Re: [cas-user] How to implement CAS(Idp) with SAML

[Ray Bon]

Vikash,

If you are setting up app.example.com with shibboleth, see shib docs, 
https://wiki.shibboleth.net/confluence/display/SP3/Home. There is also a 
mailing list, https://wiki.shibboleth.net/confluence/display/WEB/Mailing+Lists

Ray

On Sun, 2020-07-19 at 17:33 +0530, Vikash Chandra Ansh wrote:
HI All,

CAS version I am using is 6.1.2

I am stuck with my other Client applications(https://app.example.com) 
integration with CAS(https://cas.example.com) using SAML. IDp is my CAS server 
and Shibboleth is my SP. When no application is integrated with it, the request 
is going directly to my IDP via SAML like when a user hits the 
https://localhost:443/index.html(present in httpd client/ htdocs/index.html) I 
got a SAML assertion.

My CAS is also deployed in Apache tomcat.
But when I am deploying app.example war in my tomcat,request is going to my IDP 
directly without any intercept of SP.

Previously, we used to deploy the client app and add the particular JSON for it 
in CAS services folder,hence whenever a user requests for 
app.example.com, request goes to CAS server using CAS 
protocol and in JSON we provide AD group for authorized access.

Can you suggest how to achieve the same using SAML Please give me a step by 
step solution to achieve this.
Do any changes in JSON required for app.example.com or 
any configuration wise changes in shibboleth ,httpd client or CAS client?


Thanks and regards
Vikash Chandra

On Wed, Jul 15, 2020 at 1:04 AM Vikash Chandra Ansh 
mailto:vikasharnav0...@gmail.com>> wrote:
I can't do this as m using client vdi for development.

On Wed 15 Jul, 2020, 00:35 David Curry, 
mailto:david.cu...@newschool.edu>> wrote:
Can you attach the relevant piece of the cas log? (Not the whole thing, just 
the lines around the error.)

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Tue, Jul 14, 2020 at 2:56 PM Vikash Chandra Ansh 
mailto:vikasharnav0...@gmail.com>> wrote:
Hi David.

I am seeing this in cas log. Can we connect David?

On Wed 15 Jul, 2020, 00:21 David Curry, 
mailto:david.cu...@newschool.edu>> wrote:
When you say you're "getting an error," where are you getting it? In the 
browser window? In the CAS log file? In the Tomcat log file?

I'm not sure off the top of my head what it could be, as none of what we're 
doing here (installing Shib, Apache, etc.) has anything to do with columns or 
databases.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh 
mailto:vikasharnav0...@gmail.com>> wrote:
Hi Ray,

I have added all the configuration accordingly and deployed the war file. I am 
getting an error invalid column name"expired". I don't have any clue on this.. 
Nothing as such is printed in logs. I am using Mssql as dB.

Thanks & Regards

On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, 
mailto:vikasharnav0...@gmail.com>> wrote:
Thanks Ray,
I will check and let you know in case of any issues.

On Mon, Jul 13, 2020 at 3:58 AM David Curry 
mailto:david.cu...@newschool.edu>> wrote:
The Shibboleth SP lets web services use SAML2 to authenticate and do single 
sign-on. So if you have configured an Apache server with mod_shib, then you 
would use the Apache config files to define a protected area on your web 
server, and put your web-based application into that protected area. When the 
user tries to access the application, mod_shib will intercept the request for a 
protected file, and redirect to the Shib SP, which will in turn talk to the CAS 
IdP.

For a simple example with just a dumb PHP script as the "application," see  
this link:

https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html

It's for CAS 5.2.x rather than 6.x, but except for a configuration property 
name here or there, it should give you the idea.


--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh 
mailto:vikasharnav0...@gmail.com>> wrote:
Hi all.

Kindly reply for my query.

Thanks & Regards
Vikash Chandra

On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, 
mailto:vikasharnav0...@gmail.com>> wrote:
And moreover how cas will know that request will go to SP.

I have added a json for the Sp using saml registry class proving SP url and 
metadata location of SP.

PLEASE SUGGEST

THANKS AND REGARDS
VIKASH CHANDRA

On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, 

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

HI All,

CAS version I am using is 6.1.2

I am stuck with my other Client applications(https://app.example.com)
integration with CAS(https://cas.example.com) using SAML. IDp is my CAS
server and Shibboleth is my SP. When no application is integrated with it,
the request is going directly to my IDP via SAML like when a user hits the
https://localhost:443/index.html(present in httpd client/
htdocs/index.html) I got a SAML assertion.

My CAS is also deployed in Apache tomcat.
But when I am deploying app.example war in my tomcat,request is going to my
IDP directly without any intercept of SP.

Previously, we used to deploy the client app and add the particular JSON
for it in CAS services folder,hence whenever a user requests for
app.example.com, request goes to CAS server using CAS protocol and in JSON
we provide AD group for authorized access.

Can you suggest how to achieve the same using SAML Please give me a step by
step solution to achieve this.
Do any changes in JSON required for app.example.com or any configuration
wise changes in shibboleth ,httpd client or CAS client?


