Re: [cas-user] OIDC Provider for Firebase

2021-09-23 Thread Ray Bon 
Nikolas,

I have not used Firebase, actually never heard of it.
This link on their site, 
https://firebase.google.com/docs/projects/provisioning/configure-oauth is not 
clear if this applies to firebase in general, or a firebase project, or the 
artifact(s) produced by a project; but since it mentions oauth 2, you can start 
there.
Cas supports OIDC/OAuth 
https://apereo.github.io/cas/6.4.x/authentication/OIDC-Authentication.html

Ray

On Thu, 2021-09-23 at 00:15 -0700, Nikolas Stylianides wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi all,
does anyone set up CAS as a provider for Firebase?
On the CAS site what protocol and which end points must be set to work?
On the Firebase site how is it configured?

Thank you in advance.



--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory 
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose 
historical relationships with the land continue to this day.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d9422bcfccdb459e932705f7b7c47ac17398fa1b.camel%40uvic.ca.

Re: [cas-user] Access strategy not working with SAML based service

2021-09-23 Thread Carl Waldbieser 
We are using CAS 6.x.  I have a SAML entry in my allow list that looks
similar to this:

{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "Entity ID goes here ...",
"id": 1000,
"evaluationOrder": 1000,
"name": "SAML Provider",
"description": "Blah blah blah ...",
"attributeReleasePolicy": {
"@class":
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes": [
"java.util.ArrayList",
[
"eduPersonEntitlement"
]
],
"attributeFilter": {
"@class":
"org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
"completeMatch": false,
"excludeUnmappedAttributes": false,
"order": 0,
"patterns": {
"@class": "java.util.HashMap",
"eduPersonEntitlement": "^
https://example.lafayette.edu/authorized$;
}
}
},
"accessStrategy": {
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"unauthorizedRedirectUrl": "
https://example.lafayette.edu/pages/403.html;,
"requiredAttributes": {
"@class": "java.util.HashMap",
"eduPersonEntitlement": [
"java.util.HashSet",
[
"https://example.lafayette.edu/authorized;
]
]
}
},
"logo": "https://cdn.lafayette.edu/images/logos/example-100x100.png;,
"properties": {
"@class": "java.util.HashMap",
"InformationURL": {
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values": [
"java.util.HashSet",
[
"https://help.lafayette.edu/example;
]
]
}
}
}


Hope that helps.

Thanks,
Carl Waldbieser
ITS
Lafayette College

On Thu, Sep 23, 2021 at 9:44 AM Nordy Di Marzio 
wrote:

> hello cas community,
>
>
>
> wish you are doing great,
>
>
>
> i am having little issues having to work access strategy with SAML  based
> service
>
>
>
> more precisely, i am trying to implement access restrictions based on
>  group membership but for now all users are able to logon on the app
> regardless of their group membership, and no error is being logged
>
>
>
> so i am wondring if there  is somthing missing in my config, could you
> please help me find out what else should i configure ?
>
>
>
>
>
> this is the service file that i am using
>
> {
>
>   "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>
>   "serviceId": "https://foo.bar/;,
>
>   "name": "foo",
>
>   "id": 10013986,
>
>   "evaluationOrder": 3,
>
>   "metadataLocation": "/etc/cas/saml/foo.xml",
>
>   "attributeReleasePolicy": {
>
> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>
>   },
>
>   "accessStrategy" : {
>
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>
> "enabled" : true,
>
> "requireAllAttributes" : false,
>
> "ssoEnabled" : true,
>
> "requiredAttributes" : {
>
>   "@class" : "java.util.HashMap",
>
>   "memberOf" : [ "java.util.HashSet", [
> "CN=GRP,CN=Users,DC=corp,DC=foo,DC=bar" ] ]
>
>  }
>
> }
>
> }
>
>
>
> the cas version i am using is 5.1
>
>
>
> thank for your help,
>
> Nordy
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA8Tp34kFCWYLEEB4nn8%3DcJki4WCkp-x0V208P%2BfRwdwyqKrXw%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbP%3DS0iM1OYSRyeC9bhZ5RNj5QmgYDntDhpKR9i%3Da0e83g%40mail.gmail.com.

