Ah, I think my issue testing this in CAS was that I had missed a couple of
characters that also needed to be urlencoded. Also, as
noted shibcas.entityIdLocation=embed must be set in idp.properties to
actually get shib-cas-authn to pass along the entityId as well. Mahalo!
On Thu, Jun 15, 2023 at
Hi Baron,
As Pascal Rigaux wrote earlier today, if you want CAS to distinguish
shib-cas-authn plugin requests by entityId and match different entityIds
with different registered services, you'll want to set
"shibcas.entityIdLocation=embed" in shib-cas-authn, so that the *entire*
service value
Hi Pascal,
Shouldn't I be able to simulate this from CAS itself for testing purposes?
E.g. If I try the following as a test URL:
<
https://cas.example.edu/cas/login?renew=true=https%3A%2F%2Fexample%2Eedu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s2=FooBar
>
It appears to generate a request to
Baron,
You could configure Shib to use SAML2 proxy with Cas as a SAML2 IdP.
With the Shib Cas plugin, you are authenticating for Shib as a service, rather
than the entity which is the destination (FooBar).
Ray
On Wed, 2023-06-14 at 09:44 -1000, Baron Fujimoto wrote:
Notice: This message was
Hi,
You need to use "shibcas.entityIdLocation=embed" in shib-cas-authn
You may also need "idp.session.enabled = false" (or my simple
alternative https://github.com/Unicon/shib-cas-authn/pull/8 which does
not break shib idp SLO)
cu
Baron Fujimoto a écrit :
We're using CAS 6.6 as an
We're using CAS 6.6 as an AuthN front end using Unicon's shib-casn-authn
(v4)[*] plugin for the Shibboleth IdP.
We have it working for the IdP generally, but now we'd like to apply more
specific actions based for certain entityIds.
For example, given an entityId="FooBar", this may appear in the
