subject:"\[cas\-user\] CAS 5.2.6 \+ Delegated Authentication \+ Microsoft Azure AD \+ How to map attributes"

Re: [cas-user] CAS 5.2.6 + Delegated Authentication + Microsoft Azure AD + How to map attributes

2018-10-08 Thread Łukasz Woźniak

Hi,

I'm working on integration with Azure AD too. I was able to connect wia
OpenID. To map attribute You need to define default attribute. Example
below:

cas.authn.attributeRepository.merger=REPLACE
cas.authn.releaseProtocolAttributes=true
cas.authn.attributeRepository.defaultAttributesToRelease=email,given_name,family_name,name

After that Attribute mapping start working for me.

Can You share configuration how integration with Saml Ip working for You ?
With oAuth 2.0 and OpenID I had problem with Azure AD. Redirect_url
parameter does not redirect with get parameters, and I had to override
default Pac4j configuration.

Thanks,
Lukas



pt., 5 paź 2018 o 23:15 Raghavan TV  napisał(a):

> Hi All
>
> We were able to successfully integrate CAS 5.2.6 using delegated
> authentication agianst Azure AD (SAML Idp)
>
> We are now looking to map the SAML (claims) attributes to more meaningful
> names
>
> Azure SAML Response
>
>  Destination="
> https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML;
> ID="_6a00b756-53f4-4702-b329-7a6af0145fa0"
> InResponseTo="_d5nkosrzkcj29rlldngsuozq3uwtb5znanfm616"
> IssueInstant="2018-10-04T13:22:05.275Z" Version="2.0"
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
> 
> https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
>  Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
>  IssueInstant="2018-10-04T13:22:05.275Z"
> Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
> 
> https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
> http://www.w3.org/2000/09/xmldsig#;>
> http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> 
> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> BkenglDOQwAFlKJ3hLrZ4vUzAg9gOD9EFUjGKH9hsI4=
> 
> 
>
> HAKazQ1ApJ5w0NtxJs5E/qECDRz8C5xYjHtGDJtuuuULrM07HUjkoenQ4L34UhSO4qm6Jgo0roIP1bQAGDlq0DWmPu7P9nyPSaQbKiBMtDAO759rM/g0neTWWfYYuNfDFauA+CBuu1N2W15h/oYU85z2D//W8RJQDMB7JvkycPgKF9BY0RON+Rlo2qOFsZ8Z6TxNJgyDxPCQG5natKgVoAZ57lC4+giarBQJQgCFGjy5uckKx4tq2qDuSGnyxqpxqSSm0WNhRR4AqY+kMtNLvEv0aimLX5ezzeOTy7yGmnWNf+l8+FAai2US19Fu/G9xeMH9c3MjZ69MujIkFGqc3A==
> 
> 
>
> MIIDBTCCAe2gAwIBAgIQWOnQG5bZiIFAbuSzrxjvbDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE4MDgwMTAwMDAwMFoXDTIwMDgwMTAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM5fWyNaHwYqnCfxVBEqhfDHKWnNhqmVHH9McYM+bsRs9xl7DkuwsbvD6vOb4rANtVOuly+Eiv/fYhhwn8UFE4kzTRXWREIH+uoFCUDyItwtT8vNn253XzXuFiIeHEkSoHM4vckdP+G7lPEQRZtQjV2TTB/76eBrtnLdP/AAgp4KE4/kjSuKEvn4lwiKtQWYPmCBPh18erwmIFwBramK5CzNKT31ycTYpi3LZpjbIljzW7gzvX9P6/U+dmTmpOufKzJbAnnXKveMcRUZl7wXWxQpyKGAZ0q+8FKIcVbrO0mlbyPuQGynAOofsnhqPQVeO4lbsEgcmL9QXWdxdn6kYsCAwEAAaMhMB8wHQYDVR0OBBYEFMXZ+lF0trQrd4uWs+lQ7h0mls63MA0GCSqGSIb3DQEBCwUAA4IBAQAA/TRp5Cx6WWA04dCvoJNTd80KSO8uGrM2V4VhTlIU1zf8cjMocmBXSA0v+P3onkBHHwnMJs6fWuwcBL4vhqZ4jonPcgl3tUIGgDwywM3V4mC1JLZJXlBZASsAuKmHm6qwge6RVs+Ub1fcpOIViMgW/1Wj1tZm/v/NGHQ+EEJV1UXtE5OnFnzD+9TrfOTI/l855ryKNS6I+XNbtcIJUL87OWkMRgNgjOhBnmldA27sWWkFWfvxB0J7FvOkyWaLlyNe/jqCL3jYXzz0XBNGMbatmeKS3fgIihVUJ32Vt7GXI4ed0HuvhhZ6d+fvMnBPWdfteu018YHKeXyk/c2aegcj
> 
> 
> 
> 
>  Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">nX16LJA-9igFhluTHQGlDUOK0CNPy_XfliMDJ3iud88
>  Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> InResponseTo="_d5nkosrzkcj29rlldngsuozq3uwtb5znanfm616"
> NotOnOrAfter="2018-10-04T13:27:05.275Z"
> Recipient="
> https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML
> "/>
> 
>  NotOnOrAfter="2018-10-04T14:17:05.275Z">
> 
>
> spn:8b4fcc4d-6781-4da0-acc9-0c28a3317695
> 
> 
> 
> http://schemas.microsoft.com/identity/claims/tenantid;>
>
> 522b3803-a001-4675-b3b5-1d727d43585a
> 
> http://schemas.microsoft.com/identity/claims/objectidentifier;>
>
> 8fa1e8a3-41b8-440e-91cf-fafa246ab571
> 
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name;>
> xx...@.onmicrosoft.com
> 
> 
> http://schemas.microsoft.com/identity/claims/displayname;>
> Firstname Lastname
> 
> http://schemas.microsoft.com/identity/claims/identityprovider;>
> 
> https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
> 
> 
> http://schemas.microsoft.com/claims/authnmethodsreferences;>
> 
> http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
> 
> 
>

