We are currently running CAS 6.3 as a CAS and SAML IdP, both of which use LDAP for authentication. We have Azure AD (as a service) configured to authenticate through CAS using SAML which has been working perfectly fine for years.
Our Desktop Management team is looking to expand our usage of Azure AD to include services that will require additional protocols other than SAML to work properly. I was wondering if anyone has had any success configuring CAS as a WS-Trust provider with the necessary claims. If anyone has this working, I would very much appreciate seeing how you did it! What I am looking for is this: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains specifically the following: *A federated environment should have an identity provider that supports the following requirements. If you have a federated environment using Active Directory Federation Services (AD FS), then the below requirements are already supported.* - *WIAORMULTIAUTHN claim: This claim is required to do hybrid Azure AD join for Windows down-level devices.* - *WS-Trust protocol: This protocol is required to authenticate Windows current hybrid Azure AD joined devices with Azure AD. When you're using AD FS, you need to enable the following WS-Trust endpoints: /adfs/services/trust/2005/windowstransport /adfs/services/trust/13/windowstransport /adfs/services/trust/2005/usernamemixed /adfs/services/trust/13/usernamemixed /adfs/services/trust/2005/certificatemixed /adfs/services/trust/13/certificatemixed* -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b46bbc0-613e-42f1-b810-8f4935171d18n%40apereo.org.
