Greetings,
I've been asked to federate our Shibboleth IdP with a vendor's CAS
(client) SP which is said to support SAML 2.0.
Although I have a question out to the vendor on which CAS client,
version, etc. A quick probe of their stage server, however, reponds with
"Apache Coyote/1.1" (Tomcat, if one trusts that), so I'm guessing it's
the/a Java CAS client, maybe Spring.
How does one obtain/compose SAML metadata for the various official CAS
clients? By hand? Fetch via URL similar to one the Shibboleth SP provides?
Said vendor claims to support SAML attribute encryption, though metadata
provided so far contains no certificate:
<EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="https://foo.com/cas/login";>
<SPSSODescriptor AuthnRequestsSigned="false"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://foo.com/cas/login"/>
<NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
</NameIDFormat>
<AssertionConsumerService
isDefault="true"
index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://foo.com/cas/login"/>
</SPSSODescriptor>
</EntityDescriptor>
I quickly poked around through some of the .NET, Java etc. CAS client
code, but did not see a a metadata generator.
Does CAS really use /cas/login to post/receive SAML 2.0 assertions?
That's a bit different than /cas/samlValidate for SAML 1.1 (which seems
to use the Artifact profile).
Options?
Thanks!
Tom.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
