| Warning |
|---|
| title | New CAS documentation site |
|---|
|
CAS documentation has moved over to apereo.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link. |
| Warning |
|---|
Since CAS 4.0.0, the SAML support is no longer available in the CAS server itself but through the cas-server-support-saml module : SAML Support in CAS 4 |
...
A SAML 1.1 ticket validation response is obtained by validating a ticket via POST at the /samlValidate URI. An example request/response follows for a successful ticket validation attempt.
| Code Block |
|---|
| xml |
|---|
| xml |
|---|
| title | Example Requestxml |
|---|
|
POST /cas/samlValidate?ticket=
Host: cas.example.com
Content-Length: 491
Content-Type: text/xml
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1"
MinorVersion="1" RequestID="_192.168.16.51.1024506224022"
IssueInstant="2002-06-19T17:03:44.022Z">
<samlp:AssertionArtifact>
ST-1-u4hrm3td92cLxpCvrjylcas.example.com
</samlp:AssertionArtifact>
</samlp:Request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
|
| Code Block |
|---|
| xml |
|---|
| xml |
|---|
| title | Example Responsexml |
|---|
|
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header />
<SOAP-ENV:Body>
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2008-12-10T14:12:14.817Z"
MajorVersion="1" MinorVersion="1" Recipient="https://eiger.iad.vt.edu/dat/home.do"
ResponseID="_5c94b5431c540365e5a70b2874b75996">
<Status>
<StatusCode Value="samlp:Success">
</StatusCode>
</Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_e5c23ff7a3889e12fa01802a47331653"
IssueInstant="2008-12-10T14:12:14.817Z" Issuer="localhost" MajorVersion="1"
MinorVersion="1">
<Conditions NotBefore="2008-12-10T14:12:14.817Z" NotOnOrAfter="2008-12-10T14:12:44.817Z">
<AudienceRestrictionCondition>
<Audience>
https://some-service.example.com/app/
</Audience>
</AudienceRestrictionCondition>
</Conditions>
<AttributeStatement>
<Subject>
<NameIdentifier>johnq</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>
urn:oasis:names:tc:SAML:1.0:cm:artifact
</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
<Attribute AttributeName="uid" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>12345</AttributeValue>
</Attribute>
<Attribute AttributeName="groupMembership" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>
uugid=middleware.staff,ou=Groups,dc=vt,dc=edu
</AttributeValue>
</Attribute>
<Attribute AttributeName="eduPersonAffiliation" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>staff</AttributeValue>
</Attribute>
<Attribute AttributeName="accountState" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<AttributeValue>ACTIVE</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthenticationStatement AuthenticationInstant="2008-12-10T14:12:14.741Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject>
<NameIdentifier>johnq</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>
urn:oasis:names:tc:SAML:1.0:cm:artifact
</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
</Assertion>
</Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
|
...