[cas-user] CAS 5.2.6 + Delegated Authentication + Microsoft Azure AD + How to map attributes

2018-10-05 Thread Raghavan TV

Hi All

We were able to successfully integrate CAS 5.2.6 using delegated 
authentication agianst Azure AD (SAML Idp)

We are now looking to map the SAML (claims) attributes to more meaningful 
names 

Azure SAML Response

https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML;
ID="_6a00b756-53f4-4702-b329-7a6af0145fa0" 
InResponseTo="_d5nkosrzkcj29rlldngsuozq3uwtb5znanfm616"
IssueInstant="2018-10-04T13:22:05.275Z" Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/



https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
http://www.w3.org/2000/09/xmldsig#;>
http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmlenc#sha256"/>

BkenglDOQwAFlKJ3hLrZ4vUzAg9gOD9EFUjGKH9hsI4=



HAKazQ1ApJ5w0NtxJs5E/qECDRz8C5xYjHtGDJtuuuULrM07HUjkoenQ4L34UhSO4qm6Jgo0roIP1bQAGDlq0DWmPu7P9nyPSaQbKiBMtDAO759rM/g0neTWWfYYuNfDFauA+CBuu1N2W15h/oYU85z2D//W8RJQDMB7JvkycPgKF9BY0RON+Rlo2qOFsZ8Z6TxNJgyDxPCQG5natKgVoAZ57lC4+giarBQJQgCFGjy5uckKx4tq2qDuSGnyxqpxqSSm0WNhRR4AqY+kMtNLvEv0aimLX5ezzeOTy7yGmnWNf+l8+FAai2US19Fu/G9xeMH9c3MjZ69MujIkFGqc3A==



