One more thing. How to change LDAP user name form sAMAccountName to univ\sAMAccountName. Is it possible?
czwartek, 18 marca 2021 o 14:05:48 UTC+1 Bartosz Nitkiewicz napisał(a): > Thank You once again. > As you said, SAML profiles did the trick.It seems to work fine. Now I have > to pass user name from my LDAP to SAML SP. First I need to figure out > proper value for authorization. > Regards > BN > > > środa, 17 marca 2021 o 19:07:26 UTC+1 richard.frovarp napisał(a): > >> The IdP automatically generates metadata. And the correct endpoints are >> listed on this page, including the metadata endpoint: >> >> >> https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html >> >> >> Usually with SAML you provide the SP with a copy of your metadata, >> ideally loaded from the URL automatically. If you need to provide >> separate URLs to the SP, you'll find the correct ones in the metadata >> and/or using the paths from documentation. >> >> On Wed, 2021-03-17 at 10:26 -0700, Bartosz Nitkiewicz wrote: >> > Hi, >> > Thanks for reply. >> > What do you mean your IdP generated metadata? >> > >> > I did something like this as they recommended: >> > https://help.servicedeskplus.com/saml-authentication$configuration >> > >> > As loginURL I've provided my https://myserver.org/cas/idp, I don't >> > know if it is correct url? >> > I'm wondering what is Assertion Consumer URL and where should I place >> > it? >> > >> > Also I've uploaded my certificate. >> > >> > my cas.properties for SAML looks like this: >> > >> > ## SAML2 ## >> > >> > cas.authn.saml-idp.entity-id: ${cas.server.prefix}/idp >> > cas.authn.saml-idp.metadata.location=file:/etc/cas/saml >> > >> > and service registry for app: >> > >> > { >> > @class: org.apereo.cas.support.saml.services.SamlRegisteredService >> > serviceId: MExx_6d2ea86d-b4e1-4473-8d4b-7a1378964e8b >> > name: serwisapp >> > id: 1615981648113 >> > proxyTicketExpirationPolicy: >> > { >> > @class: >> > org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpiration >> > Policy >> > } >> > serviceTicketExpirationPolicy: >> > { >> > @class: >> > org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirati >> > onPolicy >> > } >> > evaluationOrder: 2 >> > attributeReleasePolicy: >> > { >> > @class: >> > org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy >> > excludeDefaultAttributes: true >> > authorizedToReleaseAuthenticationAttributes: false >> > } >> > metadataLocation: file://etc/cas- >> > mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml <- (this >> > is correct as cas-managment app create this directory) >> > requiredAuthenticationContextClass: >> > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST >> > requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid- >> > format:transient >> > nameIdQualifier: "" >> > signAssertions: true >> > signingCredentialType: X509 >> > assertionAudiences: https://servicedeskplus.com/SamlResponseServlet >> > } >> > >> > Regards, >> > BN >> > >> > środa, 17 marca 2021 o 16:49:11 UTC+1 richard.frovarp napisał(a): >> > > Did you provide the app your IdP generated metadata or provide the >> > > SP with the information in a different method? As that's the wrong >> > > end point for the SP to be sending you to: >> > > >> > > >> https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html >> >> > > >> > > On Wed, 2021-03-17 at 06:21 -0700, Bartosz Nitkiewicz wrote: >> > > > Hi, >> > > > Another day another CAS problem :) >> > > > I'm trying to authenticate servicedeskplus.com application >> > > > through SAML protocol. >> > > > I've compiled in cas-server-support-saml-idp in my CAS app. >> > > > Added service registry in CAS-Management app. I used xml file >> > > > form servicedesk. >> > > > >> > > > Everything seems to work but if I want to authenticate >> > > > serivcedesk it redirects me to this: >> > > > >> > > > >> https://myserver.org/cas/idp?SAMLRequest=fZJfb5swFMWf10%2BBeDdgCCFYSaS02bRI7YaSbA97qRz70loCm%2FmadNunn01XtdWkvB6f3%2F1zrpfI%2B25gm9E96j38HAFddBX96juNbHpaxaPVzHBUyDTvAZkT7LC5u2V5krHBGmeE6eJ30GWGI4J1yugA7bar%2BO7j%2FYwLSSWn5NSWOZnRuiQLkUsyP0EhOM9o3s6D%2FTtY9OQq9oUmHHGEnUbHtfNillOSFYRWR1owmrGy%2BhFcjTVnJcF%2B8bOEds9k4wdRZy%2B0vEMIWrT16yvN3dTi0bkBWZo6LwqOySj%2BQKcVT8anPgE5JkOXej1VcvjXZIriWmmp9MPlDE7PJmSfj8eGNF8Px1Bi85LMjdE49mAPYM9KwLf97es43vKk8O0QBx%2F5HnDwEASiAxevr6IPy3ALNkVk1z7krIRW0iojxUJIMlvUBannBSXzRU3LquSc1tUyfQu9FBlYiG63bUynxO%2Fok7E9d5c3DIqSpJ2sbAh3QwfaxVE6lU3%2F%2F3jrvw%3D%3D >> >> > > > >> > > > service.xlm as attachement (without real cert) >> > > > >> > > > Please help me. >> > > > >> > > > >> > > > >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/97f2f676-bf27-4633-ad7a-233483cc0875n%40apereo.org.
