For the service definition, you should only have one, which is a SamlRegisteredService. You do not need (or want) a RegexRegisteredService for a SAML service.
And as Matthew said, you should also set cas.authn.samlIdp.entityId: ${cas.server.prefix}/idp cas.authn.samlIdp.scope: yourdomain.com I'm not sure it actually matters from the perspective of your CAS SAML IdP working or not, but it may matter to the service provider ("client"), especially if that's a third party, who probably wants a "real" name there instead of "example.org". As for why you're not matching the service, ASSUMING you only have the single SamlRegisteredService definition (and not also a RegexRegisteredService), then you should check that the entityId being sent by the service is identical to what you have in the "serviceId" field of your service registry entry. To check what the SP is sending, look in the XML file for the SP's metadata near the top of the file: <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="http://workday.workday.com/newschool_preview" entityID="http://www.workday.com/newschool_preview"> or <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="IAMShowcase" validUntil="2025-12-09T09:13:31.006Z"> Whatever you see in the "entityID" attribute is what you should have, exactly, in the "serviceId" field of your service registry entry. Note that there's no requirement that the entityId be a "real" URL, or even URL-shaped. The only requirement is that the SP and IdP agree on what it should be. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Mon, May 7, 2018 at 12:57 PM, John D Giotta <jdgio...@gmail.com> wrote: > If I don't set this property does it affect the vendor integration I'm > attempting to do? > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/e5262492-62ae-480c-abc5- > 2a4e5c429c5c%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e5262492-62ae-480c-abc5-2a4e5c429c5c%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMyp6%2BAnCtJRh_e1-%2BNizgD6Q7LajdCYMW9pH-Q0kdJ3A%40mail.gmail.com.