Sample SAML2 service definition for Google Apps?

31 views
Skip to first unread message

Mike Osterman

unread,
Mar 10, 2021, 4:58:33 PM3/10/21
to CAS Community
We're looking to migrate from the now legacy (from a supported versions perspective) Google Apps Integration (https://apereo.github.io/cas/5.3.x/integration/Google-Apps-Integration.html) to a generic SAML2 service configuration.

Our current service config is very sparse:
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "https://www.google.com/a/xxxx.yyy/acs",
  "name" : "Google Apps",
  "id" : 123,
  "evaluationOrder" : 123
}

I'm wondering if someone's already made the switch to SAML2 (org.apereo.cas.support.saml.services.SamlRegisteredService) and is willing to share a sample service configuration? We don't have a test instance of Google Apps, and I'm a little nervous about fiddling with our production service, especially given the sparseness of the 3rd party IdP config interface in Apps Admin and Google's habit of stating that changes in the admin may take up to XX hours.

Thank you,
Mike

Richard Frovarp

unread,
Mar 10, 2021, 5:40:43 PM3/10/21
to cas-...@apereo.org
Get a test instance. It's pretty easy to do. Takes a little bit, but easy to do. You really only need one or two users in it to test anyway.

There is a previous post on this list on how to do it the new way. I have internal documentation that I can turn into external documentation tonight and post the link back here.

Mike Osterman

unread,
Mar 10, 2021, 5:55:11 PM3/10/21
to CAS Community
Thanks, Richard!

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/72239eb0f457422aa3628bc16dfbb05b74620fa7.camel%40ndsu.edu.

Richard Frovarp

unread,
Mar 10, 2021, 6:36:55 PM3/10/21
to cas-...@apereo.org
Here's what I figured out to get it done:


Everything I have in there assumes that CAS is already setup as a SAML 2 IdP, and that you have a slight idea as to how to configure a service for a SAML 2 SP. It really is no different than any other SAML 2 SP. It's just that they don't make the values you need to know to setup the metadata known anywhere obvious.

Depending on what version you are on, the legacy method might be supported, but it will get in the way of normal SAML 2 IdP operations.

Mike Osterman

unread,
Mar 10, 2021, 8:52:17 PM3/10/21
to CAS Community
This is perfect - thank you, Richard! We do have SAML2 IdP already set and have several services configured for it. As you say, the setup is not at all obvious.

Thanks as well for the pointer on the test Google Workspace account! That was a revelation to me, as I remember asking several years back and getting nowhere. It's now well-documented here: https://support.google.com/a/answer/6254870

Cheers!
Mike

Reply all
Reply to author
Forward
0 new messages