What is the URL for Shibboleth IDP V3 delegates the authentication to CAS

[Nate Klingenstein]

Fazla,

I think that you asked a different question than the one Tom answered.

The confusion is because Shibboleth IdP v3 can act as a CAS server itself
so that you wouldn't need to run a separate CAS server if you wanted to.

However, the URL you were trying to access indicates you were trying to
delegate your authentication to CAS so that logins happen there, using
Unicon's ShibCas implementation.

https://github.com/Unicon/shib-cas-authn3

You probably didn't complete the installation or configuration of the
plugin.  Specifically, the stanza:

    <servlet>
        <servlet-name>ShibCas Auth Servlet</servlet-name>
        <servlet-class>net.unicon.idp.externalauth.ShibcasAuthServlet</servlet-class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>ShibCas Auth Servlet</servlet-name>
        <url-pattern>/Authn/ExtCas/*</url-pattern>
    </servlet-mapping>

tells the servlet container to send any request for /Authn/ExtCas/ to
ShibCas.  If that's missing, the servlet container won't know where to send
you.  You should check the servlet container's logs to make sure that it
was receiving the requests and you should find the 404 errors in them.

If you can't find the 404's in the servlet container logs, then you might
be ending up at the wrong port or host entirely.  I don't know if you
intended to arrive at port 8443, but make sure you have that configured
right too.

Hope this helps,
Nate.

On Mon, Sep 3, 2018 at 10:00 AM, fazla <fazlarabby043264 at gmail.com> wrote:

> Than you Tom for the reply.
>
> I have added the service in cas-protocol under reloadableServiceRegistry
>
>     <bean id="reloadableServiceRegistry"
>
> class="%{idp.cas.serviceRegistryClass:net.shibboleth.idp.cas.service.
> PatternServiceRegistry}">
>         <property name="definitions">
>             <list>
>
>                 <bean class="net.shibboleth.idp.cas.
> service.ServiceDefinition"
>                         c:regex="^(https|http)://urlofmyservice.*"
>                         p:group="multisite"
>                         p:authorizedToProxy="false" />
>             </list>
>         </property>
>     </bean>
> Is this where we are supposed to put the services.
>
> this is what I get in return.
>
> https://localhost:8443/idp/Authn/ExtCas?conversation=e1s1
>
> In browser
> HTTP ERROR 404
>
> Problem accessing /idp/Authn/ExtCas. Reason:
>   Not Found
>
> Nothing in the IDP logs.
>
>
>
>
>
> --
> Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-
> f1660767.html
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180903/c1022766/attachment.html>