[cas-user] Re: Delegate Auth and SAML IDP - BYPASS WAYF not working in 6.3 as it did in 5.3

Hi Andrew, any luck with this? I am having the same issue. I have tried 6.3, 6.4 and 6.5. Thanks. On Thursday, July 22, 2021 at 8:01:34 AM UTC-5 Andrew Marker wrote: > > Sorry little typo: > > >

[cas-user] Re: cas delegate skip WAYF screen

ul feature particularly when there are multiple providers.. is there a way to turn it on for multiple providers? On Wednesday, July 21, 2021 at 9:35:40 AM UTC-5 Alin Tomoiaga wrote: > This is the behavior that I am seeing in 5.2.7: > - if I have a single delegated idp, thi

[cas-user] Re: cas delegate skip WAYF screen

myapppretectedwithcas/?client_name=remoteidp1> Thank you for your help! Best. On Wednesday, July 21, 2021 at 9:00:43 AM UTC-4 Alin Tomoiaga wrote: > How can we skip the WAYF (choose IDP screen) when delegating to multiple > IDPs? > > Consider the scenario: > - our cas delegates to

Re: [cas-user] buji-pac4j-demo-master, CAS delegation through pac4j-webflow and 1 OIDC provider

Thank you very much, I appreciate your time and opinion. Best, Alin On Wednesday, July 21, 2021 at 10:31:58 AM UTC-4 Alin Tomoiaga wrote: > Hi @leleuj, > > This is the behavior that I am seeing in 5.2.7: > - if I have a single delegated idp, this works > https://myappp

Re: [cas-user] buji-pac4j-demo-master, CAS delegation through pac4j-webflow and 1 OIDC provider

Hi @leleuj, This is the behavior that I am seeing in 5.2.7: - if I have a single delegated idp, this works https://myapppretectedwithcas?client_name=remoteidp1. It works great; get redirected to remoteidp1 comes back to app, great. cas.authn.pac4j.cas[0].loginUrl=https://remoteidp1/cas/login

[cas-user] Re: Multiple PAC4J Clients - Unauthorized Access

Have you managed to find an answer to this question? I am very much interested in the same thing? On Saturday, March 24, 2018 at 11:55:47 AM UTC-4 ssog...@gmail.com wrote: > Well, I guess /cas/login?client_name=SAML2Client is allowed only for > SAMLResponse (HTTP POST Operation). > > The

[cas-user] cas delegate skip WAYF screen

How can we skip the WAYF (choose IDP screen) when delegating to multiple IDPs? Consider the scenario: - our cas delegates to two other cas servers - when the use logs in, they are presented with a screen allowing them to choose the IDP - every time the user logs in, they need to choose the idp.

[cas-user] Re: Help with redirecting user after terminating sessions

I am also interested in this question. Have you found an answer? Thanks. On Tuesday, April 16, 2019 at 1:47:05 PM UTC-4 deejam wrote: > No one has any experience with the CAS logout flow when delegating > authentication to a third party SAML IDP? > > It seems like we basically need to preserve

[cas-user] Re: logging saml response xml

It works great. Great advice. Thank you. On Wednesday, February 5, 2020 at 7:23:50 PM UTC-6, Alin Tomoiaga wrote: > > Hi Andy, thank you very much for the help. I will try it tomorrow and > report my findings -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://

[cas-user] Re: logging saml response xml

Hi Andy, thank you very much for the help. I will try it tomorrow and report my findings -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message

[cas-user] logging saml response xml

Hi everyone, Do you know what logging setting I need to turn on to be able to see the samlRequests and samlResponses in the clear text in the logs? Our cas server is configured as a saml idp. (For the cas protocol, I can turn on logging to see the validation xml messages, but I do not

[cas-user] cas 6.0 wsfed idp - how to set the audience?

Hi, How can I set the audience restriction? "SAML Audience restriction" is the configuration in Microsoft ADFS, how can I do the same with cas 6.0 wsfed idp? (note: "CAS can act as a standalone identity provider, presenting support for the WS-Federation Passive Requestor Profile

[cas-user] Re: CAS 5.3.6 - Ws-Federation

Try version 6.0 of apereo cas. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS

[cas-user] Re: cas 6 with ws federation protcol cxf policy error

Make sure you set all the keystore properties: cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks

[cas-user] combine attributes: repository and delegated

How can I push combined list of delegated and local cas attributes to app? As stated here: https://apereo.github.io/cas/5.3.x/integration/Delegate-Authentication.html CAS can act as a client using the pac4j security engine and delegate the authentication to: CAS servers, SAML2 identity

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

Hi Beni, This has been a very frustrating issue and I have never managed to get it working correctly. Interestingly, different cas versions error out but with different errors: 5.1.9 seemed to get past this cxf error but had another problem. (on the other hand, saml support worked like a charm

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

One correction: In the cxf sources, it is not Object[] obj = this.client.invoke(boi, new Object[]{new DOMSource(writer.getDocument().getDocumentElement())}); Instead it's: Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument(). getDocumentElement())); -- - Website:

[cas-user] Re: [WS Federation] Claims encoded in the SAML Assertion, unrecognized

Hi Dimitri, were you able to get past the reflection STS error you reported in https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/MrgpGK-kxjM? I am debugging the same code you were talking about and hitting the same error... Thank you. -- - Website: https://apereo.github.io/cas -

[cas-user] Re: [WS Federation] Source/StaxSource error on Security Token Service Provider

Brought up cas under debug mode: - the error happens in org.apache.cxf.ws.security.trust.AbstractSTSClient.issue() at this line: Object[] obj = this.client.invoke(boi, new Object[]{new DOMSource(writer.getDocument().getDocumentElement())}); The error is: org.apache.cxf.binding.soap.SoapFault:

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

Brought up cas under debug mode: - the error happens in org.apache.cxf.ws.security.trust.AbstractSTSClient.issue() at this line: Object[] obj = this.client.invoke(boi, new Object[]{new DOMSource(writer.getDocument().getDocumentElement())}); The error is: org.apache.cxf.binding.soap.SoapFault:

Re: [cas-user] SAML Public Key for Metadata

David, thank you for the great information you have on New School. Do you by any chance have a similar tutorial on setting up CAS as an ADFS idp as described here: https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html ? (sorry for posting on this thread) -- - Website:

[cas-user] Re: [WS Federation] Source/StaxSource error on Security Token Service Provider

Dmitri, Misagh Moayyed (apereo developer) advised to stand up cas in debug mode and step through the code. This sounds like a lot of moving pieces will need to be configured, but that is the only reply I managed to get. Just fyi. -- - Website: https://apereo.github.io/cas - Gitter Chatroom:

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

I got a reply from one of the apereo developers and he did not rule out the possibility of a bug; advised I should stand up cas in debug mode which I will work on. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: