mmoayyed
commented
8 years ago What do you need to do with the entityID?
Closed jeffmc930 closed 8 years ago
mmoayyed
commented
8 years ago What do you need to do with the entityID?
jeffmc930
commented
8 years ago Use it for authN (2FA) eventually and authZ (blocking users that don't have a required affiliation) so it is consistent experience for all apps.
mapgrady
commented
8 years ago The original idea for passing it along to CAS was so that one could tailor the CAS login page to the SP, or as noted, decide you needed 2FA etc. So it does need to be made available.
jtgasper3
commented
8 years ago @jeffmc930, CAS Server does not do anything with the passed along entityID. That code/logic needs to be implemented per the needs of the adopter.
mmoayyed
commented
8 years ago @jeffmc930 what you describe isn't implemented. Entity ID is only processed by CAS practically today to display SAML MDUI on the login page, ,but there isn't much else you can do Out-of-the-box with CAS unless of course you code the rest. If you'd like, you are welcome to submit an issue to the project detailing that use case so it can tracked to find a sponsor.
jeffmc930
commented
8 years ago Fair enough. It looks like we need to utilize Unicon to add this functionality to the MFA/Duo and Pac4J (we are using it for delegated auth). Do have a sense how much work that might be, so I can let Jeremy know?
mmoayyed
commented
8 years ago Without knowing all the details, I would speculate something like 60 hrs [or more] but it would be safer for Jeremy and David Lipari @ Unicon to talk and schedule a call so we all can discuss and review exactness of the requirements.
jeffmc930
commented
8 years ago Okay. Thanks.
jeffmc930
commented
7 years ago We are now on CAS 5, and realize this issue must have never been included in all the custom work we had completed via Unicon. Is there any chance that CAS 5 is any closer than CAS 4 was to supporting use of the appended or embedded URLs?
Jeff
On Nov 2, 2016, at 2:49 PM, Misagh Moayyed notifications@github.com wrote:
Without knowing all the details, I would speculate something like 60 hrs [or more] but it would be safer for Jeremy and David Lipari @ Unicon to talk and schedule a call so we all can discuss and review exactness of the requirements.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Unicon/shib-cas-authn3/issues/17#issuecomment-258009593, or mute the thread https://github.com/notifications/unsubscribe-auth/AB1IL6epRsC5E4BwnFP6nig4pigfZ746ks5q6QVPgaJpZM4KnwzC.
jtgasper3
commented
7 years ago Hi Jeff,
Thought I'd follow-up on this. CAS Server 5.2.0 should have support for the appended entityId. Please see https://apereo.github.io/cas/development/integration/Shibboleth.html#relying-party-entityid and https://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication-Triggers.html#entity-id-request-parameter.
As for the embedded entityId route I just pushed a beta of the fix of the issue https://github.com/Unicon/shib-cas-authn3/issues/26#issuecomment-328214366
jeffmc930
commented
7 years ago Hi John,
Following up on this. Before I started to test, I saw that someone else had tested and found issues. Will you have anytime again soonish to look at this issue? Do you need any further info?
Thanks, Jeff
On Sep 8, 2017, at 2:21 PM, John Gasper notifications@github.com wrote:
Hi Jeff,
Thought I'd follow-up on this. CAS Server 5.2.0 should have support for the appended entityId. Please see https://apereo.github.io/cas/development/integration/Shibboleth.html#relying-party-entityid https://apereo.github.io/cas/development/integration/Shibboleth.html#relying-party-entityid and https://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication-Triggers.html#entity-id-request-parameter https://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication-Triggers.html#entity-id-request-parameter.
As for the embedded entityId route I just pushed a beta of the fix of the issue #26 (comment) https://github.com/Unicon/shib-cas-authn3/issues/26#issuecomment-328214366 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Unicon/shib-cas-authn3/issues/17#issuecomment-328216891, or mute the thread https://github.com/notifications/unsubscribe-auth/AB1IL2MXRSiBpG0q3tf9AhCT3e_bSubRks5sga_kgaJpZM4KnwzC.
While I see the URL contains the entityId for the SP, I'm not seeing it show up in the logs on the CAS side. Is there any extra config that needs to be done on CAS 4 to utilize the entityId being passed to it?
We added:
but don't see the entityId show up as part of the org.jasig.cas.web.support.CasArgumentExtractor log entries. The extractor does show the IDP "service" parameter including the trailing conversation parameter from the login URL, but not the entityID. It's potentially be properly extracted and used somehow, but I'm not seeing it.