Thanks and regards
Vikash Chandra

On Wed, Jul 15, 2020 at 1:04 AM Vikash Chandra Ansh <
vikasharnav0...@gmail.com> wrote:

> I can't do this as m using client vdi for development.
>
> On Wed 15 Jul, 2020, 00:35 David Curry,  wrote:
>
>> Can you attach the relevant piece of the cas log? (Not the whole thing,
>> just the lines around the error.)
>>
>> --Dave
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david.cu...@newschool.edu
>>
>>
>> On Tue, Jul 14, 2020 at 2:56 PM Vikash Chandra Ansh <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> Hi David.
>>>
>>> I am seeing this in cas log. Can we connect David?
>>>
>>> On Wed 15 Jul, 2020, 00:21 David Curry, 
>>> wrote:
>>>
 When you say you're "getting an error," where are you getting it? In
 the browser window? In the CAS log file? In the Tomcat log file?

 I'm not sure off the top of my head what it could be, as none of what
 we're doing here (installing Shib, Apache, etc.) has anything to do with
 columns or databases.

 --Dave

 --

 DAVID A. CURRY, CISSP
 *DIRECTOR • INFORMATION SECURITY & PRIVACY*
 THE NEW SCHOOL • INFORMATION TECHNOLOGY

 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
 +1 646 909-4728 • david.cu...@newschool.edu


 On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh <
 vikasharnav0...@gmail.com> wrote:

> Hi Ray,
>
> I have added all the configuration accordingly and deployed the war
> file. I am getting an error invalid column name"expired". I don't have any
> clue on this.. Nothing as such is printed in logs. I am using Mssql as dB.
>
> Thanks & Regards
>
> On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, <
> vikasharnav0...@gmail.com> wrote:
>
>> Thanks Ray,
>> I will check and let you know in case of any issues.
>>
>> On Mon, Jul 13, 2020 at 3:58 AM David Curry <
>> david.cu...@newschool.edu> wrote:
>>
>>> The Shibboleth SP lets web services use SAML2 to authenticate and do
>>> single sign-on. So if you have configured an Apache server with 
>>> mod_shib,
>>> then you would use the Apache config files to define a protected area on
>>> your web server, and put your web-based application into that protected
>>> area. When the user tries to access the application, mod_shib will
>>> intercept the request for a protected file, and redirect to the Shib SP,
>>> which will in turn talk to the CAS IdP.
>>>
>>> For a simple example with just a dumb PHP script as the
>>> "application," see  this link:
>>>
>>>
>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html
>>>
>>>
>>> It's for CAS 5.2.x rather than 6.x, but except for a
>>> configuration property name here or there, it should give you the idea.
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 646 909-4728 • david.cu...@newschool.edu
>>>
>>>
>>> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 Hi all.

 Kindly reply for my query.

 Thanks & Regards
 Vikash Chandra

 On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
 vikasharnav0...@gmail.com> wrote:

> And moreover how cas will know that request will go to SP.
>
> I have added a json for the Sp using saml registry class proving
> SP url and metadata location of SP.
>
> PLEASE SUGGEST
>
> 

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

I can't do this as m using client vdi for development.

On Wed 15 Jul, 2020, 00:35 David Curry,  wrote:

> Can you attach the relevant piece of the cas log? (Not the whole thing,
> just the lines around the error.)
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
> On Tue, Jul 14, 2020 at 2:56 PM Vikash Chandra Ansh <
> vikasharnav0...@gmail.com> wrote:
>
>> Hi David.
>>
>> I am seeing this in cas log. Can we connect David?
>>
>> On Wed 15 Jul, 2020, 00:21 David Curry, 
>> wrote:
>>
>>> When you say you're "getting an error," where are you getting it? In the
>>> browser window? In the CAS log file? In the Tomcat log file?
>>>
>>> I'm not sure off the top of my head what it could be, as none of what
>>> we're doing here (installing Shib, Apache, etc.) has anything to do with
>>> columns or databases.
>>>
>>> --Dave
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 646 909-4728 • david.cu...@newschool.edu
>>>
>>>
>>> On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 Hi Ray,

 I have added all the configuration accordingly and deployed the war
 file. I am getting an error invalid column name"expired". I don't have any
 clue on this.. Nothing as such is printed in logs. I am using Mssql as dB.

 Thanks & Regards

 On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, <
 vikasharnav0...@gmail.com> wrote:

> Thanks Ray,
> I will check and let you know in case of any issues.
>
> On Mon, Jul 13, 2020 at 3:58 AM David Curry 
> wrote:
>
>> The Shibboleth SP lets web services use SAML2 to authenticate and do
>> single sign-on. So if you have configured an Apache server with mod_shib,
>> then you would use the Apache config files to define a protected area on
>> your web server, and put your web-based application into that protected
>> area. When the user tries to access the application, mod_shib will
>> intercept the request for a protected file, and redirect to the Shib SP,
>> which will in turn talk to the CAS IdP.
>>
>> For a simple example with just a dumb PHP script as the
>> "application," see  this link:
>>
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html
>>
>>
>> It's for CAS 5.2.x rather than 6.x, but except for a
>> configuration property name here or there, it should give you the idea.
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david.cu...@newschool.edu
>>
>>
>> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> Hi all.
>>>
>>> Kindly reply for my query.
>>>
>>> Thanks & Regards
>>> Vikash Chandra
>>>
>>> On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 And moreover how cas will know that request will go to SP.

