Thanks for your help John. I'll give that all a try and come back if I have any trouble.
On 2013 May 28, at 6:08 PM, "Gasper, John" <[email protected]<mailto:[email protected]>> wrote: Hi Joel, Assume that you have set your applicationContext.xml with the following chunk (numbers added for reference): <bean class="org.jasig.cas.support.wsfederation.WsFederationConfiguration" id="wsFedConfig"> 1. <property value="https://login-test-env.ewu.edu/adfs/ls/"; name="identityProviderUrl"/> 2. <property value="http://login-test-env.ewu.edu/adfs/services/trust"; name="identityProviderIdentifier"/> 3. <property value="urn:federation:devcas" name="relyingPartyIdentifier"/> 4. <property value="upn" name="identityAttribute"/> <property value="60000" name="tolerance"/> <property name="attributeMutator"> <bean class="edu.ewu.cas.support.wsfederation.WsFedAttributeMutatorImpl"/> </property> <property name="signingCertificateFiles"> <list> <value>signing.cer</value> </list> </property> </bean> You’ll want to create an RP entry in ADFS. 1. Choose “Enter data about the relying party manually” 2. Give it a display name and move on. 3. Choose AD FS 1.0 and 1.1 profile. 4. Specific the URL to of your CAS server’s login page (https://serverna.me/cas/login). This is where ADFS will redirect the user after ADFS authentication. 5. The next screen you enter the CAS application’s identifier. By default the URL specified in Step 4 is added. In my example I used: urn:federation:devcas as the identifier (this is line #3) This can be pretty much any valid uri, but the two values must match. 6. From there you just finish up the wizard. 7. Add any attributes you issue to supply back to CAS. You’ll need at least one which is the NetID/username (which gets set in line #4 of my example). While you are in ADFS, bring up the Federation Server Properties dialog and copy the Federation Service identifier string into line #2 of my snippet. Hopefully that is more clear. Let me know if you have more questions. John From: Joel Goguen [mailto:[email protected]<http://unb.ca/>] Sent: Tuesday, May 28, 2013 9:53 AM To: [email protected]<mailto:[email protected]> Subject: [cas-user] CAS and ADFS I'm trying to follow the directions on http://sites.ewu.edu/jgasper/ws-federation-cas-user-manual/ for configuring CAS 3.5.2 to delegate authentication to ADFS (running on Windows 2008R2 x64) and I'm not sure how to add CAS as a relying party. The closest thing I see when I configure ADFS is to add a Relying Party Trust, but nothing I see in there makes sense to me and I can't find anything else online that makes it any clearer. Could anyone please point me in the right direction or let me know what needs doing? -- Joel Goguen Developer / System Administrator Enterprise Solutions Information Technology Services University of New Brunswick E-mail: [email protected]<mailto:[email protected]> Phone: (506) 453-4872 Fax: (506) 453-3590 -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Joel Goguen Developer / System Administrator Enterprise Solutions Information Technology Services University of New Brunswick E-mail: [email protected]<mailto:[email protected]> Phone: (506) 453-4872 Fax: (506) 453-3590 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
