Thanks Ray!
Good direction, I finally made some progress after doing what you
suggested, except SLO scenario, I posted a new message as that seems to be
separate from what this is.
Yan
On Monday, August 28, 2023 at 1:09:58 PM UTC-4 Ray Bon wrote:
> Yan,
>
> It still sounds like you are mixing
Yan,
It still sounds like you are mixing the client with the delegated authn (okta).
If your client app is communicating with SAML, then cas should be configured as
the IdP for client app. The client app will have cas IdP metadata (with cas url
in it) and cas will have client app SP metadata a
Hi,
Mine is SAML2.
based on the principle that Client App should not be aware of whether CAS
is the IDP or CAS is delegating, I thought SSO url remains the
same: https://localhost:8443/cas/idp/profile/SAML2/POST/SSO
But when client app redirects to this above SSO endpoint, CAS is looking
f
Hi there,
I made a mistake, changed dependencies without rebuilding the project. Now
made progress, auto-redirect is working now,
Client App goes to IDP directly (because the IDP meta data generated by CAS
has Okta URL in it). But after I login through Okta, it redirects to CAS,
this is where I
Yan,
My local OIDC goes to cas/oidc/oidcAuthorize where cas redirects to /cas/login.
In your case, cas should redirect to the remote IdP.
The cas endpoints are described here,
https://apereo.github.io/cas/6.6.x/authentication/OIDC-Authentication.html
(though I note that the protocol differs fro
Hi,
This is my environment:
CAS 6.6.x, SAML2 delegated authN, SpringBoot app -> CAS -> Okta (CAS
delegates to Okta, CAS is a SP to Okta, Okta is IDP).
one trouble I have is on client app side, it needs to specify IDP, which
should be CAS, but I do not know what should be the CAS SSO endpoint