 I have added a json for the Sp using saml registry class proving SP
 url and metadata location of SP.

 PLEASE SUGGEST

 THANKS AND REGARDS
 VIKASH CHANDRA

 On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
 vikasharnav0...@gmail.com> wrote:

> Hi all,
>
> I have successfully configured Shibboleth as SP on Apache server.
> My cas will work as IDP.
>
> Now, I have an application ABC which is integrated with CAS, so
> now how request will go via SP through my IDP?And what will be the 
> format
> of url when I hit ABC application.
>
> Previously it used to be like cas url + service+ ABC url and after
> submit a service ticket is generated and validated.
>
> Now after this SAML change how will be my request look like on
> submit?
>
> Json for ABC application has been added in cas services folder.
>
> My cas version is 6.1.2.
>
> Thanks and regards
> Vikash Chandra
>
>
> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>
>> Vikash,
>>
>> Shib SP is described at
>> https://wiki.shibboleth.net/confluence/display/SP3/Home
>>
>> Ray
>>
>> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>>
>> Notice: This message was sent from outside the University 

Re: [cas-user] How to implement CAS(Idp) with SAML

[David Curry]

Can you attach the relevant piece of the cas log? (Not the whole thing,
just the lines around the error.)

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Tue, Jul 14, 2020 at 2:56 PM Vikash Chandra Ansh <
vikasharnav0...@gmail.com> wrote:

> Hi David.
>
> I am seeing this in cas log. Can we connect David?
>
> On Wed 15 Jul, 2020, 00:21 David Curry,  wrote:
>
>> When you say you're "getting an error," where are you getting it? In the
>> browser window? In the CAS log file? In the Tomcat log file?
>>
>> I'm not sure off the top of my head what it could be, as none of what
>> we're doing here (installing Shib, Apache, etc.) has anything to do with
>> columns or databases.
>>
>> --Dave
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david.cu...@newschool.edu
>>
>>
>> On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> Hi Ray,
>>>
>>> I have added all the configuration accordingly and deployed the war
>>> file. I am getting an error invalid column name"expired". I don't have any
>>> clue on this.. Nothing as such is printed in logs. I am using Mssql as dB.
>>>
>>> Thanks & Regards
>>>
>>> On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 Thanks Ray,
 I will check and let you know in case of any issues.

 On Mon, Jul 13, 2020 at 3:58 AM David Curry 
 wrote:

> The Shibboleth SP lets web services use SAML2 to authenticate and do
> single sign-on. So if you have configured an Apache server with mod_shib,
> then you would use the Apache config files to define a protected area on
> your web server, and put your web-based application into that protected
> area. When the user tries to access the application, mod_shib will
> intercept the request for a protected file, and redirect to the Shib SP,
> which will in turn talk to the CAS IdP.
>
> For a simple example with just a dumb PHP script as the "application,"
> see  this link:
>
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html
>
>
> It's for CAS 5.2.x rather than 6.x, but except for a
> configuration property name here or there, it should give you the idea.
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
> vikasharnav0...@gmail.com> wrote:
>
>> Hi all.
>>
>> Kindly reply for my query.
>>
>> Thanks & Regards
>> Vikash Chandra
>>
>> On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> And moreover how cas will know that request will go to SP.
>>>
>>> I have added a json for the Sp using saml registry class proving SP
>>> url and metadata location of SP.
>>>
>>> PLEASE SUGGEST
>>>
>>> THANKS AND REGARDS
>>> VIKASH CHANDRA
>>>
>>> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 Hi all,

 I have successfully configured Shibboleth as SP on Apache server.
 My cas will work as IDP.

 Now, I have an application ABC which is integrated with CAS, so now
 how request will go via SP through my IDP?And what will be the format 
 of
 url when I hit ABC application.

 Previously it used to be like cas url + service+ ABC url and after
 submit a service ticket is generated and validated.

 Now after this SAML change how will be my request look like on
 submit?

 Json for ABC application has been added in cas services folder.

 My cas version is 6.1.2.

 Thanks and regards
 Vikash Chandra


 On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:

> Vikash,
>
> Shib SP is described at
> https://wiki.shibboleth.net/confluence/display/SP3/Home
>
> Ray
>
> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>
> Notice: This message was sent from outside the University of
> Victoria email system. Please be cautious with links and sensitive
> information.
>
> Hi all,
>
> I have made CAS as idp and added properties for SAML. I am able to
> extract metadata.xml.
>
> 

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

Hi David.

I am seeing this in cas log. Can we connect David?

