Shibboleth IdP v3.X plugin for authentication via an external CAS Server
Michael A Grady
mgrady at unicon.net
Sat Jun 20 21:20:56 UTC 2020
I thought that someone had fixed the documentation to be clearer, but it doesn't appear that they have. You need to be be sure that in the IdPs' conf/authn/gneeral-authn.xml file that you add any and all needed principal names to the authn/External bean. E.g. (if you wanted the usual Password class and also wanted it to handle REFEDS MFA. You might need to add other password-type principals depending on what any services you are integrated with might be sending as a requested authn context. You will need whateve principals you had previously listed on the authn./Shibcas bean in that same file, if you were using an older version of this plugin.)
<bean id="authn/External" parent="shibboleth.AuthenticationFlow"
> On Jun 20, 2020, at 5:55 AM, Mathew, Sunil <smathew at hbs.edu> wrote:
> We have CAS as the external server and Shibboleth (3.1.1) used to authenticate with Remote User. Instead I am trying to use CAS plugin for Shibboleth (3.4.6) authentication: https://github.com/Unicon/shib-cas-authn3 <https://github.com/Unicon/shib-cas-authn3>
> But I am getting the following error:
> 2020-06-20T10:47:25.099968500Z shib-idp;idp-process.log;dev;nothing;2020-06-20 10:47:25,099 - 172.22.0.1 - WARN [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:219] - Profile Action PopulateAuthenticationContext: No authentication flows are active for this request
> 2020-06-20T10:47:25.100032900Z shib-idp;idp-warn.log;dev;nothing;2020-06-20 10:47:25,099 - 172.22.0.1 - WARN [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:219] - Profile Action PopulateAuthenticationContext: No authentication flows are active for this request
> 2020-06-20T10:47:25.199464800Z shib-idp;idp-process.log;dev;nothing;2020-06-20 10:47:25,197 - 172.22.0.1 - INFO [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:313] - Profile Action SelectAuthenticationFlow: No potential flows left to choose from, authentication failed
> Has anyone been able to use the CAS plugin for Shibboleth authentication?
> This email has been scanned for spam and viruses by Proofpoint Essentials. Click here <https://us2.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1592650518-xrBgQv6nvMot&r_address=mgrady%40unicon.net&report=1> to report this email as spam.
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg <https://wiki.shibboleth.net/confluence/x/coFAAg>
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users