I am attempting to integrate a SAML federation into our CAS instance. I seem
to be stuck on service entry defeind access.
It seems that to allow SAML federation I have to configure a wildcard for
entityId/serviceId. I was assuming that saml service entries would require
both a positive metadata match and entityId match. Seems that by entering the
SAML service entry the wildcard match also applies to CAS services.
example SAML service entry
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "^https://.*$";,
"name" : "Federation Test",
"id" : 10000003,
"evaluationOrder" : 10,
"metadataLocation" : "https://url/to/metadata.xml";
}
After entering the above service entry, any request to
"/cas/login?service=anything" will match. Makes sense if only serviceId is
used for the match. But I figured, incorrectly, that metadata was also
involved.
Am I missing something, or do I have to iteratively add every possible entity
id into the regex for serviceId. That seems unmaintainable at scale.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/02c947e0c88f4d02b50f4998b4b96fd0%40mun.ca.