On Wed 15 Jul, 2020, 00:21 David Curry,  wrote:

> When you say you're "getting an error," where are you getting it? In the
> browser window? In the CAS log file? In the Tomcat log file?
>
> I'm not sure off the top of my head what it could be, as none of what
> we're doing here (installing Shib, Apache, etc.) has anything to do with
> columns or databases.
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
> On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh <
> vikasharnav0...@gmail.com> wrote:
>
>> Hi Ray,
>>
>> I have added all the configuration accordingly and deployed the war file.
>> I am getting an error invalid column name"expired". I don't have any clue
>> on this.. Nothing as such is printed in logs. I am using Mssql as dB.
>>
>> Thanks & Regards
>>
>> On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> Thanks Ray,
>>> I will check and let you know in case of any issues.
>>>
>>> On Mon, Jul 13, 2020 at 3:58 AM David Curry 
>>> wrote:
>>>
 The Shibboleth SP lets web services use SAML2 to authenticate and do
 single sign-on. So if you have configured an Apache server with mod_shib,
 then you would use the Apache config files to define a protected area on
 your web server, and put your web-based application into that protected
 area. When the user tries to access the application, mod_shib will
 intercept the request for a protected file, and redirect to the Shib SP,
 which will in turn talk to the CAS IdP.

 For a simple example with just a dumb PHP script as the "application,"
 see  this link:


 https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html


 It's for CAS 5.2.x rather than 6.x, but except for a
 configuration property name here or there, it should give you the idea.

 --

 DAVID A. CURRY, CISSP
 *DIRECTOR • INFORMATION SECURITY & PRIVACY*
 THE NEW SCHOOL • INFORMATION TECHNOLOGY

 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
 +1 646 909-4728 • david.cu...@newschool.edu


 On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
 vikasharnav0...@gmail.com> wrote:

> Hi all.
>
> Kindly reply for my query.
>
> Thanks & Regards
> Vikash Chandra
>
> On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
> vikasharnav0...@gmail.com> wrote:
>
>> And moreover how cas will know that request will go to SP.
>>
>> I have added a json for the Sp using saml registry class proving SP
>> url and metadata location of SP.
>>
>> PLEASE SUGGEST
>>
>> THANKS AND REGARDS
>> VIKASH CHANDRA
>>
>> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> I have successfully configured Shibboleth as SP on Apache server. My
>>> cas will work as IDP.
>>>
>>> Now, I have an application ABC which is integrated with CAS, so now
>>> how request will go via SP through my IDP?And what will be the format of
>>> url when I hit ABC application.
>>>
>>> Previously it used to be like cas url + service+ ABC url and after
>>> submit a service ticket is generated and validated.
>>>
>>> Now after this SAML change how will be my request look like on
>>> submit?
>>>
>>> Json for ABC application has been added in cas services folder.
>>>
>>> My cas version is 6.1.2.
>>>
>>> Thanks and regards
>>> Vikash Chandra
>>>
>>>
>>> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>>>
 Vikash,

 Shib SP is described at
 https://wiki.shibboleth.net/confluence/display/SP3/Home

 Ray

 On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:

 Notice: This message was sent from outside the University of
 Victoria email system. Please be cautious with links and sensitive
 information.

 Hi all,

 I have made CAS as idp and added properties for SAML. I am able to
 extract metadata.xml.

 Now I want to make shibboleth as SP that need to be configured on
 Apache httpd client 2.4.

 Could you suggest how to implement this?

 Note:my httpd Apache client is running on https as well.

 Thanks and regards
 Vikash Chandra

 --

 Ray Bon
 Programmer Analyst
 Development Services, University Systems
 2507218831 | CLE 019 | r...@uvic.ca

 I respectfully acknowledge that my place of work is located within
 

Re: [cas-user] How to implement CAS(Idp) with SAML

[David Curry]

When you say you're "getting an error," where are you getting it? In the
browser window? In the CAS log file? In the Tomcat log file?

I'm not sure off the top of my head what it could be, as none of what we're
doing here (installing Shib, Apache, etc.) has anything to do with columns
or databases.

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Tue, Jul 14, 2020 at 2:30 PM Vikash Chandra Ansh <
vikasharnav0...@gmail.com> wrote:

> Hi Ray,
>
> I have added all the configuration accordingly and deployed the war file.
> I am getting an error invalid column name"expired". I don't have any clue
> on this.. Nothing as such is printed in logs. I am using Mssql as dB.
>
> Thanks & Regards
>
> On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, 
> wrote:
>
>> Thanks Ray,
>> I will check and let you know in case of any issues.
>>
>> On Mon, Jul 13, 2020 at 3:58 AM David Curry 
>> wrote:
>>
>>> The Shibboleth SP lets web services use SAML2 to authenticate and do
>>> single sign-on. So if you have configured an Apache server with mod_shib,
>>> then you would use the Apache config files to define a protected area on
>>> your web server, and put your web-based application into that protected
>>> area. When the user tries to access the application, mod_shib will
>>> intercept the request for a protected file, and redirect to the Shib SP,
>>> which will in turn talk to the CAS IdP.
>>>
>>> For a simple example with just a dumb PHP script as the "application,"
>>> see  this link:
>>>
>>>
>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html
>>>
>>>
>>> It's for CAS 5.2.x rather than 6.x, but except for a
>>> configuration property name here or there, it should give you the idea.
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 646 909-4728 • david.cu...@newschool.edu
>>>
>>>
>>> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 Hi all.

 Kindly reply for my query.

