OpenID Connect server

78 views
Skip to first unread message

Michael

unread,
Oct 16, 2016, 8:04:00 AM10/16/16
to CAS Community

Hi all,

I have started to learn CAS and I need your help.

I want to use CAS as OpenID Connect server.

https://apereo.github.io/cas/development/installation/OIDC-Authentication.html

Questions:

1)      Where I should put the file described in the link below:

https://apereo.github.io/cas/development/installation/OIDC-Authentication.html#register-clients

2)      Is it possible to configure clients via REST API?

3)      How is possible to unregister clients?
REST API?
Remove the file described above?

4)      What keystore / certificate is used by OpenID Connect server?
How to create new keystore / certificate?

Thank you in advance for your help.

Best regards,

   Michael

Jérôme LELEU

unread,
Oct 17, 2016, 4:31:26 AM10/17/16
to Michael, CAS Community
Hi,

1) like other CAS services in JSON: in the src/main/resources/services directory

2) 3) It's not possible via the REST API

4) Tools available to generate JWKS are at the end of the doc: https://apereo.github.io/cas/development/installation/OIDC-Authentication.html#keystores

Thanks.
Best regards,
Jérôme



--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d56d234f-486a-44c8-b11a-9054954e07ca%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Michael

unread,
Oct 18, 2016, 3:24:08 AM10/18/16
to CAS Community, furman....@gmail.com

Hi Jérôme,
Thank you for the fast reply!

I will happy for the additional clarifications:

1)      I need to register and unregister clients dynamically at the runtime.
How can I do it?
I guess if I will put the JSON file in the following folder I need to use the same client: src/main/resources/services directory

2)      How can I configure claims that OIDC server will return to the client?
Can I add my custom claims?

Best regards,

   Michael

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Misagh Moayyed

unread,
Oct 18, 2016, 3:50:58 AM10/18/16
to CAS Community

1)      I need to register and unregister clients dynamically at the runtime.

How can I do it?

2)      How can I configure claims that OIDC server will return to the client?

Can I add my custom claims?

Michael

unread,
Oct 18, 2016, 8:00:01 AM10/18/16
to CAS Community, mmoa...@unicon.net

Thanks Misagh,
1)
The link below describes the dynamic registration.
Does CAS support the static registration?
I supposed the JSON example related to the static registration.

2) Is it possible to add to claims something else in addition to the user attributes?
I still not familiar with the CAS user model, but I want to send a user groups or roles.

Thank you for your help,

Michael

Misagh Moayyed

unread,
Oct 18, 2016, 8:09:22 AM10/18/16
to CAS Community


The link below describes the dynamic registration.
Does CAS support the static registration?
I supposed the JSON example related to the static registration.

Yes. That’s it. The dynamic part is the “REST API” you had in mind which isn’t implemented, but would be trivial to do so.


2) Is it possible to add to claims something else in addition to the user attributes?

I am inclined to say yes, but you do need to provide an example. Lets talk in concrete terms: what is that something else? where does it come from? What are its potential values? 

Michael

unread,
Oct 18, 2016, 10:23:08 AM10/18/16
to CAS Community, mmoa...@unicon.net

Thanks Misagh,
I still need a clarification.

Is the static registration supported at runtime?

I need to add and remove clients via static registration.

Misagh Moayyed

unread,
Oct 18, 2016, 11:09:51 AM10/18/16
to CAS Community
Yes, via the management webapp. 

From: "Michael" <furman....@gmail.com>
To: "CAS Community" <cas-...@apereo.org>
Cc: "Misagh Moayyed" <mmoa...@unicon.net>
Sent: Tuesday, October 18, 2016 5:53:07 PM
Subject: Re: [cas-user] OpenID Connect server

--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Michael

unread,
Oct 18, 2016, 12:04:49 PM10/18/16
to CAS Community, mmoa...@unicon.net

Misagh Moayyed

unread,
Oct 18, 2016, 12:26:50 PM10/18/16
to CAS Community
Yes.
Reply all
Reply to author
Forward
0 new messages