Thanks Manfredo
Both work correctly
Manually invoking the steps, the full flow works
Theese are the steps I follow [all by browser]:
1.- I lunch the URL of a pac4j-saml client, that makes the SAML
AuthnRequest to the CAS SAML IdP (A)
2.- the browser is redirected by CAS, to the CAS login page. Then, instead
of inserting the user / password, I invoke manually the URL of the remote
site (B) that builds the Trusted Authentication Request
3.- the remote site (B) redirects the user's browser to CAS, providing the
information needed by CAS Trust Authentication (C) to create a CAS session
4.- CAS creates the session (based on the trust on B) and redirects the
browser to the CAS page in wich it shows user name and the logoff link.
Then to retrieve the SAML AuthnRequest, I have to repeat the step 1. And
the final SAML AuthnResponse is finally delivered to the client.
But I need no manual intervention.
Thank you
Jon
On Monday, April 23, 2018 at 4:32:41 PM UTC+2, Manfredo Hopp wrote:
>
> Test trusted and idp separately
>
> El lunes, 23 de abril de 2018, JON <usuari...@gmail.com <javascript:>>
> escribió:
>
>> Hi,
>>
>> I have the following running:
>>
>> cas-overlay-template-master 5.2.X with
>>
>>
>>
>> - SAML IdP
>>
>>
>>
>> - Trusted Authentication
>>
>>
>>
>> configured inside
>>
>>
>> I must cover the following Single Sign-On federated flow:
>>
>> 1.- CAS SAML IdP (A), through the user's browser, receives a SAML
>> AuthnRequest in /cas/idp/profile/SAML2/POST/SSO
>>
>>
>> 2.- then, the user's browser must be redirected to a remote site (B)
>> (outside the CAS control)
>>
>>
>> 3.- the remote site (B) will redirect the user's browser to CAS,
>> providing the information needed by CAS Trust Authentication (C) to build a
>> CAS session
>>
>>
>> 4.- finally, CAS SAML IdP (A) must respond to the original SAML
>> AuthnRequest with the corresponding SAML AuthnResponse
>>
>>
>> All this must happen in a transparent way, without user intervention in
>> any place controlled by CAS.
>>
>>
>> What is the best option to achieve this transparent flow ?
>>
>> I don't know if this should be treated as a Multi-Factor Authentication ?
>>
>>
>> I hope this can be done.
>>
>>
>> [At this time, in step 2, the user is redirected to the CAS login screen.
>> After manually invoking Trusted Authentication, the screen with the user
>> information is displayed. After that, SAML AuthnRequest must be invoked
>> again, and SAML AuthnResponse is finally delivered].
>>
>> In the following link you can see how I got here:
>> https://groups.google.com/a/apereo.org/d/msg/cas-user/I3sUJ29n_ig/1bcp8OM3AAAJ
>> with
>> the great help of members of this community.
>>
>> Thanks in advance
>>
>> Jon
>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/74362124-bf40-4c81-a4b0-0f32141e09c2%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/74362124-bf40-4c81-a4b0-0f32141e09c2%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4813370e-f4f2-4194-b720-1bc4adf4ff80%40apereo.org.