 Thanks & Regards
 Vikash Chandra

 On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
 vikasharnav0...@gmail.com> wrote:

> And moreover how cas will know that request will go to SP.
>
> I have added a json for the Sp using saml registry class proving SP
> url and metadata location of SP.
>
> PLEASE SUGGEST
>
> THANKS AND REGARDS
> VIKASH CHANDRA
>
> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
> vikasharnav0...@gmail.com> wrote:
>
>> Hi all,
>>
>> I have successfully configured Shibboleth as SP on Apache server. My
>> cas will work as IDP.
>>
>> Now, I have an application ABC which is integrated with CAS, so now
>> how request will go via SP through my IDP?And what will be the format of
>> url when I hit ABC application.
>>
>> Previously it used to be like cas url + service+ ABC url and after
>> submit a service ticket is generated and validated.
>>
>> Now after this SAML change how will be my request look like on
>> submit?
>>
>> Json for ABC application has been added in cas services folder.
>>
>> My cas version is 6.1.2.
>>
>> Thanks and regards
>> Vikash Chandra
>>
>>
>> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>>
>>> Vikash,
>>>
>>> Shib SP is described at
>>> https://wiki.shibboleth.net/confluence/display/SP3/Home
>>>
>>> Ray
>>>
>>> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>>>
>>> Notice: This message was sent from outside the University of
>>> Victoria email system. Please be cautious with links and sensitive
>>> information.
>>>
>>> Hi all,
>>>
>>> I have made CAS as idp and added properties for SAML. I am able to
>>> extract metadata.xml.
>>>
>>> Now I want to make shibboleth as SP that need to be configured on
>>> Apache httpd client 2.4.
>>>
>>> Could you suggest how to implement this?
>>>
>>> Note:my httpd Apache client is running on https as well.
>>>
>>> Thanks and regards
>>> Vikash Chandra
>>>
>>> --
>>>
>>> Ray Bon
>>> Programmer Analyst
>>> Development Services, University Systems
>>> 2507218831 | CLE 019 | r...@uvic.ca
>>>
>>> I respectfully acknowledge that my place of work is located within
>>> the ancestral, traditional and unceded territory of the Songhees, 
>>> Esquimalt
>>> and WSÁNEĆ Nations.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: 

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

Hi David.,

Sry for not addressing you. Could you help with this?

On Tue 14 Jul, 2020, 23:59 Vikash Chandra Ansh, 
wrote:

> Hi Ray,
>
> I have added all the configuration accordingly and deployed the war file.
> I am getting an error invalid column name"expired". I don't have any clue
> on this.. Nothing as such is printed in logs. I am using Mssql as dB.
>
> Thanks & Regards
>
> On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, 
> wrote:
>
>> Thanks Ray,
>> I will check and let you know in case of any issues.
>>
>> On Mon, Jul 13, 2020 at 3:58 AM David Curry 
>> wrote:
>>
>>> The Shibboleth SP lets web services use SAML2 to authenticate and do
>>> single sign-on. So if you have configured an Apache server with mod_shib,
>>> then you would use the Apache config files to define a protected area on
>>> your web server, and put your web-based application into that protected
>>> area. When the user tries to access the application, mod_shib will
>>> intercept the request for a protected file, and redirect to the Shib SP,
>>> which will in turn talk to the CAS IdP.
>>>
>>> For a simple example with just a dumb PHP script as the "application,"
>>> see  this link:
>>>
>>>
>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html
>>>
>>>
>>> It's for CAS 5.2.x rather than 6.x, but except for a
>>> configuration property name here or there, it should give you the idea.
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 646 909-4728 • david.cu...@newschool.edu
>>>
>>>
>>> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 Hi all.

 Kindly reply for my query.

 Thanks & Regards
 Vikash Chandra

 On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
 vikasharnav0...@gmail.com> wrote:

> And moreover how cas will know that request will go to SP.
>
> I have added a json for the Sp using saml registry class proving SP
> url and metadata location of SP.
>
> PLEASE SUGGEST
>
> THANKS AND REGARDS
> VIKASH CHANDRA
>
> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
> vikasharnav0...@gmail.com> wrote:
>
>> Hi all,
>>
>> I have successfully configured Shibboleth as SP on Apache server. My
>> cas will work as IDP.
>>
>> Now, I have an application ABC which is integrated with CAS, so now
>> how request will go via SP through my IDP?And what will be the format of
>> url when I hit ABC application.
>>
>> Previously it used to be like cas url + service+ ABC url and after
>> submit a service ticket is generated and validated.
>>
>> Now after this SAML change how will be my request look like on
>> submit?
>>
>> Json for ABC application has been added in cas services folder.
>>
>> My cas version is 6.1.2.
>>
>> Thanks and regards
>> Vikash Chandra
>>
>>
>> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>>
>>> Vikash,
>>>
>>> Shib SP is described at
>>> https://wiki.shibboleth.net/confluence/display/SP3/Home
>>>
>>> Ray
>>>
>>> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>>>
>>> Notice: This message was sent from outside the University of
>>> Victoria email system. Please be cautious with links and sensitive
>>> information.
>>>
>>> Hi all,
>>>
>>> I have made CAS as idp and added properties for SAML. I am able to
>>> extract metadata.xml.
>>>
>>> Now I want to make shibboleth as SP that need to be configured on
>>> Apache httpd client 2.4.
>>>
>>> Could you suggest how to implement this?
>>>
>>> Note:my httpd Apache client is running on https as well.
>>>
>>> Thanks and regards
>>> Vikash Chandra
>>>
>>> --
>>>
>>> Ray Bon
>>> Programmer Analyst
>>> Development Services, University Systems
>>> 2507218831 | CLE 019 | r...@uvic.ca
>>>
>>> I respectfully acknowledge that my place of work is located within
>>> the ancestral, traditional and unceded territory of the Songhees, 
>>> Esquimalt
>>> and WSÁNEĆ Nations.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca
>>> 

