Hi Marvin, Thanks for your response. I am using SAML v1.1.
For the source ID I did try base-64 encoding of the /samlValidate URI, but that didn't work. Actually, the source ID is the base-64 encoding of the SHA-1 digest of the source URL. As mentioned earlier, I tried various URI combinations to generate the source ID, but with no success. But, I was able to get the source ID from the artifact that was generated on the CAS. I used this class *oracle.security.xmlsec.saml.Artifact* to get the source ID from the Artifact. But, still not able to figure out which URI will generate this source ID. As for the redirection is concerned, we can configure the query parameters that we want to pass to CAS in weblogic. So, I configured ACS as one of the parameters and modified CAS in such a way that if ACS is present as one of the parameters, use that for redirection, else, use the TARGET value for redirection. Another issue that I am now encountering is CAS is expecting the TARGET parameter as one of the parameters during the SAMLAssertionRequest, but weblogic is not passing any such parameters while doing a SAMLAssertionRequest. Any suggestions, on how can I proceed on this one? Thanks so much for your help. Shyam. On Thu, Apr 5, 2012 at 12:31 PM, Marvin S. Addison <[email protected] > wrote: > Has anyone tried to integrate CAS with weblogic using SAML? >> > > Doubtful in the way that's implied from subsequent discussion. > > > We have to configure a partner >> source ID parameter in weblogic which is a HEX or base64 encoded string of >> the CAS URL. >> > > Just a guess: try base-64 encoding the fully-qualified /samlValidate URI, > which would appear to be the attribute authority URI from the perspective > of a SAML service provider. > > > Another issue that is happening is, CAS is redirecting the artifactID to >> the >> same URL in the 'TARGET' query parameter, but according to the SAML >> browser/Artifact profile specification, it has to be redirected to an >> Assertion Consumer URL which is >> https://weblogicserver/**samlacs/acs<https://weblogicserver/samlacs/acs>in >> this >> case. >> > > Let's clarify whether you're trying to speak SAML 1.1 or SAML 2. I'm a > little fuzzy on what profiles are defined in each version, but IIRC browser > artifact profile is only defined in SAML 2. Our support for SAML 2 is very > limited, but it's technically feasible to dig out the ACS URL from the > SAMLRequest parameter and use it as a redirect URL in CAS. While I could > give some pointers, that would be an engineering effort you'd tackle on > your own. (Though we would appreciate your sharing your work if you > accomplish it.) > > > M > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
