very interesting, thanks! so i tried to do a reverse dns lookup on the entity host based on the shibboleth entityid's hostname, and came up with no record.
they are not being super helpful with me, so I tried to cheat. I just added a reverse lookup zone on the dns server that CAS talks to, and added the entry in there as a test. It did not seem to help, but: 1. I don't know if a cheat like that would actually work (this is just temporary, proof of concept, no way would I leave it like that in production) 2. I have not restarted CAS. I did do a dig -x on the CAS host, and it successfully reverse-resolved the IP of the entity server thanks very much for the quick response, i have a lead which feels very good! On Fri, Nov 13, 2020 at 1:30 PM David Curry <[email protected]> wrote: > We just ran into this recently with an older version of CAS (5.2.9). > > CAS populates the SubjectLocality by doing a reverse DNS lookup on the IP > address of the entity that's calling it (the application the user is trying > to log into). If the DNS lookup fails, then it doesn't put anything in > there, which makes Shibboleth very unhappy. > > In our case, the fix was to get the company running the application that > was calling CAS to register DNS entries for their IP addresses. All of a > sudden everything started working. > > --Dave > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • [email protected] > > > On Fri, Nov 13, 2020 at 1:12 PM Nathan Lewan <[email protected]> > wrote: > >> hello! >> >> I am trying to get CAS 6.1.0 to integrate with a SP that uses shibboleth. >> >> i appear to have everything in place, however they are requiring my >> responses to have in the *AuthnStatement* a *SubjectLocality* entry. >> >> It is currently empty in all my responses. Here's what it looks like: >> >> <saml2:AuthnStatement AuthnInstant="[removed]" SessionIndex="[removed]" >> > >> *<saml2:SubjectLocality/>* >> <saml2:AuthnContext> >> <saml2:AuthnContextClassRef> >> >> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport >> </saml2:AuthnContextClassRef> >> </saml2:AuthnContext> >> </saml2:AuthnStatement> >> >> As you can see, it's blank, and I have no idea how to get it populated! >> Any hints would be appreciated. Looking for info on this, you can find >> much related to shibboleth, but I have not found anything on how one could >> get CAS to populate this. >> >> thanks! >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABeAwjkrJ8hk5geJbz_tbN1NgVSxESjAGUAfqcmOd8vpTHuUYQ%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABeAwjkrJ8hk5geJbz_tbN1NgVSxESjAGUAfqcmOd8vpTHuUYQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPbf2nhAiOuG7_R8-M7v4KUgjbCDnJunNU47V%2BVc%2BgHsw%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPbf2nhAiOuG7_R8-M7v4KUgjbCDnJunNU47V%2BVc%2BgHsw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABeAwjmoAjjV4ryjQ3yhXfMsky9gWAQZf2CBi7FtzDJ8m-yt2w%40mail.gmail.com.