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

Hi Ray,

I have added all the configuration accordingly and deployed the war file. I
am getting an error invalid column name"expired". I don't have any clue on
this.. Nothing as such is printed in logs. I am using Mssql as dB.

Thanks & Regards

On Mon 13 Jul, 2020, 17:43 Vikash Chandra Ansh, 
wrote:

> Thanks Ray,
> I will check and let you know in case of any issues.
>
> On Mon, Jul 13, 2020 at 3:58 AM David Curry 
> wrote:
>
>> The Shibboleth SP lets web services use SAML2 to authenticate and do
>> single sign-on. So if you have configured an Apache server with mod_shib,
>> then you would use the Apache config files to define a protected area on
>> your web server, and put your web-based application into that protected
>> area. When the user tries to access the application, mod_shib will
>> intercept the request for a protected file, and redirect to the Shib SP,
>> which will in turn talk to the CAS IdP.
>>
>> For a simple example with just a dumb PHP script as the "application,"
>> see  this link:
>>
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html
>>
>>
>> It's for CAS 5.2.x rather than 6.x, but except for a
>> configuration property name here or there, it should give you the idea.
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david.cu...@newschool.edu
>>
>>
>> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> Hi all.
>>>
>>> Kindly reply for my query.
>>>
>>> Thanks & Regards
>>> Vikash Chandra
>>>
>>> On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 And moreover how cas will know that request will go to SP.

 I have added a json for the Sp using saml registry class proving SP url
 and metadata location of SP.

 PLEASE SUGGEST

 THANKS AND REGARDS
 VIKASH CHANDRA

 On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
 vikasharnav0...@gmail.com> wrote:

> Hi all,
>
> I have successfully configured Shibboleth as SP on Apache server. My
> cas will work as IDP.
>
> Now, I have an application ABC which is integrated with CAS, so now
> how request will go via SP through my IDP?And what will be the format of
> url when I hit ABC application.
>
> Previously it used to be like cas url + service+ ABC url and after
> submit a service ticket is generated and validated.
>
> Now after this SAML change how will be my request look like on submit?
>
> Json for ABC application has been added in cas services folder.
>
> My cas version is 6.1.2.
>
> Thanks and regards
> Vikash Chandra
>
>
> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>
>> Vikash,
>>
>> Shib SP is described at
>> https://wiki.shibboleth.net/confluence/display/SP3/Home
>>
>> Ray
>>
>> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>> Hi all,
>>
>> I have made CAS as idp and added properties for SAML. I am able to
>> extract metadata.xml.
>>
>> Now I want to make shibboleth as SP that need to be configured on
>> Apache httpd client 2.4.
>>
>> Could you suggest how to implement this?
>>
>> Note:my httpd Apache client is running on https as well.
>>
>> Thanks and regards
>> Vikash Chandra
>>
>> --
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | r...@uvic.ca
>>
>> I respectfully acknowledge that my place of work is located within
>> the ancestral, traditional and unceded territory of the Songhees, 
>> Esquimalt
>> and WSÁNEĆ Nations.
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca
>> 
>> .
>>
> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

Thanks Ray,
I will check and let you know in case of any issues.

On Mon, Jul 13, 2020 at 3:58 AM David Curry 
wrote:

> The Shibboleth SP lets web services use SAML2 to authenticate and do
> single sign-on. So if you have configured an Apache server with mod_shib,
> then you would use the Apache config files to define a protected area on
> your web server, and put your web-based application into that protected
> area. When the user tries to access the application, mod_shib will
> intercept the request for a protected file, and redirect to the Shib SP,
> which will in turn talk to the CAS IdP.
>
> For a simple example with just a dumb PHP script as the "application,"
> see  this link:
>
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html
>
>
> It's for CAS 5.2.x rather than 6.x, but except for a
> configuration property name here or there, it should give you the idea.
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
> On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
> vikasharnav0...@gmail.com> wrote:
>
>> Hi all.
>>
>> Kindly reply for my query.
>>
>> Thanks & Regards
>> Vikash Chandra
>>
>> On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> And moreover how cas will know that request will go to SP.
>>>
>>> I have added a json for the Sp using saml registry class proving SP url
>>> and metadata location of SP.
>>>
>>> PLEASE SUGGEST
>>>
>>> THANKS AND REGARDS
>>> VIKASH CHANDRA
>>>
>>> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
>>> vikasharnav0...@gmail.com> wrote:
>>>
 Hi all,

 I have successfully configured Shibboleth as SP on Apache server. My
 cas will work as IDP.

