Thank you Carl. I think this is just what confuses me. I was expecting the same behaviour in php and java but this is probably not the case. Anyway, I'll study SAML protocol again to get a deeper insight ;)
Thanks very much for the info. 2014-09-05 15:31 GMT+02:00 Waldbieser, Carl <[email protected]>: > Baldur, > > The PHP client is the behavior I would expect-- Only the /samlValidate > endpoint expects a TARGET parameter as per the spec [1]. The /login > endpoint expects a "service" parameter if you want a ST issued for a > particular service. > > I am guessing that the way SAML1.1 [2] is baked into the CAS server, > /login will accept a TARGET parameter. The response to redirect with the > TARGET parameter intact may be appropriate for a SAML1.1 client (based on > my brief review of the Wikipedia article). > > I think there are 2 scenarios: > 1) The CAS server can actually support the SAML1.1 protocol for the entire > conversation (this is what the Java client is doing). > 2) The CAS server can speak the CAS protocol to the user-agent, but still > speak SAML1.1 during validation (this is what the PHP client is doing). > > The overlap is somewhat confusing, and this is mostly guesswork on my part. > > Thanks, > Carl > > > [1] > https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md#42-samlvalidate-cas-30 > [2] http://en.wikipedia.org/wiki/SAML_1.1 > > ----- Original Message ----- > From: "Baldur Dae" <[email protected]> > To: [email protected] > Sent: Friday, September 5, 2014 3:02:24 AM > Subject: Re: [cas-user] How to remove TARGET parameter > > Thank you Carl ;) > I've mentioned php cas client because I get a different behaviour in > comparison to java cas client. In php I get the following redirections > ("portal" is the client webapp): > Request:https://localhost/portal/ > Response: (Status Code 302) > > https://cas-server/cas/login?service=https%3A%2F%2Flocalhost%2Fportal%2F&gateway=true > Request URL: > > https://cas-server/cas/login?service=https%3A%2F%2Flocalhost%2Fportal%2F&gateway=true > Response: (Status Code 302) https://localhost/portal/ > > And with java cas client: > Request URL:https://localhost:8043/portal/ > Response: (Status Code 302) > > https://cas-server/cas/login?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal%2F&gateway=true > Request URL: > > https://cas-server/cas/login?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal%2F&gateway=true > Response: (Status Code 302) > > https://localhost:8043/portal?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal > > Both applications are configured to use SAML protocol. My doubt is that I > always get TARGET parameter with java cas client, and I expected this would > be transparent to the user, without TARGET parameter in subsequent > requests. > > Thank you very much! > > > > 2014-09-04 15:07 GMT+02:00 Waldbieser, Carl <[email protected]>: > > > Baldur, > > > > If you want to use the CAS protocol (no TARGET) and not SAML (uses > > TARGET), then initialize your client like: > > > > // Initialize phpCAS > > #phpCAS::client(SAML_VERSION_1_1, $cas_host, $cas_port, $cas_uri); # > > This uses SAML - TARGET param > > phpCAS::client(CAS_VERSION_3_0, $cas_host, $cas_port, $cas_uri); # > > This uses CAS protocol v3.0 - No TARGET > > > > Thanks, > > Carl > > > > > > ----- Original Message ----- > > From: "Baldur Dae" <[email protected]> > > To: [email protected] > > Sent: Thursday, September 4, 2014 2:44:16 AM > > Subject: Re: [cas-user] How to remove TARGET parameter > > > > Thanks for the response > > > > At first glance it seems to be that. But I've followed this guide to code > > my php cas client ( > > > > > https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_advanced_saml11.php > > ): > > > > ... > > // Initialize phpCAS > > phpCAS::client(*SAML_VERSION_1_1*, $cas_host, $cas_port, $cas_context); > > // Force CAS authentication on any page that includes this file > //phpCAS:: > > forceAuthentication(); > > .... > > > > So I'm stuck :( > > > > I'd really appreciate if you can shed some light on this > > > > Thnx very much > > > > > > > > 2014-09-03 15:12 GMT+02:00 Waldbieser, Carl <[email protected]>: > > > > > Baldur, > > > > > > It sounds like when you are using the .NET client you are using the > SAML > > > protocol [1], and when you are using the PHP client you are using the > CAS > > > protocol [2][3]. > > > > > > Thanks, > > > Carl Waldbieser > > > Systems Programmer > > > Lafayette College > > > > > > [1] > > > > > > https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md#421-parameters > > > [2] > > > > > > https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md#24-validate-cas-10 > > > [3] > > > > > > https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md#251-parameters > > > > > > ----- Original Message ----- > > > From: "Baldur Dae" <[email protected]> > > > To: [email protected] > > > Sent: Wednesday, September 3, 2014 3:53:14 AM > > > Subject: Re: [cas-user] How to remove TARGET parameter > > > > > > Thanks very much for the answer :) > > > > > > However, it's really curious the difference between php and java. As > > noted > > > here (https://wiki.jasig.org/display/casc/.net+cas+client) the last > > > comment > > > indicates: "...the query string passed to the CAS logon page is > different > > > when using the .NET client; the redirect URL query string parameter > has a > > > name of TARGET, whereas when using the php CAS client it has a name of > > > service". This is just my case. Currently I use php cas client in > gateway > > > mode and I don't get redirected with the TARGET parameter in the URL. > So > > > I'm trying to do the same thing replacing php with java. > > > > > > Is that posible? or is just a feature of the java client? > > > > > > > > > > > > 2014-09-02 15:02 GMT+02:00 Marvin Addison <[email protected]>: > > > > > > > > I always get the TARGET parameter in the url until the > > > > > user authenticates. How can I remove this TARGET parameter? > > > > > > > > TARGET == ticket for the SAML feature in CAS, so it's naturally > > > > present until you authenticate. That's to say you can't and shouldn't > > > > remove it. > > > > > > > > M > > > > > > > > -- > > > > You are currently subscribed to [email protected] as: > > > > [email protected] > > > > To unsubscribe, change settings or access archives, see > > > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > > > > > -- > > > You are currently subscribed to [email protected] as: > > > [email protected] > > > To unsubscribe, change settings or access archives, see > > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > > You are currently subscribed to [email protected] as: > > > [email protected] > > > To unsubscribe, change settings or access archives, see > > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
