CAS 6.3 - Support for Azure AD WS-Trust / WIAORMULTIAUTHN claims?

[Josh G]

We are currently running CAS 6.3 as a CAS and SAML IdP, both of which use LDAP for authentication. We have Azure AD (as a service) configured to authenticate through CAS using SAML which has been working perfectly fine for years.

Our Desktop Management team is looking to expand our usage of Azure AD to include services that will require additional protocols other than SAML to work properly. I was wondering if anyone has had any success configuring CAS as a WS-Trust provider with the necessary claims. If anyone has this working, I would very much appreciate seeing how you did it!

What I am looking for is this: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains specifically the following:

A federated environment should have an identity provider that supports the following requirements. If you have a federated environment using Active Directory Federation Services (AD FS), then the below requirements are already supported.

• WIAORMULTIAUTHN claim: This claim is required to do hybrid Azure AD join for Windows down-level devices.
• WS-Trust protocol: This protocol is required to authenticate Windows current hybrid Azure AD joined devices with Azure AD. When you're using AD FS, you need to enable the following WS-Trust endpoints: /adfs/services/trust/2005/windowstransport /adfs/services/trust/13/windowstransport /adfs/services/trust/2005/usernamemixed /adfs/services/trust/13/usernamemixed /adfs/services/trust/2005/certificatemixed /adfs/services/trust/13/certificatemixed

[Josh G]

Bumping this. Has anyone had any luck configuring this or a suitable work around that keeps CAS within the auth flow?

[Noemi Valle]

Hello Josh,

We have exactly the same scenario you described. I was wondering if you have been able to configure the AD Azure service using WS Trust protocol with CAS. Thank you.