Auth via Apereo CAS 5.3

Community Support
1

Description

Has anyone successfully configured their Rocket Chat instance to authenticate via an instance Apereo CAS 5.x? Via the CAS protocol, or the SAML protocol?

I’ve tried both. Configuring the CAS 2.0 options in RC allows me to authenticate just fine, but it doesn’t seem to be able to read the attributes our cas server sends. I can’t get the email or name fields filled out.

Specifically, on the RC CAS settings page, in the Attribute Handling section, I tried {"email":"%mail%"} in the Attribute Map field. mail is the name of the attribute CAS returns containing the users email. I’ve configured this in other applications.

We also have SAML configured on our cas server for other applications. So I thought I’d see if I could get things working via that protocol. Unfortunately my attempts at configuring RC to use it have failed.
Apereo’s docs allowed me to guess at what values to put in RC’s configuration.

On CAS, I named the service testrocketchat. so, for the Custom Entry Point field, https://casserver/cas/idp/profile/SAML2/Unsolicited/SSO?providerId='testrocketchat' seems closest to being the correct value. Unfortunately CAS keeps saying that the application is not authorized to use CAS. (It is, I have authenticated via CAS.)

If I left off the ?providerId='testrocketchat' part, CAS would display an error about providerId being missing.

I also tried ?providerId='https://testrocketchat.example.org', ?providerId='testrocketchat.example.org' and ?providerId=NN (where NN is what I think the CAS server’s internal id number for the Rocket Chat service.) All resulted in the ‘not authorized’ error.

Server Setup Information

  • Version of Rocket.Chat Server: 1.0.2
  • Operating System: Ubuntu 18.04
  • Deployment Method: docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog: Enabled via docker-compose file. services.rocketchat_app.command: mongod --smallfiles --replSet rs01 --oplogSize 1024
  • NodeJS Version: Whatever is in docker.
  • MongoDB Version: Whatever is in docker.
  • Proxy: Apache 2.4
  • Firewalls involved: FirewallD configured to allow https on the CAS vm, and on the Rocket.Chat vm.

Any additional Information

  • Initial docker-compose config was pulled from rocket.chat/docs/installation/docker-containers/
  • Followed rocket.chat/docs/installation/manual-installation/mongo-replicas/ due to “OPLOG / REPLICASET IS REQUIRED” error message when starting the app.
  • Configured Apache following rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/
  • DNS for testrocketchat.example.org is not configured. I set it up in my laptops /etc/hosts file.
  • The test instance is on a vm that is not available from outside our internal network.
1 Like
2

Hello, sorry for bothering, but i have the same issue. Did you manage to solve that issue?

3

Same issue here. All attributes passed in CAS configuration are skipped (says so in logs) and the values not populated. Tried email, name, username & rooms without any success.

This makes RC unusable for my use case where asking the users to fill this information is not acceptable.

{RC as provided by ubuntu (2.? and 3.?)}

4

Did someone finally made it work ?
Spent a full day on it and still no luck …