CAS 5.3.x delegated authentication to OneLogin SAML IDP

59 views
Skip to first unread message

Marcel Sansaricq

unread,
Oct 16, 2018, 3:24:51 PM10/16/18
to CAS Community
Hello everyone,

I am fairly new to CAS and SAML. We currently have a CAS 3.4.x implementation and I am trying to upgrade to CAS 5.3.x to use the SAML 2 authentication capabilities.

Our current CAS 3.4.x implementation provides authentication for a home grown java web application. I am hoping that by upgrading to CAS 5, configuring it to delegate authentication to OneLogin SAML IDP, I can still use CAS protocol resources to get authenticated principal and propertied within the home grown application since it doesn't have SAML client capabilities. I have reviewed the tutorial at https://apereo.github.io/2017/03/22/cas51-delauthn-tutorial/ and added the recommended dependency and configuration properties shown below:

<dependency>
   <groupId>org.apereo.cas</groupId>
   <artifactId>cas-server-support-pac4j-webflow</artifactId>
   <version>${cas.version}</version>
</dependency>

cas.authn.pac4j.saml[0].keystorePassword=xxxxxxxx
cas.authn.pac4j.saml[0].privateKeyPassword=xxxxxxxx
cas.authn.pac4j.saml[0].serviceProviderEntityId=https://mybccas.broward.edu/sp
cas.authn.pac4j.saml[0].serviceProviderMetadataPath=/etc/cas/config/cas-sp-metadata.xml
cas.authn.pac4j.saml[0].keystorePath=/etc/cas/config/casKeystore
cas.authn.pac4j.saml[0].identityProviderMetadataPath=https://app.onelogin.com/saml/metadata/xxxxxxxxxxxxxxxxxxxxxxxx

However, after deploying the war and starting Tomcat, I don't see anything in the log similar to the text shown in the tutorial mentioned above:
2017-03-22 13:33:59,147 INFO [o.a.c.s.p.c.s.a.Pac4jAuthenticationEventExecutionPlanConfiguration] - <Located and prepared [1] delegated authentication clients>
2017-03-22 13:33:59,182 INFO [o.a.c.s.p.c.s.a.Pac4jAuthenticationEventExecutionPlanConfiguration] - <Registering delegated authentication clients...>

Also, 
I don't see toward the bottom right of the CAS login page in the tutorial mentioned above, the text "or login with" followed by the Red SAML 2 button. 

Any ideas on what may be missing and what the recommended authentication flow is: IDP or SP initiated SSO for the configuration I described above?

Thanks,
Marcel
Reply all
Reply to author
Forward
0 new messages