CAS 5 + phpCAS client + SAML 1.1 service validation
225 views
Skip to first unread message
Philippe MARASSE
Aug 10, 2016, 6:39:41 AM8/10/16
to cas-...@apereo.org
Folks,
I'm testing basic authentication (casuser:Mellon) with CAS 5 server and
official phpCAS 1.3.4 client with SAML 1.1 validation, and it does not
seem to work.
Cas Client send post data :
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
MajorVersion="1" MinorVersion="1"
RequestID="_192.168.16.51.1024506224022"
IssueInstant="2002-06-19T17:03:44.022Z">
<samlp:AssertionArtifact>ST-2-aghFC3hJ2dnePztkMfbK-devcas1</samlp:AssertionArtifact>
</samlp:Request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
to :
https://php-dev.mydomain.com/cas/samlValidate?TARGET=http%3A%2F%2Fphp-dev.mydomain.com%2Fphilippe%2Feclipse%2Ftestcas%2Fwww%2Fsaml11.php
I got this answer from CAS Server :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<saml1p:Response InResponseTo="_192.168.16.51.1024506224022"
IssueInstant="2016-08-10T09:44:12.393
Z" MajorVersion="1" MinorVersion="1"
ResponseID="_2905923a3d94406937598b14f57e8043"
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"><saml1p:Status><saml1p:StatusCode
Value="saml1p:RequestDenied"/><saml1p:StatusMessage>
Les paramètres 'service' et 'ticket' sont tous deux
nécessaires</saml1p:StatusMessage></saml1p:Status>
</saml1p:Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Server complains about missing ticket and/or service parameter ??
Validation works for both CASv2 and CASv3 protocol but not with SAMLv1.1.
SAMLv1.1 works against our production CAS v3.5 servers.
Relevant part of my pom.xml (maven war overlay method) :
<cas.groupId>org.apereo.cas</cas.groupId>
<cas.version>5.0.0.RC1-SNAPSHOT</cas.version>
<dependency>
<groupId>${cas.groupId}</groupId>
<artifactId>cas-server-support-spnego</artifactId>
<version>${cas.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>${cas.groupId}</groupId>
<artifactId>cas-server-support-spnego-webflow</artifactId>
<version>${cas.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>${cas.groupId}</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
<!-- Support SAMLv1.1 et v2 -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml</artifactId>
<version>${cas.version}</version>
</dependency>
Am I missing something (again :-) ) ?
Regards.
--
Philippe MARASSE
Responsable pôle Infrastructures - DSIO
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Cœur
86021 Poitiers Cedex
Tel : 05.49.44.57.19
I'm testing basic authentication (casuser:Mellon) with CAS 5 server and
official phpCAS 1.3.4 client with SAML 1.1 validation, and it does not
seem to work.
Cas Client send post data :
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
MajorVersion="1" MinorVersion="1"
RequestID="_192.168.16.51.1024506224022"
IssueInstant="2002-06-19T17:03:44.022Z">
<samlp:AssertionArtifact>ST-2-aghFC3hJ2dnePztkMfbK-devcas1</samlp:AssertionArtifact>
</samlp:Request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
to :
https://php-dev.mydomain.com/cas/samlValidate?TARGET=http%3A%2F%2Fphp-dev.mydomain.com%2Fphilippe%2Feclipse%2Ftestcas%2Fwww%2Fsaml11.php
I got this answer from CAS Server :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<saml1p:Response InResponseTo="_192.168.16.51.1024506224022"
IssueInstant="2016-08-10T09:44:12.393
Z" MajorVersion="1" MinorVersion="1"
ResponseID="_2905923a3d94406937598b14f57e8043"
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"><saml1p:Status><saml1p:StatusCode
Value="saml1p:RequestDenied"/><saml1p:StatusMessage>
Les paramètres 'service' et 'ticket' sont tous deux
nécessaires</saml1p:StatusMessage></saml1p:Status>
</saml1p:Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Server complains about missing ticket and/or service parameter ??
Validation works for both CASv2 and CASv3 protocol but not with SAMLv1.1.
SAMLv1.1 works against our production CAS v3.5 servers.
Relevant part of my pom.xml (maven war overlay method) :
<cas.groupId>org.apereo.cas</cas.groupId>
<cas.version>5.0.0.RC1-SNAPSHOT</cas.version>
<dependency>
<groupId>${cas.groupId}</groupId>
<artifactId>cas-server-support-spnego</artifactId>
<version>${cas.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>${cas.groupId}</groupId>
<artifactId>cas-server-support-spnego-webflow</artifactId>
<version>${cas.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>${cas.groupId}</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
<!-- Support SAMLv1.1 et v2 -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml</artifactId>
<version>${cas.version}</version>
</dependency>
Am I missing something (again :-) ) ?
Regards.
--
Philippe MARASSE
Responsable pôle Infrastructures - DSIO
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Cœur
86021 Poitiers Cedex
Tel : 05.49.44.57.19
Philippe MARASSE
Aug 10, 2016, 7:46:07 AM8/10/16
to cas-...@apereo.org
BTW, The sample request found on the wiki (
https://apereo.github.io/cas/development/protocol/SAML-Protocol.html
) shows :
POST /cas/samlValidate?ticket= Host: cas.example.com Content-Length: 491 Content-Type: text/xml
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z"> <samlp:AssertionArtifact>
</samlp:AssertionArtifact>
</samlp:Request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
but phpCAS does not use POST /cas/samlValidate?ticket=
but /cas/samlValidate?TARGET=
Regards.
Regards.
Misagh Moayyed
Aug 10, 2016, 7:57:50 AM8/10/16
to CAS Community
I don’t think you have. Go ahead and file an issue please.
Philippe MARASSE
Aug 10, 2016, 9:32:12 AM8/10/16
to cas-...@apereo.org
-- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org. To post to this group, send email to cas-...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bd2fcb58-7247-4691-ad7e-b07de233c87d%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Misagh Moayyed
Aug 17, 2016, 1:10:55 PM8/17/16
to cas-...@apereo.org
I don’t think you have. Go ahead and file an issue please.
--
Misagh
Misagh
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ea65487c-a861-687a-25e6-dc802c7a3e44%40ch-poitiers.fr.
Reply all
Reply to author
Forward
0 new messages