So lets see if I can keep this simple. I have a mostly working CAS 5.3.3 Server with SAML 1.1 working to the java-cas-client. We have a vendor developed CAS Client for the CAS SAML 1.1 protocol, that worked with CAS 3.3, 3.5, and 3.6. Now on CAS 5.3.3, it's getting a samllp:RequestDenied samllp:Response.
Based on reviewing the code, it appears it's failing at DefaultCentralAuthenticationService.java:301 <https://github.com/apereo/cas/blob/5.3.x/core/cas-server-core/src/main/java/org/apereo/cas/DefaultCentralAuthenticationService.java#L301>. Do i need to create a SamlRegisteredService service definition for SAML 1.1 instead of using RegexRegisteredService? Based on the error, I expected to see service as part of the validation request to /samlValidate, but it's not part of the SAML 1.1 specification that I can find. The received response: <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> <saml1p:Response InResponseTo="250c222f-6306-402c-ba3a-42f432137730" IssueInstant="2018-09-10T15:36:21.756Z" MajorVersion="1" MinorVersion="1" ResponseID="_ae589fdf84c6c72755cd450949f3b3c7" xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"> <saml1p:Status> <saml1p:StatusCode Value="saml1p:RequestDenied"/> <saml1p:StatusMessage>Ticket 'ST-104183-xxxxxxxxxxxxx-cas' does not match supplied service. The original service was 'https://example.com/foo/bar' and the supplied service was 'null'.</saml1p:StatusMessage> </saml1p:Status> </saml1p:Response> </SOAP-ENV:Body> </SOAP-ENV:Envelope> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/73251842-4c67-4fcc-9286-23d0a11aecff%40apereo.org.