SAML request via http POST
75 vues
Accéder directement au premier message non lu
Peter Lee
9 sept. 2020, 17:06:4109/09/2020
à CAS Community
Hi all, trying to set up our application sso using cas delegated to external idp. When the idp requires the POST binding for sso, for our customized login page, what is the interface do i call to get saml request and url to set to the http post? we've made redirect binding work by getting redirecturl from pac4jUrls. But I can't find objects for POST binding though I do see in the log that "Invoking Velocity template to create POST body" in Pac4jHTTPPostEncoder . Thanks a lot in advance.
Jérôme LELEU
10 sept. 2020, 02:00:5610/09/2020
à CAS Community
Hi,
You should be able to configure the POST binding for the SAML authn request via the following property: cas.authn.pac4j.saml[0].destination-binding (in v6.2).
Though, it may not work in old CAS versions.
Thanks.
Best regards,
Jérôme
Le mer. 9 sept. 2020 à 23:06, Peter Lee <peter...@gmail.com> a écrit :
Hi all, trying to set up our application sso using cas delegated to external idp. When the idp requires the POST binding for sso, for our customized login page, what is the interface do i call to get saml request and url to set to the http post? we've made redirect binding work by getting redirecturl from pac4jUrls. But I can't find objects for POST binding though I do see in the log that "Invoking Velocity template to create POST body" in Pac4jHTTPPostEncoder . Thanks a lot in advance.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7cb8829a-d699-43d0-b7dd-78dad44b059en%40apereo.org.
Peter Lee
10 sept. 2020, 08:28:1910/09/2020
à CAS Community,leleuj
I am using v5.2.9. I've set the
cas.authn.pac4j.saml[0].destinationbinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST.
I do see POST body is being created according to the log, is POST binding not fully supported yet in this version?
Or am I missing jar files in build to associate Velocity objects to be able to send SAML request with http POST? Thank you.
2020-09-09 23:03:11,902 DEBUG [org.pac4j.saml.transport.Pac4jHTTPPostEncoder] - <Initialized Pac4jHTTPPostEncoder>
2020-09-09 23:03:11,902 DEBUG [org.pac4j.saml.transport.Pac4jHTTPPostEncoder] - <Invoking Velocity template to create POST body>
2020-09-09 23:03:11,902 DEBUG [org.pac4j.saml.transport.Pac4jHTTPPostEncoder] - <Encoding action url of 'https://auth.pingone.com/198f2df8-575d-4e67-9c83-9693476dd6b7/saml20/idp/sso' with encoded value 'https://auth.pingone.com/198f2df8-575d-4e67-9c83-9693476dd6b7/saml20/idp/sso'>
2020-09-09 23:03:11,902 DEBUG [org.pac4j.saml.transport.Pac4jHTTPPostEncoder] - <Marshalling and Base64 encoding SAML message>
2020-09-09 23:03:11,902 DEBUG [org.pac4j.saml.transport.Pac4jHTTPPostEncoder] - <Marshalling message>
2020-09-09 23:03:11,902 DEBUG [org.opensaml.core.xml.util.XMLObjectSupport] - <Marshalling XMLObject>
2020-09-09 23:03:11,902 DEBUG [org.opensaml.core.xml.util.XMLObjectSupport] - <XMLObject already had cached DOM, returning that element>
2020-09-09 23:03:11,903 DEBUG [org.pac4j.saml.transport.Pac4jHTTPPostEncoder] - <Setting RelayState parameter to:
Jérôme LELEU
10 sept. 2020, 09:25:0010/09/2020
à Peter Lee,CAS Community
Hi,
Regarding the logs, it seems to be working.
Do you see the SAML authn request posted in your browser logs?
Thanks.
Best regards,
Jérôme
Peter Lee
10 sept. 2020, 09:55:2510/09/2020
à CAS Community,leleuj,CAS Community,Peter Lee
I don't get the http request in the browser. The link at the login page button is extracted from pac4jUrls object for redirect (looks like it's for redirect binding, this button works when destinationbinding is set to redirect).
So it seems what I am missing is to get the POST body and set it to a form button on the login page. But I don't know what object (is it Velocity object?) and how do I get the object.
I am not familiar with front end. Do I miss css and vm/html files? Thanks.
Here is additional log related to rendering the login page.
2020-09-09 23:03:11,906 DEBUG [org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction] - <cssClass for SAML2Client is fa fa-lock SAML2Client >
2020-09-09 23:03:11,906 DEBUG [org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction] - <cssClass for SAML2Client is fa fa-lock SAML2Client >
Jérôme LELEU
10 sept. 2020, 10:34:5410/09/2020
à Peter Lee,CAS Community
Hi,
Yes, it cannot work in the old versions of CAS.
An intermediate component has been added in more recent versions to handle that.
I recommend upgrading to v6.1 or v6.2.
Thanks.
Best regards,
Jérôme
Répondre à tous
Répondre à l'auteur
Transférer
0 nouveau message