectly fine >> for years. >> >> Our Desktop Management team is looking to expand our usage of Azure AD to >> include services that will require additional protocols other than SAML to >> work properly. I was wondering if anyone has had any success configuring >> CAS as a WS-Trust provider with the necessary claims. If anyone has this >> working, I would very much appreciate seeing how you did it! >> >> What I am looking for is this: >> https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains >> >> specifically the following: >> >> *A federated environment should have an identity provider that supports >> the following requirements. If you have a federated environment using >> Active Directory Federation Services (AD FS), then the below requirements >> are already supported.* >> >> - *WIAORMULTIAUTHN claim: This claim is required to do hybrid Azure >> AD join for Windows down-level devices.* >> - *WS-Trust protocol: This protocol is required to authenticate >> Windows current hybrid Azure AD joined devices with Azure AD. When you're >> using AD FS, you need to enable the following WS-Trust endpoints: >> /adfs/services/trust/2005/windowstransport >> /adfs/services/trust/13/windowstransport >> /adfs/services/trust/2005/usernamemixed >> /adfs/services/trust/13/usernamemixed >> /adfs/services/trust/2005/certificatemixed >> /adfs/services/trust/13/certificatemixed* >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cfb43809-ab2c-496c-ae69-9de9dfbf47ddn%40apereo.org.