[cas-user] Access strategy not working with SAML based service

2021-09-23 Thread Nordy Di Marzio 
hello cas community,



wish you are doing great,



i am having little issues having to work access strategy with SAML  based
service



more precisely, i am trying to implement access restrictions based on
 group membership but for now all users are able to logon on the app
regardless of their group membership, and no error is being logged



so i am wondring if there  is somthing missing in my config, could you
please help me find out what else should i configure ?





this is the service file that i am using

{

  "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",

  "serviceId": "https://foo.bar/;,

  "name": "foo",

  "id": 10013986,

  "evaluationOrder": 3,

  "metadataLocation": "/etc/cas/saml/foo.xml",

  "attributeReleasePolicy": {

"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

  },

  "accessStrategy" : {

"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",

"enabled" : true,

"requireAllAttributes" : false,

"ssoEnabled" : true,

"requiredAttributes" : {

  "@class" : "java.util.HashMap",

  "memberOf" : [ "java.util.HashSet", [
"CN=GRP,CN=Users,DC=corp,DC=foo,DC=bar" ] ]

 }

}

}



the cas version i am using is 5.1



thank for your help,

Nordy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA8Tp34kFCWYLEEB4nn8%3DcJki4WCkp-x0V208P%2BfRwdwyqKrXw%40mail.gmail.com.

[cas-user] Re: CAS 6.3 - Support for Azure AD WS-Trust / WIAORMULTIAUTHN claims?

2021-09-23 Thread Josh G 
Bumping this. Has anyone had any luck configuring this or a suitable work 
around that keeps CAS within the auth flow?

On Monday, June 28, 2021 at 12:22:07 PM UTC-4 Josh G wrote:

> We are currently running CAS 6.3 as a CAS and SAML IdP, both of which use 
> LDAP for authentication. We have Azure AD (as a service) configured to 
> authenticate through CAS using SAML which has been working perfectly fine 
> for years. 
>
> Our Desktop Management team is looking to expand our usage of Azure AD to 
> include services that will require additional protocols other than SAML to 
> work properly. I was wondering if anyone has had any success configuring 
> CAS as a WS-Trust provider with the necessary claims. If anyone has this 
> working, I would very much appreciate seeing how you did it!
>
> What I am looking for is this: 
> https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains
>  
> specifically the following:
>
> *A federated environment should have an identity provider that supports 
> the following requirements. If you have a federated environment using 
> Active Directory Federation Services (AD FS), then the below requirements 
> are already supported.*
>
>- *WIAORMULTIAUTHN claim: This claim is required to do hybrid Azure AD 
>join for Windows down-level devices.*
>- *WS-Trust protocol: This protocol is required to authenticate 
>Windows current hybrid Azure AD joined devices with Azure AD. When you're 
>using AD FS, you need to enable the following WS-Trust endpoints: 
>/adfs/services/trust/2005/windowstransport 
>/adfs/services/trust/13/windowstransport 
>/adfs/services/trust/2005/usernamemixed 
>/adfs/services/trust/13/usernamemixed 
>/adfs/services/trust/2005/certificatemixed 
>/adfs/services/trust/13/certificatemixed*
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c580d399-b85b-44b6-a5ff-96bc10106e24n%40apereo.org.

[cas-user] OIDC Provider for Firebase

2021-09-23 Thread Nikolas Stylianides 
Hi all, 
does anyone set up CAS as a provider for Firebase? 
On the CAS site what protocol and which end points must be set to work? 
On the Firebase site how is it configured?

Thank you in advance.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2fc42fee-f900-4fcd-a3b5-7cdda335afd4n%40apereo.org.