Re: [cas-user] phpCAS - SAML & PGT's ?

[Joachim Fritschi]

The only solution that supports both attributes and proxying is an experimental phpCAS branch (ttps://issues.jasig.org/browse/PHPCAS-43) that uses attributes within the CAS 2.0 protocol. You also have to modifiy your cas server answer a bit to support non standard attribute release. This means modifying your casServiceValidationSuccess.jsp. I have a appended an example file to the mail.

Regards,

Joachim


Am 15.06.2010 16:39, schrieb Scott Battaglia:

This feature will probably make it's way into the phpCAS 1.2 release later this year.

SAML 1.1 unfortunately didn't provide support for proxying.  Certain
SAML 2 profiles do support it and we'll look at adding them for future
iterations of CAS.

Cheers,
Scott


On Mon, Jun 14, 2010 at 2:33 PM, Michael Edmonds <medmo...@mun.ca
<mailto:medmo...@mun.ca>> wrote:

    Hello,

    I’m using phpCAS and the SAML protocol in my php app.  It’s working
    great for authentication & attribute release, however, the
    application needs to obtain some PT’s so it can access some other
    CAS protected services.  It would seem the standard method using
    phpCAS::retrievePT(...) doesn’t work with the SAML protocol, as
    obviously we’re not getting a pgtIou in the receipt.  Is there any
    way to use SAML w/ attribute release and still get back a PGT ?
    What workarounds are people using ?

    Thanks in advance!

    Mike Edmonds

    medmo...@mun.ca <mailto:medmo...@mun.ca>

    --
    You are currently subscribed tocas-u...@lists.jasig.org  
<mailto:cas-user@lists.jasig.org>  as:scott.battag...@gmail.com  
<mailto:scott.battag...@gmail.com>


    To unsubscribe, change settings or access archives, 
seehttp://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to cas-user@lists.jasig.org as: 
frits...@hrz.tu-darmstadt.de
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
Joachim Fritschi
Hochschulrechenzentrum (HRZ)
L1|01 Raum 248
Petersenstr. 30
64287 Darmstadt

Tel. +49 6151 16-5638
Fax. +49 6151 16-3050
E-Mail: frits...@hrz.tu-darmstadt.de

<%@ page session="false" contentType="text/xml" pageEncoding="UTF-8"%><%@ 
taglib        prefix="c" uri="http://java.sun.com/jsp/jstl/core"%><%@ taglib  
prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%><?xml version="1.0" 
encoding="UTF-8"?>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationSuccess>
                
<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>
                <cas:attributes>
                        <c:forEach var="attr"
                                
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
                                        
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
                        </c:forEach>
                </cas:attributes>
                <c:if test="${not empty pgtIou}">
                        
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
                </c:if>
                <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
                        <cas:proxies>
                                <c:forEach var="proxy" 
items="${assertion.chainedAuthentications}"
                                        varStatus="loopStatus" begin="0"
                                        
end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
                                        
<cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
                                </c:forEach>
                        </cas:proxies>
                </c:if>
        </cas:authenticationSuccess>
</cas:serviceResponse>

smime.p7s
Description: S/MIME Cryptographic Signature