HI All, CAS version I am using is 6.1.2
I am stuck with my other Client applications(https://app.example.com) integration with CAS(https://cas.example.com) using SAML. IDp is my CAS server and Shibboleth is my SP. When no application is integrated with it, the request is going directly to my IDP via SAML like when a user hits the https://localhost:443/index.html(present in httpd client/ htdocs/index.html) I got a SAML assertion. My CAS is also deployed in Apache tomcat. But when I am deploying app.example war in my tomcat,request is going to my IDP directly without any intercept of SP. Previously, we used to deploy the client app and add the particular JSON for it in CAS services folder,hence whenever a user requests for app.example.com, request goes to CAS server using CAS protocol and in JSON we provide AD group for authorized access. Can you suggest how to achieve the same using SAML Please give me a step by step solution to achieve this. Do any changes in JSON required for app.example.com or any configuration wise changes in shibboleth ,httpd client or CAS client? Thanks and regards Vikash Chandra On Wed, Jul 15, 2020 at 1:04 AM Vikash Chandra Ansh < vikasharnav0...@gmail.com> wrote: > I can't do this as m using client vdi for development. > > On Wed 15 Jul, 2020, 00:35 David Curry, <david.cu...@newschool.edu> wrote: > >> Can you attach the relevant piece of the cas log? (Not the whole thing, >> just the lines around the error.) >> >> --Dave >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 646 909-4728 • david.cu...@newschool.edu >> >> >> On Tue, Jul 14, 2020 at 2:56 PM Vikash Chandra Ansh < >> vikasharnav0...@gmail.com> wrote: >> >>> Hi David. >>> >>> I am seeing this in cas log. Can we connect David? >>> >>> On Wed 15 Jul, 2020, 00:21 David Curry, <david.cu...@newschool.edu> >>> wrote: >>> >>>> When you say you're "getting an error," where are you getting it? In >>>> the browser window? In the CAS log file? In the Tomcat log file? >>>> >>>> I'm not sure off the top of my head what it could be, as none of what >>>> we're doing here (installing Shib, Apache, etc.) has anything to do with >>>> columns or databases. >>>> >>>> --Dave >>>> >>>> -- >>>> >>>> DAVID A. CURRY, CISSP >>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY >>>> >>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>>> +1 646 909-4728 • david.cu...@newschool.edu >>>> >>>> >>>> On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh < >>>> vikasharnav0...@gmail.com> wrote: >>>> >>>>> Hi Ray, >>>>> >>>>> I have added all the configuration accordingly and deployed the war >>>>> file. I am getting an error invalid column name"expired". I don't have any >>>>> clue on this.. Nothing as such is printed in logs. I am using Mssql as dB. >>>>> >>>>> Thanks & Regards >>>>> >>>>> On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, < >>>>> vikasharnav0...@gmail.com> wrote: >>>>> >>>>>> Thanks Ray, >>>>>> I will check and let you know in case of any issues. >>>>>> >>>>>> On Mon, Jul 13, 2020 at 3:58 AM David Curry < >>>>>> david.cu...@newschool.edu> wrote: >>>>>> >>>>>>> The Shibboleth SP lets web services use SAML2 to authenticate and do >>>>>>> single sign-on. So if you have configured an Apache server with >>>>>>> mod_shib, >>>>>>> then you would use the Apache config files to define a protected area on >>>>>>> your web server, and put your web-based application into that protected >>>>>>> area. When the user tries to access the application, mod_shib will >>>>>>> intercept the request for a protected file, and redirect to the Shib SP, >>>>>>> which will in turn talk to the CAS IdP. >>>>>>> >>>>>>> For a simple example with just a dumb PHP script as the >>>>>>> "application," see this link: >>>>>>> >>>>>>> >>>>>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html >>>>>>> >>>>>>> >>>>>>> It's for CAS 5.2.x rather than 6.x, but except for a >>>>>>> configuration property name here or there, it should give you the idea. >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> DAVID A. CURRY, CISSP >>>>>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >>>>>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY >>>>>>> >>>>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>>>>>> +1 646 909-4728 • david.cu...@newschool.edu >>>>>>> >>>>>>> >>>>>>> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh < >>>>>>> vikasharnav0...@gmail.com> wrote: >>>>>>> >>>>>>>> Hi all. >>>>>>>> >>>>>>>> Kindly reply for my query. >>>>>>>> >>>>>>>> Thanks & Regards >>>>>>>> Vikash Chandra >>>>>>>> >>>>>>>> On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, < >>>>>>>> vikasharnav0...