Sorry Justin, I should not have been so lazy with my typing.
I was referring to resolveServiceFromRequestContext which you mentioned in an
earlier email.
Ray
On Wed, 2023-11-22 at 19:18 +, Justin Isenhour wrote:
Notice: This message was sent from outside the University of Victoria email
Hello,
I’m testing a saml client after cas migration from 5.3 to 6.6.
The saml authentication is processed successfully ( using spnego &
Kerberos): no login details are entered, the spnego token is sent and
validated .After a long idle period, if I refresh the page I got an error
on the wall
Hello,
Would you please recommend one of the below workaround ? Are anyone is
running a cas server with two jpa modules (ticket and services) ?
- first workaround : keep the lock disabled :
cas.ticket.registry.core.enable-locking
- create a custom primary bean in the project to be returned
Justin,
Loggin out of the SP does not necessarily log out of cas (SLO is messy
business).
If ForceAuthn is not forcing authentication, that should be your focus.
Perhaps cas is not sending ForceAuthn to the delegated authn server, or perhaps
the delegated server is ignoring it.
Why does
The ForceAutn appears to be working as expected. In both use cases CAS is
redirecting to the delegated IDP for authentication. In both cases the IDP is
sending back to CAS and triggering the DelegatedClientAuthenticationAction. The
very first time there is no existing TGT, so the Trasient
Upgrading to latest CAS 6.x is definitely on the road map but is probably 6
months out for us. We have an immediate need to enable ForceAuth for a new
client app that needs to go live in a few weeks. This is the first client
app we have had that has required ForceAuth and the login/renew flow
I've been tracing the code and have made the following observations:
The AuthNRequst from the SP comes into CAS and a TST is created with the
service reference, then you are redirected to IDP. After authenticating
with IDP, you are redirected back to CAS, which triggers
Justin,
Upgrading very likely will solve this problem (as well as provide a great deal
more benefit). Customizing old code adds technical debt.
Ray
On Tue, 2023-11-21 at 11:41 -0800, Justin Isenhour wrote:
Notice: This message was sent from outside the University of Victoria email
system.
Jorge,
You can map attributes with the retrieval mechanism.
https://fawnoos.com/2023/10/21/cas70x-dbauthn-tutorial/ shows a jdbc example.
And you can set names on a per service basis,
https://apereo.github.io/cas/6.6.x/installation/Configuring-SAML2-Attribute-Release.html
and links within.
Hello, again.
I'm thinking maybe this is more correct:
cas.authn.pac4j.saml[0].mapped-attributes[0]=urn:mace:terena.org:attribute-def:schacHomeOrganization->Sir.sHO
cas.authn.pac4j.saml[0].mapped-attributes[1]=urn:mace:dir:attribute-def:eduPersonAffiliation->Sir.ePA
Hello again,
I've been looking at the documentation, but I'm not clear if each attribute
mapping should be separated by commas. would it be something like this?
11 matches
Mail list logo
