This is of course not "patternFormat": "domail\\{0}", but "patternFormat":
"domain\\{0}",
poniedziałek, 22 marca 2021 o 17:03:03 UTC+1 Bartosz Nitkiewicz napisał(a):
> I'm still trying to use CAS as SAML authenticator for my service desk plus
> app. Username has to be in format: domain\user
> I want use my LDAP sAMAccountName as user but I don't know how to prepare
> regexp to domain\sAMAccountName. I have read
> https://apereo.github.io/cas/6.3.x/integration/Attribute-Definitions.html
> and prepare attribute-defns.json
>
> {
> "@class" : "java.util.TreeMap",
> "userID" : {
> "@class" :
> "org.apereo.cas.authentication.attribute.DefaultAttributeDefinition",
> "key" : "userID",
> "friendlyName" : "userID",
> "patternFormat": "domail\\{0}",
> "attribute" : "sAMAccountName"
> }
> }
>
> I load it in my cas.properties
> ...
>
> cas.person-directory.attribute-definition-store.json.location=file:/etc/cas/config/attribute-defns.json
> ...
>
> Here is my SAML app JSON file.
>
> {
> @class: org.apereo.cas.support.saml.services.SamlRegisteredService
> serviceId: fashdfk3289_duhfdsf
> name: serwis
> id: 1616411747419
>
> proxyTicketExpirationPolicy:
> {
> @class:
> org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy
> }
> serviceTicketExpirationPolicy:
> {
> @class:
> org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy
> }
> evaluationOrder: 2
> attributeReleasePolicy:
> {
> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
> principalIdAttribute: userID
> allowedAttributes:
> [
> java.util.ArrayList
> [
> userID
> ]
> ]
> }
> metadataLocation:
> file://etc/cas-mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml
> requiredNameIdFormat:
> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
> signAssertions: true
> signingCredentialType: X509
> }
>
> Can anyone tell me if I'm right.
> piątek, 19 marca 2021 o 18:45:20 UTC+1 Bartosz Nitkiewicz napisał(a):
>
>> Ok, so
>> https://apereo.github.io/cas/6.3.x/integration/Attribute-Definitions.html#pattern-formats
>>
>> would be ok.
>> How to setup CAS to pass desire attribute?
>>
>> I have this in my app.json. Is it ok?
>> {
>> @class: org.apereo.cas.support.saml.services.SamlRegisteredService
>> serviceId: MExxx_05efd170-38cd-4893-9631-6891575asa197
>> name: serwis
>> id: 1616175519923
>>
>> proxyTicketExpirationPolicy:
>> {
>> @class:
>> org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy
>> }
>> serviceTicketExpirationPolicy:
>> {
>> @class:
>> org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy
>> }
>> evaluationOrder: 2
>> usernameAttributeProvider:
>> {
>> @class:
>> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider
>> usernameAttribute: sAMAccountName
>>
>> }
>> attributeReleasePolicy:
>> {
>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>> excludeDefaultAttributes: true
>> authorizedToReleaseAuthenticationAttributes: false
>> }
>> metadataLocation:
>> file://etc/cas-mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml
>> requiredNameIdFormat:
>> org.opensaml.saml.saml2.metadata.impl.NameIDFormatImpl@2afbaa5
>> signAssertions: true
>> signingCredentialType: X509
>> }
>> piątek, 19 marca 2021 o 16:30:44 UTC+1 Ray Bon napisał(a):
>>
>>> Bartosz,
>>>
>>> See,
>>> https://apereo.github.io/cas/6.3.x/integration/Attribute-Definitions.html,
>>> for modifying attributes.
>>>
>>> Ray
>>>
>>> On Fri, 2021-03-19 at 01:47 -0700, Bartosz Nitkiewicz wrote:
>>>
>>> Notice: This message was sent from outside the University of Victoria
>>> email system. Please be cautious with links and sensitive information.
>>>
>>>
>>> One more thing. How to change LDAP user name form sAMAccountName to
>>> univ\sAMAccountName. Is it possible?
>>>
>>> czwartek, 18 marca 2021 o 14:05:48 UTC+1 Bartosz Nitkiewicz napisał(a):
>>>
>>> Thank You once again.
>>> As you said, SAML profiles did the trick.It seems to work fine. Now I
>>> have to pass user name from my LDAP to SAML SP. First I need to figure out
>>> proper value for authorization.
>>> Regards
>>> BN
>>>
>>>
>>> środa, 17 marca 2021 o 19:07:26 UTC+1 richard.frovarp napisał(a):
>>>
>>> The IdP automatically generates metadata. And the correct endpoints are
>>> listed on this page, including the metadata endpoint:
>>>
>>>
>>> https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html
>>>
>>>
>>> Usually with SAML you provide the SP with a copy of your metadata,
>>> ideally loaded from the URL automatically. If you need to provide
>>> separate URLs to the SP, you'll find the correct ones in the metadata
>>> and/or using the paths from documentation.
>>>
>>> On Wed, 2021-03-17 at 10:26 -0700, Bartosz Nitkiewicz wrote:
>>> > Hi,
>>> > Thanks for reply.
