We use the services manager to specify attributes released to each service. In
mod_auth_cas you need to specify SAML validation to get attributes released
AFAIK, but then you can set Apache auth directives by cas-attribute matching.
--
Joel Goguen
Developer
Enterprise Solutions
Information
We were running into a similar issue, the fix that just landed in commit
50663b56 fixed it for us. Or at least it seems to have ☺
--
Joel Goguen
Developer
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: joel.gog...@unb.camailto:joel.gog...@unb.ca
Phone
Hi all,
I seem to recall seeing at one point that someone was using CAS to authenticate
their Desire2Learn instance, both for the browser and the API, but I can't find
anything now. Does anyone know if it's possible to use CAS for SSO, or are they
strictly a Shibboleth SSO setup?
--
Joel
On
CASValidateServer On
CASValidateSAML On
CASAttributeDelimiter ;
If anything else is needed, please let me know and I'll supply whatever I can.
If I authenticate to the same resource through a browser, it works.
--
Joel Goguen
Developer / System Administrator
Enterprise Solutions
Information
and gets directed to SHIB
2. SHIB gets credentials and passes them to CAS for Authentication
(presume success)
3. SHIB goes to ADFS to get the attributes and sends them via SAML 2.0 to
O365
Is that how this is supposed to work? I hope so... :)
Geoff
-Original Message-
From: Joel Goguen
secured it? I have to try to get something running here in the next few days.
Thanks again for your help.
Geoff
-Original Message-
From: Joel Goguen [mailto:joel.gog...@unb.ca]
Sent: Monday, June 17, 2013 11:07 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] Office 365
and sends them via SAML 2.0 to O365
Is that how this is supposed to work? I hope so... :)
Geoff
-Original Message-
From: Joel Goguen [mailto:joel.gog...@unb.ca]
Sent: Tuesday, June 18, 2013 11:41 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] Office 365, SAML2.0 and CAS
follows a Shib - CAS link, and after the switch will follow Shib
- CAS - ADFS.
I used https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration to set
up the Shib/CAS link, and
http://sites.ewu.edu/jgasper/ws-federation-cas-user-manual/ to set up the
CAS/ADFS link.
--
Joel Goguen
recommendations on what
logging to increase to find the issue?
--
Joel Goguen
Developer / System Administrator
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: joel.gog...@unb.camailto:joel.gog...@unb.ca
Phone: (506) 453-4872
Fax: (506) 453-3590
--
You
that contains a String object).
~ James
On May 30, 2013, at 8:24 AM, Joel Goguen joel.gog...@unb.ca wrote:
We have a vendor performing a load test on one of our services, which
requires them to authenticate through CAS. As far as load on the CAS server
itself goes, the load is not substantially
you are in ADFS, bring up the Federation Server Properties dialog and
copy the Federation Service identifier string into line #2 of my snippet.
Hopefully that is more clear. Let me know if you have more questions.
John
From: Joel Goguen [mailto:joel.gog...@unb.cahttp://unb.ca/]
Sent: Tuesday
is to add a Relying Party Trust, but nothing I see in there
makes sense to me and I can't find anything else online that makes it any
clearer. Could anyone please point me in the right direction or let me know
what needs doing?
--
Joel Goguen
Developer / System Administrator
Enterprise Solutions
I did it in Cascade 6, and I theoretically can do it in Cascade 7 but I haven't
gotten version 7 tested yet.
--
Joel Goguen
Developer / System Administrator
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: joel.gog...@unb.ca
Phone: (506) 453-4872
Fax
have no way of knowing for sure where that came from. Or is there another
way to get the remote IP address that I'm missing?
--
Joel Goguen
Developer / System Administrator
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: joel.gog...@unb.ca
Phone: (506) 453
--
Joel Goguen
Developer
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: jgog...@unb.ca
Phone: (506) 453-4872
Fax: (506) 453-3590
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings
that you could examine to correlate with the query above? Share those
if you can.