 Now, I have an application ABC which is integrated with CAS, so now how
 request will go via SP through my IDP?And what will be the format of url
 when I hit ABC application.

 Previously it used to be like cas url + service+ ABC url and after
 submit a service ticket is generated and validated.

 Now after this SAML change how will be my request look like on submit?

 Json for ABC application has been added in cas services folder.

 My cas version is 6.1.2.

 Thanks and regards
 Vikash Chandra


 On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:

> Vikash,
>
> Shib SP is described at
> https://wiki.shibboleth.net/confluence/display/SP3/Home
>
> Ray
>
> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi all,
>
> I have made CAS as idp and added properties for SAML. I am able to
> extract metadata.xml.
>
> Now I want to make shibboleth as SP that need to be configured on
> Apache httpd client 2.4.
>
> Could you suggest how to implement this?
>
> Note:my httpd Apache client is running on https as well.
>
> Thanks and regards
> Vikash Chandra
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt 
> and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca
> 
> .
>
 --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjQCbTcqunQbw7nvqTd3X-FAtVQ9CjS1qF3VVAwn0QxCQ%40mail.gmail.com

Re: [cas-user] How to implement CAS(Idp) with SAML

[David Curry]

The Shibboleth SP lets web services use SAML2 to authenticate and do single
sign-on. So if you have configured an Apache server with mod_shib, then you
would use the Apache config files to define a protected area on your web
server, and put your web-based application into that protected area. When
the user tries to access the application, mod_shib will intercept the
request for a protected file, and redirect to the Shib SP, which will in
turn talk to the CAS IdP.

For a simple example with just a dumb PHP script as the "application," see
this link:

https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html


It's for CAS 5.2.x rather than 6.x, but except for a configuration property
name here or there, it should give you the idea.

--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Sun, Jul 12, 2020 at 6:06 PM Vikash Chandra Ansh <
vikasharnav0...@gmail.com> wrote:

> Hi all.
>
> Kindly reply for my query.
>
> Thanks & Regards
> Vikash Chandra
>
> On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, 
> wrote:
>
>> And moreover how cas will know that request will go to SP.
>>
>> I have added a json for the Sp using saml registry class proving SP url
>> and metadata location of SP.
>>
>> PLEASE SUGGEST
>>
>> THANKS AND REGARDS
>> VIKASH CHANDRA
>>
>> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, <
>> vikasharnav0...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> I have successfully configured Shibboleth as SP on Apache server. My cas
>>> will work as IDP.
>>>
>>> Now, I have an application ABC which is integrated with CAS, so now how
>>> request will go via SP through my IDP?And what will be the format of url
>>> when I hit ABC application.
>>>
>>> Previously it used to be like cas url + service+ ABC url and after
>>> submit a service ticket is generated and validated.
>>>
>>> Now after this SAML change how will be my request look like on submit?
>>>
>>> Json for ABC application has been added in cas services folder.
>>>
>>> My cas version is 6.1.2.
>>>
>>> Thanks and regards
>>> Vikash Chandra
>>>
>>>
>>> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>>>
 Vikash,

 Shib SP is described at
 https://wiki.shibboleth.net/confluence/display/SP3/Home

 Ray

 On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:

 Notice: This message was sent from outside the University of Victoria
 email system. Please be cautious with links and sensitive information.

 Hi all,

 I have made CAS as idp and added properties for SAML. I am able to
 extract metadata.xml.

 Now I want to make shibboleth as SP that need to be configured on
 Apache httpd client 2.4.

 Could you suggest how to implement this?

 Note:my httpd Apache client is running on https as well.

 Thanks and regards
 Vikash Chandra

 --

 Ray Bon
 Programmer Analyst
 Development Services, University Systems
 2507218831 | CLE 019 | r...@uvic.ca

 I respectfully acknowledge that my place of work is located within the
 ancestral, traditional and unceded territory of the Songhees, Esquimalt and
 WSÁNEĆ Nations.

 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+unsubscr...@apereo.org.
 To view this discussion on the web visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca
 
 .

>>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjQCbTcqunQbw7nvqTd3X-FAtVQ9CjS1qF3VVAwn0QxCQ%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: 

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

Hi all.

Kindly reply for my query.

Thanks & Regards
Vikash Chandra

On Sun 12 Jul, 2020, 03:53 Vikash Chandra Ansh, 
wrote:

