I am attempting to integrate a SAML federation into our CAS instance. I seem
to be stuck on service entry defeind access.
It seems that to allow SAML federation I have to configure a wildcard for
entityId/serviceId. I was assuming that saml service entries would require
both a positive metadata match and entityId match. Seems that by entering the
SAML service entry the wildcard match also applies to CAS services.
example SAML service entry
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "^https://.*$";,
"name" : "Federation Test",
"id" : 10000003,
"evaluationOrder" : 10,
"metadataLocation" : "https://url/to/metadata.xml";
}
After entering the above service entry, any request to
"/cas/login?service=anything" will match. Makes sense if only serviceId is
used for the match. But I figured, incorrectly, that metadata was also
involved.
Am I missing something, or do I have to iteratively add every possible entity
id into the regex for serviceId. That seems unmaintainable at scale.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/02c947e0c88f4d02b50f4998b4b96fd0%40mun.ca.
