...
Replace the public.key and private.key with the names of your key files. If they are not available on the classpath, change the location to point to the location of the keys. If you are using RSA instead of DSA, change the algorithm as appropriate.
Part 2: Configure JICS
You must first determine which property of each logged in user will be passed from CAS to JICS as the unique identifier of the logged-in user. JICS essentially offers you three choices:
- JICS Username
- JICS Email Address
- JICS HostID (the ERP/SIS ID number)
By default, JICS expects the incoming identifier to be the JICS Username. If anything different is configured to come in from CAS, you will need to provide an entry in the FWK_MappedUserEntity table to specify how JICS should interpret the incoming identifier. Details of this table's configuration is available here: https://wiki.myjenzabar.net/SAML_User_Mapping
Assuming CAS and JICS agree on what attribute is to be sent, you must make sure the two systems also agree on the SAML SSO nameid format configuration outlined below. The default format should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, but urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress could also work if both systems agree on calling the attribute by that name.
In Site Manager > Site Settings > Framework Settings > Security > Authentication (version 7.4+) choose the following settings:
...