BTW, The sample request found on the wiki ( https://apereo.github.io/cas/development/protocol/SAML-Protocol.html ) shows :
POST /cas/samlValidate?ticket= Host: cas.example.com Content-Length: 491 Content-Type: text/xml <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP-ENV:Header/> <SOAP-ENV:Body> <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z"> <samlp:AssertionArtifact> ST-1-u4hrm3td92cLxpCvrjylcas.example.com </samlp:AssertionArtifact> </samlp:Request> </SOAP-ENV:Body> </SOAP-ENV:Envelope> but phpCAS does not use POST /cas/samlValidate?ticket= but /cas/samlValidate?TARGET= Regards. Le 10/08/2016 à 12:39, Philippe MARASSE a écrit : > Folks, > > I'm testing basic authentication (casuser:Mellon) with CAS 5 server and > official phpCAS 1.3.4 client with SAML 1.1 validation, and it does not > seem to work. > > Cas Client send post data : > > <SOAP-ENV:Envelope > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> > <SOAP-ENV:Header/> > <SOAP-ENV:Body> > <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" > MajorVersion="1" MinorVersion="1" > RequestID="_192.168.16.51.1024506224022" > IssueInstant="2002-06-19T17:03:44.022Z"> > > <samlp:AssertionArtifact>ST-2-aghFC3hJ2dnePztkMfbK-devcas1</samlp:AssertionArtifact> > </samlp:Request> > </SOAP-ENV:Body> > </SOAP-ENV:Envelope> > > to : > https://php-dev.mydomain.com/cas/samlValidate?TARGET=http%3A%2F%2Fphp-dev.mydomain.com%2Fphilippe%2Feclipse%2Ftestcas%2Fwww%2Fsaml11.php > > I got this answer from CAS Server : > > <?xml version="1.0" encoding="UTF-8"?> > <SOAP-ENV:Envelope > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> > <SOAP-ENV:Body> > <saml1p:Response InResponseTo="_192.168.16.51.1024506224022" > IssueInstant="2016-08-10T09:44:12.393 > Z" MajorVersion="1" MinorVersion="1" > ResponseID="_2905923a3d94406937598b14f57e8043" > xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"><saml1p:Status><saml1p:StatusCode > Value="saml1p:RequestDenied"/><saml1p:StatusMessage> > Les paramètres 'service' et 'ticket' sont tous deux > nécessaires</saml1p:StatusMessage></saml1p:Status> > </saml1p:Response> > </SOAP-ENV:Body> > </SOAP-ENV:Envelope> > > Server complains about missing ticket and/or service parameter ?? > Validation works for both CASv2 and CASv3 protocol but not with SAMLv1.1. > SAMLv1.1 works against our production CAS v3.5 servers. > > Relevant part of my pom.xml (maven war overlay method) : > <cas.groupId>org.apereo.cas</cas.groupId> > <cas.version>5.0.0.RC1-SNAPSHOT</cas.version> > > <dependency> > <groupId>${cas.groupId}</groupId> > <artifactId>cas-server-support-spnego</artifactId> > <version>${cas.version}</version> > <scope>runtime</scope> > </dependency> > <dependency> > <groupId>${cas.groupId}</groupId> > <artifactId>cas-server-support-spnego-webflow</artifactId> > <version>${cas.version}</version> > <scope>runtime</scope> > </dependency> > <dependency> > <groupId>${cas.groupId}</groupId> > > <artifactId>cas-server-support-json-service-registry</artifactId> > <version>${cas.version}</version> > </dependency> > > <!-- Support SAMLv1.1 et v2 --> > <dependency> > <groupId>org.apereo.cas</groupId> > <artifactId>cas-server-support-saml</artifactId> > <version>${cas.version}</version> > </dependency> > > Am I missing something (again :-) ) ? > > Regards. > -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ea65487c-a861-687a-25e6-dc802c7a3e44%40ch-poitiers.fr. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
