Hello Josh, We have exactly the same scenario you described. I was wondering if you have been able to configure the AD Azure service using WS Trust protocol with CAS. Thank you.
On Thursday, September 23, 2021 at 6:51:44 AM UTC-4 Josh G wrote: > Bumping this. Has anyone had any luck configuring this or a suitable work > around that keeps CAS within the auth flow? > > On Monday, June 28, 2021 at 12:22:07 PM UTC-4 Josh G wrote: > >> We are currently running CAS 6.3 as a CAS and SAML IdP, both of which use >> LDAP for authentication. We have Azure AD (as a service) configured to >> authenticate through CAS using SAML which has been working perfectly fine >> for years. >> >> Our Desktop Management team is looking to expand our usage of Azure AD to >> include services that will require additional protocols other than SAML to >> work properly. I was wondering if anyone has had any success configuring >> CAS as a WS-Trust provider with the necessary claims. If anyone has this >> working, I would very much appreciate seeing how you did it! >> >> What I am looking for is this: >> https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains >> >> specifically the following: >> >> *A federated environment should have an identity provider that supports >> the following requirements. If you have a federated environment using >> Active Directory Federation Services (AD FS), then the below requirements >> are already supported.* >> >> - *WIAORMULTIAUTHN claim: This claim is required to do hybrid Azure >> AD join for Windows down-level devices.* >> - *WS-Trust protocol: This protocol is required to authenticate >> Windows current hybrid Azure AD joined devices with Azure AD. When you're >> using AD FS, you need to enable the following WS-Trust endpoints: >> /adfs/services/trust/2005/windowstransport >> /adfs/services/trust/13/windowstransport >> /adfs/services/trust/2005/usernamemixed >> /adfs/services/trust/13/usernamemixed >> /adfs/services/trust/2005/certificatemixed >> /adfs/services/trust/13/certificatemixed* >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cfb43809-ab2c-496c-ae69-9de9dfbf47ddn%40apereo.org.
