Re: [cas-user] CAS 5.2.2 SAML IdP vs. Workday
Dave,
Huge help, as always! Thank you for your post regarding Workday config.
Matt U.
On Wednesday, March 14, 2018 at 10:26:22 AM UTC-6, David Curry wrote:
>
> Following up my own post to document how we solved this for posterity (or
> at least for the next person who has the problem and searches the forum).
>
> The SAML2 spec says that by default, the audience should be set to the
> value of the entityID. And sure enough, that's what CAS is sending back.
>
> This morning I remembered that although the CONVENTION is to use the SP's
> URL as the entityID, that's not actually a requirement. So... I edited
> the Workday SP metadata (which Workday doesn't provide anyway; you have to
> create your own) and changed the entityID from
>
> https://impl.workday.com/x
>
>
> to
>
> http://www.workday.com/x
>
>
> This is not a valid URL, but it starts with "http://www.workday.com; like
> Workday wants for the audience. I also changed the CAS service registry
> entry to look for the new entityID.
>
> I did NOT change the URL further down in the metadata where the
> AssertionConsumerService
> is specified. It's still set to a real, functional URL:
>
> https://impl.workday.com/x/login-saml.htmld
>
>
> So now, the CAS IdP will still post the results to the
> AssertionConsumerService
> URL, but it will set the audience restriction to the entityID, which now
> looks like what Workday wants, and Workday is a happy camper.
>
> Not sure if this will work in all cases, but it seems to have worked in
> this one.
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Tue, Mar 13, 2018 at 3:34 PM, >
> wrote:
>
>> We are trying to configure our Workday Preview tenant to authenticate via
>> SAML2 to a CAS 5.2.2 IdP.
>>
>> In the management webapp, we have defined a "SAML2 Service Provider"
>> service. The EntityID is set to:
>>
>> https://impl.workday.com/x
>>
>>
>> which matches the EntityID in the SP's metadata. When we try to log in
>> to Workday, we receive this error from the Workday side:
>>
>> Invalid Audience in SAML token: URL should start with
>> http://www.workday.com, or end with /x/login-saml.htmld
>>
>>
>> The string they're saying it should end with is the tenant name ("x")
>> and the name of the web page (login-saml.htmld) that is listed in the
>> metadata as the AssertionConsumerService. However, CAS is sending back
>> the EntityID as the audience:
>>
>> > NotOnOrAfter="2018-03-13T16:39:17.776Z">
>>
>> https://impl.workday.com/x
>>
>>
>>
>>
>> which appears to be correct behavior in the normal (non-Workday) world.
>>
>> On our old CAS 3.5.x/Shibboleth 2.4.0 setup (which the same Workday
>> tenant works successfully with), we had to add a line in the relying party
>> profile configuration (in relying-party.xml) to address this:
>>
>> http://www.workday.com
>>
>>
>> which results in the SAML2 response sent back to Workday containing two
>> audiences:
>>
>> > NotOnOrAfter="2018-03-13T13:49:01.503Z">
>>
>> https://impl.workday.com/x
>>
>> http://www.workday.com
>>
>>
>>
>> However, I don't see any way to perform the equivalent, either through
>> the management webapp's user interface or by editing the service registry
>> manually. And I don't see anything in the documentation or searching the
>> code on GitHub.
>>
>> We are NOT using the cas-server-support-saml-sp-integrations
>> dependency should we be?
>>
>> Does anyone have CAS 5.2.x SAML IdP working with Workday, especially a
>> sandbox/implementation/preview tenant?
>>
>> Any ideas (even crazy ones) gladly accepted...
>>
>> Thanks,
>> --Dave
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-...@apereo.org .
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/93ff6e18-8090-4664-b84f-a01702cbf053%40apereo.org
>>
>>
>> .
>>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
[cas-user] Re: cas with Office 365
Have you looked at this? https://apereo.github.io/2018/12/06/cas53-office365-saml2-integration/ On Thursday, January 30, 2020 at 9:14:55 AM UTC+4, Mahmoud Elnahrawy wrote: > > hi everybody > > i have oracle access manager implemented with Azure office 365 . i need to > implement azure office 365 with cas also i want to make it in backup plan > if oracle access manager down i can use it so i need clear instructions how > configure azure office 365 from portal to can able to connect with cas > directly , please anyone can help . > > Note: cas already implemented and configure with AD with attributes :- uid > , samaccount , mail > > Thanks > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8d530ca6-13a4-4326-89e3-409964bc706c%40apereo.org.
[cas-user] Re: webflowcrypto release
Release schedule is, and has always been, on Github: https://github.com/apereo/cas/milestones On Wednesday, February 12, 2020 at 5:35:17 PM UTC+4, John Bond wrote: > > Hi All, > > after the blog post below i was hoping to see a 6.5.1 release to fix the > webflowcrypto issues. I see releases for the 6.0.* and 5.3.* branches but > not the 6.1.* and 6.2.* branches. > https://apereo.github.io/2020/02/08/webflowcrypto/ > > Is anyone able to provide a time line when theses wil be releases. Im not > sure if this is the best place to ask, if not perhaps some one could > directly me to a better place. > > Thanks > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/704a0e6b-b67b-4df1-8392-2c77b0dfcf8d%40apereo.org.
[cas-user] Re: Jackson Kotlin Warning on Startup
You need not be concerned about this. On Friday, February 14, 2020 at 1:44:36 AM UTC+4, jeremy.wickham wrote: > > I am looking upgrade our CAS environment to 6.1.x and I am currently > ironing out all of my errors/warnings. There is one warning I’m receiving > > > > WARN [org.springframework.http.converter.json.Jackson2ObjectMapperBuilder] > - "com.fasterxml.jackson.module:jackson-module-kotlin" to the classpath> > > > > Is this something I should be concerned about? I see this warning on > startup. I see that the class is used in some tests, but not in actual > code. Just want to put my mind at ease as I’m upgrading our production > environment. > > > > Cheers, > > -Jeremy > > ** > > *Jeremy Wickham* > > Senior Systems Analyst > > Mississippi State University > > jeremy.wick...@msstate.edu > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b696e73b-bc40-4ef2-846d-b450262c0881%40apereo.org.
Re: [cas-user] Jackson Kotlin Warning on Startup
Hi Jeremy,
This is a spring framework warning :
https://github.com/spring-projects/spring-framework/issues/20217
If you are using overlay add this dependency in your build.gradle file :
compile
"com.fasterxml.jackson.module:jackson-module-kotlin:${project.jacksonModuleKotlin}"
Jérôme.
Le jeu. 13 févr. 2020 à 22:44, Wickham, Jeremy
a écrit :
> I am looking upgrade our CAS environment to 6.1.x and I am currently
> ironing out all of my errors/warnings. There is one warning I’m receiving
>
>
>
> WARN [org.springframework.http.converter.json.Jackson2ObjectMapperBuilder]
> - "com.fasterxml.jackson.module:jackson-module-kotlin" to the classpath>
>
>
>
> Is this something I should be concerned about? I see this warning on
> startup. I see that the class is used in some tests, but not in actual
> code. Just want to put my mind at ease as I’m upgrading our production
> environment.
>
>
>
> Cheers,
>
> -Jeremy
>
> **
>
> *Jeremy Wickham*
>
> Senior Systems Analyst
>
> Mississippi State University
>
> jeremy.wick...@msstate.edu
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR01MB45164E1C4FC5E6FDFB17677A991A0%40BL0PR01MB4516.prod.exchangelabs.com
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbxYxfSqJtFf%2B7-faX%2Bh_dM4oM4S95BUm7bsEvoPCoJi5g%40mail.gmail.com.