M
--
You are currently subscribed to cas-user@lists.jasig.org as:
joel.gog...@unb.ca
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Joel
:
I believe setting org.jasig to DEBUG should be sufficient -- but when in
doubt, I just turn them all up.
On Sun, Jan 22, 2012 at 4:56 PM, Joel Goguen
joel.gog...@unb.camailto:joel.gog...@unb.ca wrote:
Hi Matt,
Is there a specific logger that should be turned up? I had org.jasig.cas on
DEBUG
--
You are currently subscribed to cas-user@lists.jasig.org as:
joel.gog...@unb.ca
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Joel Goguen
Developer
Enterprise Solutions
Information Technology Services
University of New
10:08 PM, Joel Goguen
joel.gog...@unb.camailto:joel.gog...@unb.ca wrote:
Heh...I can see where that would cause a problem. Once I switch to samlValidate
CAS authentication works fine, but now I'm not getting the attributes released
like I expect. I've defined uid, eduPersonEntitlement
=eduPersonEntitlement value=eduPersonEntitlement /
/map
/property
/bean
On 2012-01-19, at 08:05, Joel Goguen wrote:
I haven't defined any ordering (I left the Order field set to 0) and the only
other service is the service manager itself
(https://fortran.its.unb.ca/cas/services/**). That service
that
the ticket is somehow being dropped from the validation request. Could you
increase either the CAS logging or the Apache logging (if CAS is behind Apache)
to show the parameters of the validation request?
-Matt
On Jan 17, 2012 10:14 AM, Joel Goguen
joel.gog...@unb.camailto:joel.gog...@unb.ca wrote
On Wed, Jan 18, 2012 at 8:12 AM, Joel Goguen
joel.gog...@unb.camailto:joel.gog...@unb.ca wrote:
Hi Matt,
I am running behind Apache via AJP. Adding debug logging shows that
mod_auth_cas seems to be posting to what I think is the right URL with the
wrong parameters; the POST request is sent
assistance with getting
authentication working would be greatly appreciated.
--
Joel Goguen
Developer
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: jgog...@unb.ca
Phone: (506) 453-4872
Fax: (506) 453-3590
--
You are currently subscribed to cas-user
://**.devnet.example.edu/** but do not allow anything from
example.edu or any other subdomain of example.edu unless they are
separately specified?
--
Joel Goguen
Developer
Enterprise Solutions
Integrated Technology Services
University of New Brunswick
E-mail: joel.gog...@unb.ca
Phone: (506) 453-4872
Fax: (506
there. The proxy callback URL I set in the CGI is another CGI I wrote that only
stores the PGT and PGT IOU in a file using $cas-storePGT(). I suspect I will
need to add the URL for the CGI to the allowedProxyChains bean in
deployerConfigContext.xml as well?
--
Joel Goguen
Developer
Enterprise
' is it that their product is built to
connect to CAS or their product has a CAS server built into it ?
Will look at the link and get started. thanks
-Original Message-
From: Joel Goguen [mailto:joel.gog...@unb.ca]
Sent: Thursday, September 29, 2011 3:59 PM
To: cas-user@lists.jasig.org
to attempt
all three sources, all other services should only attempt one specific
LDAP source, and I believe there's also a service that should only
attempt both LDAP sources. Is this possible with CAS?
--
Joel Goguen
System Administrator/Web Developer
Enterprise Solutions
Integrated Technology Services
for certain
services, that you can't correctly do single sign on.
Cheers,
Scott
On Thu, Jan 27, 2011 at 3:13 PM, Joel Goguen jgog...@unb.ca
mailto:jgog...@unb.ca wrote:
I'm not sure if what I'm looking for is actually possible with CAS. I
have a service that needs to allow
server code. I saw one solution that
required some CAS server changes, which we can't do.
Any suggestions on what I've missed, pointers to documentation I should
read or nudges in the right direction would be greatly appreciated.
--
Joel Goguen
System Administrator/Web Developer
Enterprise Solutions
29 matches
Mail list logo
