Service Validation regex

[Dorin Marian Rautu]

Hello,

I would like to know if there is a way to put a regexed service id. The website I want to shibbolethize has multiple separate services that demand login. As far as I tested the service id has to be the exact http path. Is there a way to put a regex instead of the complete path?

Example:

login pages:

- students' login: http://grouper.inp-toulouse.fr/grouper/grouperUi/appHtml/grouper.html

- admin login: http://grouper.inp-toulouse.fr/grouper/index.jsp

I would like to reduce the service id to something like: "http://grouper.inp-toulouse.fr/grouper"

Thank you for your help,

Dorin

[Chris J]

Hello,

  I'm sorry but it's not quite clear to me exactly where you are thinking of putting this regex.  Which file?  And are we talking about the Liferay Extension?

Chris

--
You received this message because you are subscribed to the Google Groups "casshib" group.
To unsubscribe from this group and stop receiving emails from it, send an email to casshib+u...@googlegroups.com.
To post to this group, send email to cas...@googlegroups.com.
Visit this group at http://groups.google.com/group/casshib.
For more options, visit https://groups.google.com/groups/opt_out.

[Dorin Marian Rautu]

Hi,

Sorry I wasn't very clear. So, The webapp is Grouper, an app which creates custom groups of users from LDAP sources. 

The file is question is casshib-service-registrations.xml. I get an "application not authorized to use CAS" error if the service ID in this file is not matching exactly the app link.

Because there are multiple login links for Grouper that have a part of the link in common, I was wondering if I can set the serviceID like:

<service id="http://grouper.inp-toulouse.fr/grouper/" appname="grouper" passcode="23456" />

instead of 

<service id="http://grouper.inp-toulouse.fr/grouper/grouperUi/appHtml/grouper.html" appname="grouper1" passcode="23456" />

<service id="http://grouper.inp-toulouse.fr/grouper/index.jsp" appname="grouper2" passcode="23456" />

I hope this was much clearer.

Thank you for your help,

Dorin

[Chris J]

Hey,

  I'm really not sure.  I'm not exactly a CAS guru, most of what I'm doing now involves using OAuth tokens, but it seems to me you might be able to do that since your IDs are unique.   Best way to find out is to experiment.  :)

Chris

[Dorin Marian Rautu]

Hey,

Thank you for your response!

At a first glance, I can say that it doesn't work. I will keep researching. Apparently, casshib searches to match the entire link, not only a fragment.

Dorin

[Rob Loup]

Hi,

I was wondering if you have found a solution for the problem. I am encountering the same problem : my WebApp listens on the root will analyse the saml on the validation of the ticket and in relation to the information in the saml propose: page1.html, page2.html, .... to the client. This works very well however if you try to recharge the page with the specific page in the URL the CASShib replies with service unauthorized to validate tickets ...

Does anyone have more information on how to get CASShib to authorize all pages on a webapp ?

Thank you,

[Dorin Marian Răutu]

Hi,

I didn't find a solution for this problem. Because of this and for robustness reasons I switched to classic Shibboleth SP on each server.

Hope you find an answer.

Dorin

[Rob Loup]

Hi,

Just tested defining only the CASSHIB service registration for my service by adding * at the end and it seems to allow my personal pages to be authorized to validate tickets with CASShib.

  <service id="https://myserver/myApp/*"

           appname="myApp"

           passcode="12345" />