One more information to the use of pac4j, you can look at http://jasig.github.io/cas/4.0.0/integration/Delegate-Authentication.html, this explain how to integrate in CAS 4 pac4j with somes examples (not the SAML but it's a begining).
But if you go on this solution please give a feed back ;) Thanks Julien Gribonvald Le 24/06/2014 12:38, Julien Gribonvald a écrit : > Hi, > > I would suggest that you look at pac4j, it should replace the SAML > plugin developped by Maxime in the furtur for our use (Maxime worked > for us in this plugin before something more "generic" as pac4j comes). > This "toolbox" (i see it like that) will help to use the last version > of CAS as the Maxime's plugin should be reviewed for version of CAS > after 3.4.x. After I don't know if we can use it for that, but maybe > Jérome Leleu could give some words of this use or point to a > documentation ? > > Else for the use of this pluugin see in attachment an example of our > SP metadata file that we use in production on our CAS (obviously > without certificates and custom datas, so replace A_DOMAIN_NAME by > your domain name,ADD CERTIFICATE HERE, and see on other custom datas). > > About IDP it was tested over a shibboleth idp and in production with > an other idp than shibboleth (seems a fork for private use, or > something related with ibm, but we don't know a lot about it), but > working in the same way as all is based on SAML specs so i think this > should works. > > After about configuration all files that you have to modify and deploy > are on > https://github.com/GIP-RECIA/cas/tree/feature-saml2/cas-server-support-saml2/sample-* > > but i think you don't have to modify a lot, setting all properties > should do the works.** > **And the properties in config.properties should be added in the > original file cas.properties. > > If I look on our deployment and something that i don't see in the > source are : > - in deployerConfigContext.xml : in the bean authenticationManager, in > the property credentialsToPrincipalResolvers, added the > credentialResolver mapped to the saml service, we use the > EmailAddressesCredentialsToPrincipalResolver.java as example : > <bean id="emailAddressesCredsToPrincipal" > class="org.esco.cas.authentication.principal.EmailAddressesCredentialsToPrincipalResolver"> > <property name="attributeRepository" > ref="attributeRepository" /> > </bean> > > <bean id="ldapEmailAddressesAuthenticationHandler" > class="org.esco.cas.authentication.handler.support.LdapEmailAddressesAuthenticationHandler"> > <property name="searchBase" value="${ldap.basedn}" /> > <property name="contextSource" ref="contextSource" /> > <property name="principalAttributeName" > value="${ldap.identifier.attribute}" /> > > <property name="timeout" value="5000" /> > > <property name="authenticationLdapFiltersArray" > value="${ldap.authentication.email.filters}" /> > </bean> > > - in cas-servlet.xml youd should add the import of > cas-servlet-saml2.xml > <https://github.com/GIP-RECIA/cas/blob/feature-saml2/cas-server-support-saml2/sample-config/cas-servlet-saml2.xml> > > I hope this will help, but don't hesitate to ask, i can provide some > other examples... > > After for the documentation, we have one in french explaining > properties and how it works but that's all, after you are welcome to > make a pull request for contributions if you succeed to install the > plugin. > > Thanks > > Julien Gribonvald > > > Le 24/06/2014 11:09, Jaroslav Kacer a écrit : >> Hello everybody! >> >> I'm trying to integrate CAS and the SAML2 plugin which was discussed >> in this list on Oct 22 2013 by Maxime Bossard >> (https://groups.google.com/d/msg/jasig-cas-user/FVrTSnXMJbk/SHzarllCF2kJ). >> As I am experiencing some issues, I wonder if someone (possibly >> Maxime) could help me. I have already asked directly in the Google >> group but the message did not propagate to this list, so I am posting >> the question again. >> >> The version of CAS I use is 3.4.12.1 because the plugin's POM file >> points to 3.4.11-RC1 and 3.4.12.1 is the latest version in the 3.4.x >> line. >> >> I have merged the provided sample XML configuration files with those >> of CAS, also the two properies files, some JSPs and web.xml. Now I am >> getting errors from the plugin complaining about SP metadata. >> Obviously the plugin expects some SAML2 endpoints with various >> bindings that are not in my SP metadata. >> >> >> Maxime, could you please provide a list of all expected endpoints >> with their bindings and URLs that should be enumerated in the SP >> metadata file? Or, an example SP metadata file would be even better :-) >> Although the error message clearly says what service/binding the >> plugin expects, I don't know how to create the URLs for the bindings. >> Are they fixed or does the plugin first read the metadata file and >> then uses the URLs specified there? >> >> >> I would also like to ask about the IdP side. I assume you used the >> plugin against Shibboleth. Have you tested it against other IdP >> servers? I'd like to use Microsoft ADFS. Are any special settings >> needed? (I don't have access to the server yet so I cannot test it at >> the moment.) At the moment, I am using an example IdP metadata file >> from Shibboleth (just to make it run) but I will have to adapt it later. >> >> >> It would be great if the documentation for the plugin could be more >> elaborated, mainly the section "Plugin Configuration". I've already >> spent 2 days putting CAS and the plugin together. >> Or is there anything else than the ReadMe.md file from Github? >> >> >> Thank you in advance for your answer! >> >> Best Regards, >> Jarda Kacer, IDC >> >> -- >> You are currently subscribed tocas-u...@lists.jasig.org >> as:julien.gribonv...@recia.fr >> To unsubscribe, change settings or access archives, >> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > julien.gribonv...@recia.fr > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
