search

Unicon / shib-cas-authn3

Integrates an external CAS Server and Shibboleth IdPv3.
Apache License 2.0
22 stars 16 forks source link

ShibCas Auth Servlet HTTP ERROR: 503 #34

Open fazla043264 opened 6 years ago

fazla043264 commented 6 years ago

I am using ShibCas that delegates the authentication to an external Central Authentication Server.

For that at first I have installed shibboleth IdP 3.3.3.1 with Getty and then I have downloaded the shibboleth IdP V 3.X plugin for authentication via an external CAS server from the gihub. Then from there

I have copied the Spring Webflow files, jsp, and included jar files into

the IDP_HOME. 1st Copied the gradle-wrapper.jar and pasted it to Shibboleth\IdP\edit-webapp\WEB-INF\lib. Then copied the jsp and put it in Shibboleth\IdP\edit-webapp\WEB-INF\jsp. also copied the shibcas-authn-flow.xml and shibcas-authn-beans.xml to Shibboleth\IdP\flows\authn\Shibcas couldn't update the IdP's web.xml. as after adding the ShibCas Auth Servlet I am getting a https://localhost:8443/idp/status https://localhost:8443/idp/shibboleth https://localhost:8443/idp/profile/cas/login?service=https://myservice.mydomain.edu.countrycode/ HTTP ERROR: 503 Problem accessing /idp/profile/cas/login. Reason:

Service Unavailable 

    <servlet>
        <servlet-name>ShibCas Auth Servlet</servlet-name>

<servlet-class>net.unicon.idp.externalauth.ShibcasAuthServlet</servlet-class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>ShibCas Auth Servlet</servlet-name>
        <url-pattern>/Authn/ExtCas/*</url-pattern>
    </servlet-mapping>

Problem accessing /idp/profile/cas/login. Reason:

Service Unavailable

As it is optional so I have escaped this step.

Updated the IdP's idp.properties file.
# Regular expression matching login flows to enable, e.g. IPAddress|Password
#idp.authn.flows = Password
idp.authn.flows = Shibcas

# CAS Client properties (usage loosely matches that of the Java CAS Client)
## CAS Server Properties
shibcas.casServerUrlPrefix = https://cas.mycasserver.edu/cas
shibcas.casServerLoginUrl = ${shibcas.casServerUrlPrefix}/login

## Shibboleth Server Properties
shibcas.serverName = https://idp.myshibbolethserver.edu

# By default you always get the AuthenticatedNameTranslator, add additional
code to cover your custom needs.
# Takes a comma separated list of fully qualified class names
# shibcas.casToShibTranslators =
com.your.institution.MyCustomNamedTranslatorClass
# shibcas.parameterBuilders = com.your.institution.MyParameterBuilderClass

# Specify CAS validator to use - either 'cas10', 'cas20' or 'cas30'
(default)
# shibcas.ticketValidatorName = cas30

# Specify if the Relying Party/Service Provider entityId should be appended
as a separate entityId query string parameter
# or embedded in the "service" querystring parameter - `append` (default) or
`embed`
# shibcas.entityIdLocation = append
Updated the IdP's general-authn.xml file.
    <util:list id="shibboleth.AvailableAuthenticationFlows">

        <bean id="authn/Shibcas" parent="shibboleth.AuthenticationFlow"
                p:passiveAuthenticationSupported="true"
                p:forcedAuthenticationSupported="true"
                p:nonBrowserSupported="false" />
Rebuilded the war file.

after this https://cas.myserver.edu/cas/login?service=https://localhost:8443/idp/shibboleth&entityId=https://myservice.myserver.edu/ now If I visit this link I can see the metadata of Shibboleth not redirecting me to the web service after login https://localhost:8443/idp/shibboleth?ticket=ST-xxxx-xxxxxxxxxxxS5uoDofwygwI-ip-172-32-52-248

Now can you please let me know what step should I follow and how can I check whether it will delegate the authentication to cas? what should be the correct url to check too.