U can use this service it's work for me
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "^https://.+";,
"name" : "SAML SERVICE",
"id" : 111222333,
"metadataLocation" :
"https://test-pra.exemple.com/Shibboleth.sso/Metadata";,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"cn" : "urn:oid:2.5.4.3",
"displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
"givenName" : "urn:oid:2.5.4.42",
"mail" : "urn:oid:0.9.2342.19200300.100.1.3",
"sn" : "urn:oid:2.5.4.4",
}
}
}
Le mardi 29 octobre 2024 à 03:23:16 UTC, Papeace Ndiaye a écrit :
> Now with SAML Tracer i see my attributes with this service
> {
> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId" : "https://test-moodle.exemple.com";,
> "name" : "Sample",
> "id" : 1730131468521,
> "requiredNameIdFormat":
> "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
> "usernameAttributeProvider" : {
> "@class" :
> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute" : "mail",
> }
> "metadataLocation" : "
> https://test-moodle.exemple.com/Shibboleth.sso/Metadata";,
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> }
> }
> Now i want to have mail urn:oid:0.9.2342.19200300.100.1.3
> givenName urn:oid:2.5.4.42
> sn urn:oid:2.5.4.42
> mail urn:oid:0.9.2342.19200300.100.1.3
> Le lundi 28 octobre 2024 à 13:10:47 UTC, Jeremiah Garmatter a écrit :
>
>> Papeace,
>>
>> If you haven't already, I'd recommend installing a web-browser plugin
>> called "SAMLTracer". It'll decode SAML requests and responses which you can
>> use to troubleshoot the authentication process.
>> I'm not sure if this is an copy-paste issue or some sort of encoding
>> problem, but your requiredNameIdFormat has an "@6bb1a595" at the end. I'm
>> not sure that is a valid nameID format.
>> Typically, I obtain the nameID format from the SP metadata. I'll copy the
>> string directly from the SP's metadata and paste it into the json file.
>> Then, if necessary, I'll map it to another attribute with something like
>> this:
>> "requiredNameIdFormat":
>> "urn:oasis:names:tc:SAML:1.1:nameid-format:persistent",
>> "usernameAttributeProvider" : {
>> "@class" :
>> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
>> "usernameAttribute" : "myPersistentIDAttribute",
>> }
>>
>> On Saturday, October 26, 2024 at 2:44:29 PM UTC-4 Papeace Ndiaye wrote:
>>
>>> I am configuring CAS SAML2 to authenticate my applications like Moodle,
>>> WAYF, Shibboleth, etc., but the issue is that I can obtain the metadata,
>>> yet I still encounter authorization errors.
>>> cas.server.name=https://cas.exemple.com
>>> cas.server.prefix=${cas.server.name}/cas
>>> logging.config=file:/etc/cas/config/log4j2.xml
>>> cas.authn.attributeRepository.ldap[0].attributes.mail=mail
>>> cas.authn.attributeRepository.ldap[0].attributes.sn=sn
>>> cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
>>> cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
>>> cas.authn.ldap[0].type=AUTHENTICATED
>>> cas.authn.ldap[0].ldapUrl=ldap://10.10.10.10
>>> cas.authn.ldap[0].baseDn=dc=exemple,dc=com
>>> cas.authn.ldap[0].searchFilter=uid={user}
>>> cas.authn.ldap[0].subtreeSearch=true
>>> cas.authn.ldap[0].bindDn=cn=admin,dc=exemple,dc=com
>>> cas.authn.ldap[0].bindCredential=password
>>> cas.authn.ldap[0].principalAttributeId=uid
>>>
>>> cas.authn.ldap[0].principalAttributeList=sn,givenName,mail,eduPersonPrimaryAffiliation,displayName
>>> cas.service-registry.core.init-from-json=false
>>> cas.service-registry.json.location=file:/etc/cas/services
>>> #################### SAML2 ##############################
>>>
>>> cas.authn.saml-idp.core.entity-id=https://cas.exemple.com/cas/idp
>>> cas.authn.saml-idp.metadata.file-system.location=file:/etc/cas/saml/
>>> cas.server.scope=exemple.com
>>> cas.authn.saml-idp.metadata.file-system.sign-metadata=false
>>> cas.authn.saml-idp.metadata.core.cache-expiration=PT5M
>>>
>>> my service saml-1001.json
>>> {
>>> @class: org.apereo.cas.support.saml.services.SamlRegisteredService
>>> serviceId: https://moodle.exemple.com
>>> name: sml
>>> id: 1001
>>> evaluationOrder: 3
>>> attributeReleasePolicy:
>>> {
>>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>>> excludeDefaultAttributes: true
>>> }
>>> metadataLocation:
>>> https://moodle.unchk.sn/auth/mo_saml/index.php?option=mosaml_metadata
>>> requiredNameIdFormat:
>>> org.opensaml.saml.saml2.metadata.impl.NameIDFormatImpl@6bb1a595
>>> signAssertions: TRUE
>>> signingCredentialType: BASIC
>>> }
>>> @ray
>>> @jeremy
>>> please can you help me
>>>
>>>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/28112b88-94f6-49e9-9a9c-c261da888caan%40apereo.org.
