What version of the IdP is this? If your IdP is anything v3+, you can just turn on its CAS support, register the client and have it talk CAS protocol to the IdP directly.
> -----Original Message----- > From: Tom Poage [mailto:[email protected]] > Sent: Wednesday, August 26, 2015 12:46 PM > To: [email protected] > Subject: [cas-user] SAML 2 metadata for CAS SP? > > Greetings, > > I've been asked to federate our Shibboleth IdP with a vendor's CAS > (client) SP which is said to support SAML 2.0. > > Although I have a question out to the vendor on which CAS client, version, > etc. A quick probe of their stage server, however, reponds with "Apache > Coyote/1.1" (Tomcat, if one trusts that), so I'm guessing it's the/a Java > CAS client, maybe Spring. > > How does one obtain/compose SAML metadata for the various official CAS > clients? By hand? Fetch via URL similar to one the Shibboleth SP provides? > > Said vendor claims to support SAML attribute encryption, though metadata > provided so far contains no certificate: > > <EntityDescriptor > xmlns="urn:oasis:names:tc:SAML:2.0:metadata" > entityID="https://foo.com/cas/login"> > <SPSSODescriptor AuthnRequestsSigned="false" > WantAssertionsSigned="true" > protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> > <SingleLogoutService > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Location="https://foo.com/cas/login"/> > <NameIDFormat> > urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress > </NameIDFormat> > <AssertionConsumerService > isDefault="true" > index="0" > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Location="https://foo.com/cas/login"/> > </SPSSODescriptor> > </EntityDescriptor> > > I quickly poked around through some of the .NET, Java etc. CAS client > code, but did not see a a metadata generator. > > Does CAS really use /cas/login to post/receive SAML 2.0 assertions? > That's a bit different than /cas/samlValidate for SAML 1.1 (which seems to > use the Artifact profile). > > Options? > > Thanks! > Tom. > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