MIIDBTCCAe2gAwIBAgIQWOnQG5bZiIFAbuSzrxjvbDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE4MDgwMTAwMDAwMFoXDTIwMDgwMTAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM5fWyNaHwYqnCfxVBEqhfDHKWnNhqmVHH9McYM+bsRs9xl7DkuwsbvD6vOb4rANtVOuly+Eiv/fYhhwn8UFE4kzTRXWREIH+uoFCUDyItwtT8vNn253XzXuFiIeHEkSoHM4vckdP+G7lPEQRZtQjV2TTB/76eBrtnLdP/AAgp4KE4/kjSuKEvn4lwiKtQWYPmCBPh18erwmIFwBramK5CzNKT31ycTYpi3LZpjbIljzW7gzvX9P6/U+dmTmpOufKzJbAnnXKveMcRUZl7wXWxQpyKGAZ0q+8FKIcVbrO0mlbyPuQGynAOofsnhqPQVeO4lbsEgcmL9QXWdxdn6kYsCAwEAAaMhMB8wHQYDVR0OBBYEFMXZ+lF0trQrd4uWs+lQ7h0mls63MA0GCSqGSIb3DQEBCwUAA4IBAQAA/TRp5Cx6WWA04dCvoJNTd80KSO8uGrM2V4VhTlIU1zf8cjMocmBXSA0v+P3onkBHHwnMJs6fWuwcBL4vhqZ4jonPcgl3tUIGgDwywM3V4mC1JLZJXlBZASsAuKmHm6qwge6RVs+Ub1fcpOIViMgW/1Wj1tZm/v/NGHQ+EEJV1UXtE5OnFnzD+9TrfOTI/l855ryKNS6I+XNbtcIJUL87OWkMRgNgjOhBnmldA27sWWkFWfvxB0J7FvOkyWaLlyNe/jqCL3jYXzz0XBNGMbatmeKS3fgIihVUJ32Vt7GXI4ed0HuvhhZ6d+fvMnBPWdfteu018YHKeXyk/c2aegcj




nX16LJA-9igFhluTHQGlDUOK0CNPy_XfliMDJ3iud88
https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML"/>




spn:8b4fcc4d-6781-4da0-acc9-0c28a3317695



http://schemas.microsoft.com/identity/claims/tenantid;>

522b3803-a001-4675-b3b5-1d727d43585a

http://schemas.microsoft.com/identity/claims/objectidentifier;>

8fa1e8a3-41b8-440e-91cf-fafa246ab571

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name;>
xx...@.onmicrosoft.com

http://schemas.microsoft.com/identity/claims/displayname;>
Firstname Lastname

http://schemas.microsoft.com/identity/claims/identityprovider;>

https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/

http://schemas.microsoft.com/claims/authnmethodsreferences;>

http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password

http://schemas.microsoft.com/claims/multipleauthn





urn:oasis:names:tc:SAML:2.0:ac:classes:Password






CAS Client Response



nX16LJA-9igFhluTHQGlDUOK0CNPy_XfliMDJ3iud88

true

8fa1e8a3-41b8-440e-91cf-fafa246ab571

2018-10-04T13:22:05.643Z[Etc/UTC]
MY_SAML

ClientAuthenticationHandler

Firstname
 
Lastname
2018-10-04T13:17:05.275Z
ClientCredential

http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password

http://schemas.microsoft.com/claims/multipleauthn

522b3803-a001-4675-b3b5-1d727d43585a

myuse...@mydomain.onmicrosoft.com

ClientAuthenticationHandler

https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
2018-10-04T14:17:05.275Z

false

_337eded3-a927-4674-b78a-77259cfbf784






We tried to use the AttributeResolver on the cas server side configuration 
but not working now.




Any pointers on what is wrong the way we are trying the attribute mapping ?

Sample attribute resolution mapping that we

Re: [cas-user] CAS 5.2.6 + Delegated Authentication + Microsoft Azure AD + How to map attributes

[cas-user] CAS 5.2.6 + Delegated Authentication + Microsoft Azure AD + How to map attributes

2 matches

Site Navigation

Mail list logo

Footer information