CAS ver >=6.0.0 is not working for 'TARGET' service parameter

[Robert Bond]

I have been troubleshooting login with a CAS application that uses the 'TARGET' service parameter in the querystring instead of the normal 'service'.

It looks like 6.0.0 introduced a new process for multifactor selection based on the service parameter. I think there is a bug in this process. 

CAS >= 6.0.0 does not find the services when using the 'TARGET' service parameter. 

https://cas.example.edu/cas/login?TARGET=https%3A%2F%2Fpprd2-appnav.example.edu%2FapplicationNavigator%2Fj_spring_cas_security_check

I can manually change it to 'service' and it does find it, but it does not use the SamlArt authentication like it should when using the 'TARGET' service parameter.

https://cas.example.edu/cas/login?service=https%3A%2F%2Fpprd2-appnav.example.edu%2FapplicationNavigator%2Fj_spring_cas_security_check

I tried digging into the cas code to find where the error might be, sadly I have been unable to find anything. 

Does anyone have any ideas? 

Thanks!

[mba...@scad.edu]

Robert,

I am very new at this, but I have that functioning in a test environment using CAS deployed from the 6.0 branch of the cas-overlay-template.  It's working to Ellucian's application navigator and admin common web applications.

I added the following to the build.gradle

compile "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"

and these settings to the cas.properties

----------------------

cas.samlCore.ticketidSaml2=false
cas.samlCore.skewAllowance=5
cas.samlCore.issueLength=30
cas.samlCore.attributeNamespace=http://www.ja-sig.org/products/cas/
cas.samlCore.issuer=poc-sso.scad.edu
cas.samlCore.securityManager=org.apache.xerces.util.SecurityManager

----------------------

I hope that helps.

-Mike

[Robert Bond]

Dear Mike,

You are the best. It worked! Not sure why I did not have to do this on previous versions of CAS. 

Thanks so much, this has been the last piece preventing me from going forward with a new deployment of cas using 6.1.0 RC2

You are seriously the best.

How has your deployment of "Banner 9" apps and cas gone?

We are setting up a new CAS cluster using containers k8s with hazelcast ticket replication 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/47c08c5a-7dc8-4f73-9316-bb2d280e7822%40apereo.org.

--

Robert Bond
Application Developer / System Administrator
(918) 444-5936
Northeastern State University

[mba...@scad.edu]

Robert,

You are welcome, but I'm just learning about this version of CAS myself.  I'm glad that helped. 

We've been using Ellucian's Luminis version of CAS for years.  I think that's still at 3x something, and I never had to do much configuration with it.  We've been using that version with Banner 9 for over a year now with no issues.

But now we're looking at switching to a standalone CAS.  Ellucian is switching over to WSO2 and we're not sure we want to use that product.  Plus the current version of CAS has several features we could use and being not so tied to Ellucian should give us more control.

Thanks,

Mike

[Robert Bond]

We tried using Ellucian's WSO2. We did not enjoy it. We tried using it in in 2016. At that time Ellucian was super behind the real WSO2 project at time. At the same time they had modified it in ways where trying to use WSO2's documentation was problematic.

I have been super happy with cas, the documentation can be trying sometimes, but the project is very alive. 

I have seen Ellucian trying to convince people that "Ethos" (Who knows what Ethos even means) is required. We have been able to do everything without it and have the flexibility to truly SSO with the rest of our systems.

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6bebfd84-41e3-4303-9f06-5ff32b588d13%40apereo.org.