HI there, I have CAS delegated authN via SAML working. But I have trouble getting a much simpler flow to work.
I would like CAS to act as a SAML2 ServiceProvider, it accepts a HTTP POST with SAML Response (user is already authenticated by another Idp such as Okta, which Posts SAML response to CAS), after validation, it gets the URL defined in RelayState or ACS, and redirect browser to that URL. Much like Idp initiated SSO flow, in this case, the initiating IdP is some other app such as Okta, user is already in Okta portal, he sets up a SAML 2.0 integration in Okta, with SSO Url points to CAS endpoint, and relayState or ACS has the URL to be launched (e.g., points to another app protected by CAS). I have trouble getting this work, With CAS SSO profiles, they all assume CAS is the IdP, and therefore, accepts only AuthnRequest. This sounds a lot simpler than delegated AuthN, but I cannot get it to work. Here is what I am thinking, CAS is a Spring Boot app, which can act as SAML2 SP, that requires the Spring dependency, spring-security-saml2-service-provider, which is Not included in CAS by default. Is this something I need to do to get what I want to work? In other words, CAS is always intended to be IdP, to be an SP like an app., we need to do something different. An alternative is to have Okta points SSO Url to the App, but that is not what I am looking for in this flow. The App does Not understand SAML, it uses CAS for authN. I want CAS to be the SP, and then some mechanism to redirect to the App after CAS session is created. Thanks, Yan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/97663e4f-1af9-414e-90b9-cf327933ea81n%40apereo.org.