cas-server | Laravel instance to Implement Parts

I have a Spring Boot application and use the Java Apereo CAS Client (version 3.6.2) to use an CAS server for authentication. In other words, I want to turn my app into a CAS client, I didn't set up the CAS server myself.

I checked the list of calls made to CAS server:

The first call to the CAS server is made, but I don't see the second call to the server for ticket validation (i.e., a call to https://cas-server-address/cas/serviceValidate URL) that will return an XML document with user and authtype attributes that I want to extract to store in the database.

I have 2 questions:

1. Why there is no second call for the CAS server for ticket validation? Is it hidden?
2. How do I extract user and authtype attributes from the XML document and store them in the database?

I have a working Django (3.1) website and I'm trying to setup a Matrix Server (using Synapse) for the users.

How can I Setup Single Sign On for synapse (It supports SAML, CAS and OIDC) where only the users of my website could login to it?

I already implemented Django CAS Server and have a working login flow, but how can I send the token to Matrix?

I want to use an embedded HSQLDB in CAS 6.2-RC5 and I want Spring to initialize it at startup.

First, I added the following depedencies to the cas-overlay-template:

I follow this instruction to cipher "clientSecret" params in OAuth2 JWT Token with CAS Apereo 6.1 https://apereo.github.io/2019/11/04/cas62x-oauth-jwt-access-token/

Step 1: Using CAS Shell to cipher clientSecret

I am testing the SLO aka Single Logout Service for HTTP Redirect SAML 2.0 binding. I am able to SSO successfully but I need a HTTP Redirect endpoint on CAS to point to from my SAML-SP for SLO. The endpoint I am getting a 404 is http://cas-server:8080/idp/profile/SAML2/Redirect/SLO.

For SSO, the endpoint http://cas-server:8080/idp/profile/SAML2/Redirect/SSO is working fine.

My CAS version is 5.0.6.

Here is a snippet from my Idp metadata xml with the endpoints for SLO and SSO :

I want to enable REST service for CAS Apereo version cas-overlay-template-6.0 (on Ubuntu 16.04)

I have done following this step:

Step 1: Add compile for REST API to build.gradle file

I have set up CAS with LDAP/AD and database, which works. Now I want to add Keycloak, but I get an exception, regarding the state.

I want to use REST Protocol in my services. For this, I enabled Rest Protocol and trying to get TGT. Also, all examples were based on generic service registration which I don't want in prod environment.

Here is the generic service registry example that should not be used in prod environment. And I did not use this in my environment:

I am performing the next steps:

1. I access to a restricted URL (/myapp/login) of my java application
2. I am redirected to /cas/login page
3. I introduce the correct credentials
4. CAS redirect the request to the restricted URL (i.e.:/myapp/login)
5. My application instead of accepting the request, detect this URL as protected again and redirect again the request to CAS: /cas/login
6. The auth-cookies are in the browser so the authentication is OK
7. Step 4
8. Step 5
9. Step 6 etc

My CAS Server versions:

• CAS Version: 6.1.0-RC3-SNAPSHOT
• Spring Boot Version: 2.2.0.M1
• Spring Version: 5.1.5.RELEASE
• Java Home: C:\Program Files\Java\jdk-11.0.2

cas.properties: