This is perfect - thank you, Richard! We do have SAML2 IdP already set and have several services configured for it. As you say, the setup is not at all obvious.
Thanks as well for the pointer on the test Google Workspace account! That was a revelation to me, as I remember asking several years back and getting nowhere. It's now well-documented here: https://support.google.com/a/answer/6254870 Cheers! Mike On Wed, Mar 10, 2021 at 3:36 PM 'Richard Frovarp' via CAS Community < [email protected]> wrote: > Here's what I figured out to get it done: > > https://www.frovarp.dev/2021/03/10/cas-configuration-for-g-suite/ > > Everything I have in there assumes that CAS is already setup as a SAML 2 > IdP, and that you have a slight idea as to how to configure a service for a > SAML 2 SP. It really is no different than any other SAML 2 SP. It's just > that they don't make the values you need to know to setup the metadata > known anywhere obvious. > > Depending on what version you are on, the legacy method might be > supported, but it will get in the way of normal SAML 2 IdP operations. > > On Wed, 2021-03-10 at 14:54 -0800, Mike Osterman wrote: > > Thanks, Richard! > > On Wed, Mar 10, 2021 at 2:40 PM 'Richard Frovarp' via CAS Community < > [email protected]> wrote: > > Get a test instance. It's pretty easy to do. Takes a little bit, but easy > to do. You really only need one or two users in it to test anyway. > > There is a previous post on this list on how to do it the new way. I have > internal documentation that I can turn into external documentation tonight > and post the link back here. > > On Wed, 2021-03-10 at 13:58 -0800, Mike Osterman wrote: > > We're looking to migrate from the now legacy (from a supported versions > perspective) Google Apps Integration ( > https://apereo.github.io/cas/5.3.x/integration/Google-Apps-Integration.html) > to a generic SAML2 service configuration. > > Our current service config is very sparse: > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "https://www.google.com/a/xxxx.yyy/acs";, > "name" : "Google Apps", > "id" : 123, > "evaluationOrder" : 123 > } > > I'm wondering if someone's already made the switch to SAML2 > (org.apereo.cas.support.saml.services.SamlRegisteredService) and is willing > to share a sample service configuration? We don't have a test instance of > Google Apps, and I'm a little nervous about fiddling with our production > service, especially given the sparseness of the 3rd party IdP config > interface in Apps Admin and Google's habit of stating that changes in the > admin may take up to XX hours. > > Thank you, > Mike > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/72239eb0f457422aa3628bc16dfbb05b74620fa7.camel%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/72239eb0f457422aa3628bc16dfbb05b74620fa7.camel%40ndsu.edu?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8139aace723572273094f72afe700254b71ae5c2.camel%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8139aace723572273094f72afe700254b71ae5c2.camel%40ndsu.edu?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHU4GB1UUpD7MvTDoL2onNsi0Ohztz7ujJpG-nF2vCVTOQ%40mail.gmail.com.