@gmail.com> wrote: >>>>>>>> >>>>>>>>> And moreover how cas will know that request will go to SP. >>>>>>>>> >>>>>>>>> I have added a json for the Sp using saml registry class proving >>>>>>>>> SP url and metadata location of SP. >>>>>>>>> >>>>>>>>> PLEASE SUGGEST >>>>>>>>> >>>>>>>>> THANKS AND REGARDS >>>>>>>>> VIKASH CHANDRA >>>>>>>>> >>>>>>>>> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, < >>>>>>>>> vikasharnav0...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Hi all, >>>>>>>>>> >>>>>>>>>> I have successfully configured Shibboleth as SP on Apache server. >>>>>>>>>> My cas will work as IDP. >>>>>>>>>> >>>>>>>>>> Now, I have an application ABC which is integrated with CAS, so >>>>>>>>>> now how request will go via SP through my IDP?And what will be the >>>>>>>>>> format >>>>>>>>>> of url when I hit ABC application. >>>>>>>>>> >>>>>>>>>> Previously it used to be like cas url + service+ ABC url and >>>>>>>>>> after submit a service ticket is generated and validated. >>>>>>>>>> >>>>>>>>>> Now after this SAML change how will be my request look like on >>>>>>>>>> submit? >>>>>>>>>> >>>>>>>>>> Json for ABC application has been added in cas services folder. >>>>>>>>>> >>>>>>>>>> My cas version is 6.1.2. >>>>>>>>>> >>>>>>>>>> Thanks and regards >>>>>>>>>> Vikash Chandra >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu 9 Jul, 2020, 21:39 Ray Bon, <r...@uvic.ca> wrote: >>>>>>>>>> >>>>>>>>>>> Vikash, >>>>>>>>>>> >>>>>>>>>>> Shib SP is described at >>>>>>>>>>> https://wiki.shibboleth.net/confluence/display/SP3/Home >>>>>>>>>>> >>>>>>>>>>> Ray >>>>>>>>>>> >>>>>>>>>>> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote: >>>>>>>>>>> >>>>>>>>>>> Notice: This message was sent from outside the University of >>>>>>>>>>> Victoria email system. Please be cautious with links and sensitive >>>>>>>>>>> information. >>>>>>>>>>> >>>>>>>>>>> Hi all, >>>>>>>>>>> >>>>>>>>>>> I have made CAS as idp and added properties for SAML. I am able >>>>>>>>>>> to extract metadata.xml. >>>>>>>>>>> >>>>>>>>>>> Now I want to make shibboleth as SP that need to be configured >>>>>>>>>>> on Apache httpd client 2.4. >>>>>>>>>>> >>>>>>>>>>> Could you suggest how to implement this? >>>>>>>>>>> >>>>>>>>>>> Note:my httpd Apache client is running on https as well. >>>>>>>>>>> >>>>>>>>>>> Thanks and regards >>>>>>>>>>> Vikash Chandra >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> Ray Bon >>>>>>>>>>> Programmer Analyst >>>>>>>>>>> Development Services, University Systems >>>>>>>>>>> 2507218831 | CLE 019 | r...@uvic.ca >>>>>>>>>>> >>>>>>>>>>> I respectfully acknowledge that my place of work is located >>>>>>>>>>> within the ancestral, traditional and unceded territory of the >>>>>>>>>>> Songhees, >>>>>>>>>>> Esquimalt and WSÁNEĆ Nations. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to cas-user+unsubscr...@apereo.org. >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca >>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "CAS Community" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to cas-user+unsubscr...@apereo.org. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjQCbTcqunQbw7nvqTd3X-FAtVQ9CjS1qF3VVAwn0QxCQ%40mail.gmail.com >>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjQCbTcqunQbw7nvqTd3X-FAtVQ9CjS1qF3VVAwn0QxCQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to cas-user+unsubscr...@apereo.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPZWnWCFW3OrHkdov15d6VAR9qnaP4zHOCdqbs7KpWhTA%40mail.gmail.com >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPZWnWCFW3OrHkdov15d6VAR9qnaP4zHOCdqbs7KpWhTA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to cas-user+unsubscr...@apereo.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxhZ4gb4a%3DjD-yPyfNc7XF%3DY2HSEE2HDgVC00ryROxP9Xg%40mail.gmail.com >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxhZ4gb4a%3DjD-yPyfNc7XF%3DY2HSEE2HDgVC00ryROxP9Xg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+unsubscr...@apereo.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAN_oLfey1%3DQpRj7tUUqgd%2BzPKHxBX6ETYHEB5AHtpwNYA%40mail.gmail.com >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAN_oLfey1%3DQpRj7tUUqgd%2BzPKHxBX6ETYHEB5AHtpwNYA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdrvxjuo-AZzgwy5pYp9tzRiRB8f-BkUUTczR5cpHVXkYNVvg%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdrvxjuo-AZzgwy5pYp9tzRiRB8f-BkUUTczR5cpHVXkYNVvg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOV%3D%2Ba%2BgbG1ALAvc0X9_vjqmhx7HwbQyDOgNd99eQnkig%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOV%3D%2Ba%2BgbG1ALAvc0X9_vjqmhx7HwbQyDOgNd99eQnkig%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxhiQTcwNfnAg1W6jzUcs3MZvsE67qERGrA2tuhvXRyk2Q%40mail.gmail.com.