> And moreover how cas will know that request will go to SP.
>
> I have added a json for the Sp using saml registry class proving SP url
> and metadata location of SP.
>
> PLEASE SUGGEST
>
> THANKS AND REGARDS
> VIKASH CHANDRA
>
> On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, 
> wrote:
>
>> Hi all,
>>
>> I have successfully configured Shibboleth as SP on Apache server. My cas
>> will work as IDP.
>>
>> Now, I have an application ABC which is integrated with CAS, so now how
>> request will go via SP through my IDP?And what will be the format of url
>> when I hit ABC application.
>>
>> Previously it used to be like cas url + service+ ABC url and after submit
>> a service ticket is generated and validated.
>>
>> Now after this SAML change how will be my request look like on submit?
>>
>> Json for ABC application has been added in cas services folder.
>>
>> My cas version is 6.1.2.
>>
>> Thanks and regards
>> Vikash Chandra
>>
>>
>> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>>
>>> Vikash,
>>>
>>> Shib SP is described at
>>> https://wiki.shibboleth.net/confluence/display/SP3/Home
>>>
>>> Ray
>>>
>>> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>>>
>>> Notice: This message was sent from outside the University of Victoria
>>> email system. Please be cautious with links and sensitive information.
>>>
>>> Hi all,
>>>
>>> I have made CAS as idp and added properties for SAML. I am able to
>>> extract metadata.xml.
>>>
>>> Now I want to make shibboleth as SP that need to be configured on Apache
>>> httpd client 2.4.
>>>
>>> Could you suggest how to implement this?
>>>
>>> Note:my httpd Apache client is running on https as well.
>>>
>>> Thanks and regards
>>> Vikash Chandra
>>>
>>> --
>>>
>>> Ray Bon
>>> Programmer Analyst
>>> Development Services, University Systems
>>> 2507218831 | CLE 019 | r...@uvic.ca
>>>
>>> I respectfully acknowledge that my place of work is located within the
>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>>> WSÁNEĆ Nations.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca
>>> 
>>> .
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjQCbTcqunQbw7nvqTd3X-FAtVQ9CjS1qF3VVAwn0QxCQ%40mail.gmail.com.

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

And moreover how cas will know that request will go to SP.

I have added a json for the Sp using saml registry class proving SP url and
metadata location of SP.

PLEASE SUGGEST

THANKS AND REGARDS
VIKASH CHANDRA

On Sun 12 Jul, 2020, 03:50 Vikash Chandra Ansh, 
wrote:

> Hi all,
>
> I have successfully configured Shibboleth as SP on Apache server. My cas
> will work as IDP.
>
> Now, I have an application ABC which is integrated with CAS, so now how
> request will go via SP through my IDP?And what will be the format of url
> when I hit ABC application.
>
> Previously it used to be like cas url + service+ ABC url and after submit
> a service ticket is generated and validated.
>
> Now after this SAML change how will be my request look like on submit?
>
> Json for ABC application has been added in cas services folder.
>
> My cas version is 6.1.2.
>
> Thanks and regards
> Vikash Chandra
>
>
> On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:
>
>> Vikash,
>>
>> Shib SP is described at
>> https://wiki.shibboleth.net/confluence/display/SP3/Home
>>
>> Ray
>>
>> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>> Hi all,
>>
>> I have made CAS as idp and added properties for SAML. I am able to
>> extract metadata.xml.
>>
>> Now I want to make shibboleth as SP that need to be configured on Apache
>> httpd client 2.4.
>>
>> Could you suggest how to implement this?
>>
>> Note:my httpd Apache client is running on https as well.
>>
>> Thanks and regards
>> Vikash Chandra
>>
>> --
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | r...@uvic.ca
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdrvxh%2BDKbkxEXAB0rifne0wY9QWRpK37w-M-g0XAyrz2cwuA%40mail.gmail.com.

Re: [cas-user] How to implement CAS(Idp) with SAML

[Vikash Chandra Ansh]

Hi all,

I have successfully configured Shibboleth as SP on Apache server. My cas
will work as IDP.

Now, I have an application ABC which is integrated with CAS, so now how
request will go via SP through my IDP?And what will be the format of url
when I hit ABC application.

Previously it used to be like cas url + service+ ABC url and after submit a
service ticket is generated and validated.

Now after this SAML change how will be my request look like on submit?

Json for ABC application has been added in cas services folder.

My cas version is 6.1.2.

Thanks and regards
Vikash Chandra


On Thu 9 Jul, 2020, 21:39 Ray Bon,  wrote:

> Vikash,
>
> Shib SP is described at
> https://wiki.shibboleth.net/confluence/display/SP3/Home
>
> Ray
>
> On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi all,
>
> I have made CAS as idp and added properties for SAML. I am able to extract
> metadata.xml.
>
> Now I want to make shibboleth as SP that need to be configured on Apache
> httpd client 2.4.
>
> Could you suggest how to implement this?
>
> Note:my httpd Apache client is running on https as well.
>
> Thanks and regards
> Vikash Chandra
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxhW%3DqYgZvvYPetwUBOphMVgNwE9%3D8vnu8Fyo%3D8-%3DXunww%40mail.gmail.com.

Re: [cas-user] How to implement CAS(Idp) with SAML

[Ray Bon]

Vikash,

Shib SP is described at https://wiki.shibboleth.net/confluence/display/SP3/Home

Ray

On Thu, 2020-07-09 at 16:37 +0530, Vikash Chandra Ansh wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi all,

I have made CAS as idp and added properties for SAML. I am able to extract 
metadata.xml.

Now I want to make shibboleth as SP that need to be configured on Apache httpd 
client 2.4.

Could you suggest how to implement this?

Note:my httpd Apache client is running on https as well.

Thanks and regards
Vikash Chandra

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e454597816d473b162b17f55b96e5619fd13b44e.camel%40uvic.ca.