>>> > What do you mean your IdP generated metadata?
>>> >
>>> > I did something like this as they recommended:
>>> > https://help.servicedeskplus.com/saml-authentication$configuration
>>> >
>>> > As loginURL I've provided my https://myserver.org/cas/idp, I don't
>>> > know if it is correct url?
>>> > I'm wondering what is Assertion Consumer URL and where should I place
>>> > it?
>>> >
>>> > Also I've uploaded my certificate.
>>> >
>>> > my cas.properties for SAML looks like this:
>>> >
>>> > ## SAML2 ##
>>> >
>>> > cas.authn.saml-idp.entity-id: ${cas.server.prefix}/idp
>>> > cas.authn.saml-idp.metadata.location=file:/etc/cas/saml
>>> >
>>> > and service registry for app:
>>> >
>>> > {
>>> > @class: org.apereo.cas.support.saml.services.SamlRegisteredService
>>> > serviceId: MExx_6d2ea86d-b4e1-4473-8d4b-7a1378964e8b
>>> > name: serwisapp
>>> > id: 1615981648113
>>> > proxyTicketExpirationPolicy:
>>> > {
>>> > @class:
>>> > org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpiration
>>> > Policy
>>> > }
>>> > serviceTicketExpirationPolicy:
>>> > {
>>> > @class:
>>> > org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirati
>>> > onPolicy
>>> > }
>>> > evaluationOrder: 2
>>> > attributeReleasePolicy:
>>> > {
>>> > @class:
>>> > org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>>> > excludeDefaultAttributes: true
>>> > authorizedToReleaseAuthenticationAttributes: false
>>> > }
>>> > metadataLocation: file://etc/cas-
>>> > mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml <- (this
>>> > is correct as cas-managment app create this directory)
>>> > requiredAuthenticationContextClass:
>>> > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
>>> > requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid-
>>> > format:transient
>>> > nameIdQualifier: ""
>>> > signAssertions: true
>>> > signingCredentialType: X509
>>> > assertionAudiences: https://servicedeskplus.com/SamlResponseServlet
>>> > }
>>> >
>>> > Regards,
>>> > BN
>>> >
>>> > środa, 17 marca 2021 o 16:49:11 UTC+1 richard.frovarp napisał(a):
>>> > > Did you provide the app your IdP generated metadata or provide the
>>> > > SP with the information in a different method? As that's the wrong
>>> > > end point for the SP to be sending you to:
>>> > >
>>> > >
>>> https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html
>>>
>>> > >
>>> > > On Wed, 2021-03-17 at 06:21 -0700, Bartosz Nitkiewicz wrote:
>>> > > > Hi,
>>> > > > Another day another CAS problem :)
>>> > > > I'm trying to authenticate servicedeskplus.com application
>>> > > > through SAML protocol.
>>> > > > I've compiled in cas-server-support-saml-idp in my CAS app.
>>> > > > Added service registry in CAS-Management app. I used xml file
>>> > > > form servicedesk.
>>> > > >
>>> > > > Everything seems to work but if I want to authenticate
>>> > > > serivcedesk it redirects me to this:
>>> > > >
>>> > > >
>>> https://myserver.org/cas/idp?SAMLRequest=fZJfb5swFMWf10%2BBeDdgCCFYSaS02bRI7YaSbA97qRz70loCm%2FmadNunn01XtdWkvB6f3%2F1zrpfI%2B25gm9E96j38HAFddBX96juNbHpaxaPVzHBUyDTvAZkT7LC5u2V5krHBGmeE6eJ30GWGI4J1yugA7bar%2BO7j%2FYwLSSWn5NSWOZnRuiQLkUsyP0EhOM9o3s6D%2FTtY9OQq9oUmHHGEnUbHtfNillOSFYRWR1owmrGy%2BhFcjTVnJcF%2B8bOEds9k4wdRZy%2B0vEMIWrT16yvN3dTi0bkBWZo6LwqOySj%2BQKcVT8anPgE5JkOXej1VcvjXZIriWmmp9MPlDE7PJmSfj8eGNF8Px1Bi85LMjdE49mAPYM9KwLf97es43vKk8O0QBx%2F5HnDwEASiAxevr6IPy3ALNkVk1z7krIRW0iojxUJIMlvUBannBSXzRU3LquSc1tUyfQu9FBlYiG63bUynxO%2Fok7E9d5c3DIqSpJ2sbAh3QwfaxVE6lU3%2F%2F3jrvw%3D%3D
>>>
>>> > > >
>>> > > > service.xlm as attachement (without real cert)
>>> > > >
>>> > > > Please help me.
>>> > > >
>>> > > >
>>> > > >
>>>
>>>
>>> --
>>>
>>> Ray Bon
>>> Programmer Analyst
>>> Development Services, University Systems
>>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>>>
>>> I respectfully acknowledge that my place of work is located within the
>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>>> WSÁNEĆ Nations.
>>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c6cc2d49-555a-4658-80f6-904daee38ecfn%40apereo.org.
