>From my CAS PHP client debug log, here is what the handshake looks like:
CC76 .| | | | =>
CAS_Client::_readURL('https://login.oregonstate.edu/cas/samlValidate?TARGET=http%3A%2F%2Fpeople.oregonstate.edu%2F%7Emorgan%2FCAS-1.3.1%2Ftest.php',
NULL, NULL, NULL) [Client.php:1748]
CC76 .| | | | | => CAS_Client::_buildSAMLPayload()
[Client.php:2432]
CC76 .| | | | | <= '<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1"
MinorVersion="1" RequestID="_192.168.16.51.1024506224022"
IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact>ST-80425-UvrgjbOmAeFWTLco2BOy-login2</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>'
You can see the URL that it POSTed to and an example payload.
Andy
On Tue, 27 Nov 2012, Scott Battaglia wrote:
> I don't believe the SAML parameters are service and ticket. Its something
> like TARGET and SAMLart:
> https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/SamlService.java
>
>
> On Tue, Nov 27, 2012 at 1:51 PM, Ourada, John <[email protected]> wrote:
>
>> Originally we had a custom authenticator to authenticate against an
>> internal authentication service. As part of the customization, the
>> person’s university id was returned as part of the username (username:ID)*
>> ***
>>
>> ** **
>>
>> We moving to use MS-AD so I have started working on setting CAS up to use
>> AD/LDAP. I don’t want to modify the LDAP authenticators to return the
>> hacked username so I want to use SAML to get the University ID from AD.***
>> *
>>
>> ** **
>>
>> I am using 3.4.12 to test with and am using the uber-webapp war for now.**
>> **
>>
>> ** **
>>
>> I have LDAP working correctly using FastBind and am filling the Attribute
>> Repository.****
>>
>> ** **
>>
>> SAML on the other hand isn’t playing nice. I am doing this all from my
>> desktop (Windows 7) for now.****
>>
>> ** **
>>
>> After authenticating a service, I am using Fiddler to post to the
>> samlValidate service.****
>>
>> ** **
>>
>> POST à
>> https://140.192.89.33/cas/serviceValidate?ticket=ST-1-2acg0RAFuewme4DWnvi0-logintst.depaul.edu&service=http://www.depaul.edu/
>> ****
>>
>> Headers:****
>>
>> Host: 140.192.89.33****
>>
>> Content-Length: 465****
>>
>> Content-Type: text/xml****
>>
>> SOAPAction: http://www.oasis-open.org/committees/security****
>>
>> ** **
>>
>> Request Body:****
>>
>> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/";>****
>>
>> <SOAP-ENV:Header/>****
>>
>> <SOAP-ENV:Body>****
>>
>> <samlp:Request****
>>
>> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"****
>>
>> MajorVersion="1"****
>>
>> MinorVersion="1"****
>>
>> RequestID="_192.168.16.51.1024506224022"****
>>
>> IssueInstant="2002-06-19T17:03:44.022Z">****
>>
>> <samlp:AssertionArtifact>****
>>
>> ST-1-2acg0RAFuewme4DWnvi0-logintst.depaul.edu****
>>
>> </samlp:AssertionArtifact>****
>>
>> </samlp:Request>****
>>
>> </SOAP-ENV:Body>****
>>
>> </SOAP-ENV:Envelope>****
>>
>> ** **
>>
>> Unfortunately, I am getting 500 errors all the time. I can successfully
>> GET serviceValidate though with the same URL****
>>
>> ** **
>>
>> What I see in the logs is:****
>>
>> 2012-11-27 11:39:02,031 INFO
>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN****
>>
>> =============================================================****
>>
>> WHO: JOURADA****
>>
>> WHAT: ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu for
>> http://www.depaul.edu/****
>>
>> ACTION: SERVICE_TICKET_CREATED****
>>
>> APPLICATION: CAS****
>>
>> WHEN: Tue Nov 27 11:39:02 CST 2012****
>>
>> CLIENT IP ADDRESS: 140.192.89.33****
>>
>> SERVER IP ADDRESS: 140.192.89.33****
>>
>> =============================================================****
>>
>> ** **
>>
>>> ** **
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.authentication.principal.SamlService] - <Attempted to
>> extract Request from HttpServletRequest. Results:>****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.authentication.principal.SamlService] - <Request Body:
>> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/
>> "><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Requestxmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"MajorVersion="1"MinorVersion="1"RequestID="_192.168.16.51.1024506224022"IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact>
>> ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu
>> </samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>>
>> ****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.authentication.principal.SamlService] - <Extracted
>> ArtifactId: ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu>****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request
>> Id: _192.168.16.51.1024506224022>****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated
>> service for: null>****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
>> retrieve ticket [ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu]>****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [
>> ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu] found in registry.>****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
>> retrieve ticket [ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu]>****
>>
>> 2012-11-27 11:39:36,741 DEBUG
>> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [
>> ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu] found in registry.>****
>>
>> 2012-11-27 11:39:36,741 INFO
>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN****
>>
>> =============================================================****
>>
>> WHO: JOURADA****
>>
>> WHAT: ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu****
>>
>> ACTION: SERVICE_TICKET_VALIDATE_FAILED****
>>
>> APPLICATION: CAS****
>>
>> WHEN: Tue Nov 27 11:39:36 CST 2012****
>>
>> CLIENT IP ADDRESS: 140.192.89.33****
>>
>> SERVER IP ADDRESS: 140.192.89.33****
>>
>> =============================================================****
>>
>> ** **
>>
>>> ** **
>>
>> 2012-11-27 11:39:36,757 DEBUG
>> [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
>> service for: http://www.depaul.edu/>****
>>
>> ** **
>>
>> And a corresponding null reference exception in the catalina log that I
>> won’t put here, but have included. I feel like I have missed something
>> simple in configuring and have attached all configs that I changed for this.
>> ****
>>
>> ** **
>>
>> Thank you for looking at this!****
>>
>> -John****
>>
>> ** **
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> You are currently subscribed to [email protected] as: [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
