Hi,

Is there any update on this issue?

Thanks in advance.


On Tuesday, 4 September 2018 18:34:10 UTC+5:30, sarika deshmukh wrote:
>
> Hi Ganesh,
>
> Sorry for the late reply.
> I have checked logs as well, it seems like CAS is not connecting with OKTA 
> at the time of logout.
>
> log details:
> 2018-09-04 17:29:21,173 DEBUG 
> [org.apereo.cas.support.saml.services.SamlIdPSingleLogoutServiceLogoutUrlBuilder]
>  
> - <Service [AbstractRegisteredService(serviceId=^https://.*, name=HTTPS, 
> theme=null, informationUrl=null, privacyUrl=null, responseType=null, 
> id=10000001, description=This service definition authorizes all application 
> urls that support HTTPS and IMAPS protocols., 
> expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false,
>  
> notifyWhenDeleted=false, expirationDate=null), 
> proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, 
> evaluationOrder=10000, 
> usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2,
>  
> logoutType=BACK_CHANNEL, requiredHandlers=[], 
> attributeReleasePolicy=ReturnAllowedAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null,
>  
> principalAttributesRepository=DefaultPrincipalAttributesRepository(), 
> consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, 
> excludedAttributes=null, includeOnlyAttributes=null), 
> authorizedToReleaseCredentialPassword=false, 
> authorizedToReleaseProxyGrantingTicket=false, 
> excludeDefaultAttributes=false, 
> authorizedToReleaseAuthenticationAttributes=true, 
> principalIdAttribute=null), allowedAttributes=[]), 
> multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[],
>  
> failureMode=NOT_SET, principalAttributeNameTrigger=null, 
> principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, 
> logoutUrl=https://localhost:8443/cas/logout, 
> accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, 
> enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, 
> delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[SAML2Client]),
>  
> requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, 
> caseInsensitive=false), publicKey=null, properties={}, contacts=[])] is not 
> a SAML service, or its logout url could not be determined>
> 2018-09-04 17:29:21,173 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder] - 
> <Logout request will be sent to [https://localhost:8443/cas/logout] for 
> service [AbstractWebApplicationService(id=
> https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl=
> https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, 
> principal=u...@company.com, source=service, loggedOutAlready=false, 
> format=XML, attributes={})]>
> 2018-09-04 17:29:21,174 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - 
> <Prepared logout url [[https://localhost:8443/cas/logout]] for service 
> [AbstractWebApplicationService(id=
> https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl=
> https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, 
> principal=u...@company.com, source=service, loggedOutAlready=false, 
> format=XML, attributes={})]>
> 2018-09-04 17:29:21,174 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - 
> <Creating logout request for [AbstractWebApplicationService(id=
> https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl=
> https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, 
> principal=u...@company.com, source=service, loggedOutAlready=false, 
> format=XML, attributes={})] and ticket id 
> [ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12]>
> 2018-09-04 17:29:21,401 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout 
> request 
> [DefaultLogoutRequest(ticketId=ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12, 
> service=AbstractWebApplicationService(id=
> https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl=
> https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, 
> principal=u...@company.com, source=service, loggedOutAlready=false, 
> format=XML, attributes={}), status=NOT_ATTEMPTED, logoutUrl=
> https://localhost:8443/cas/logout)] created for 
> [AbstractWebApplicationService(id=
> https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl=
> https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, 
> principal=u...@company.com, source=service, loggedOutAlready=false, 
> format=XML, attributes={})] and ticket id 
> [ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12]>
> 2018-09-04 17:29:21,401 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout 
> type registered for [AbstractWebApplicationService(id=
> https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl=
> https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, 
> principal=u...@company.com, source=service, loggedOutAlready=false, 
> format=XML, attributes={})] is [BACK_CHANNEL]>
> 2018-09-04 17:29:21,402 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - 
> <Creating back-channel logout request based on 
> [DefaultLogoutRequest(ticketId=ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12, 
> service=AbstractWebApplicationService(id=
> https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl=
> https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, 
> principal=u...@company.com, source=service, loggedOutAlready=false, 
> format=XML, attributes={}), status=NOT_ATTEMPTED, logoutUrl=
> https://localhost:8443/cas/logout)]>
> 2018-09-04 17:29:21,478 DEBUG 
> [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated 
> logout message: [<samlp:LogoutRequest 
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
> ID="LR-1-Zkra8FA-8YIF7kVhWkRWyAWy" Version="2.0" 
> IssueInstant="2018-09-04T17:29:21Z"><saml:NameID 
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12</samlp:SessionIndex></samlp:LogoutRequest>]>
> 2018-09-04 17:29:21,478 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - 
> <Preparing logout request for [
> https://localhost:8443/vcm/j_spring_cas_security_check] to [
> https://localhost:8443/cas/logout]>
> 2018-09-04 17:29:21,485 DEBUG 
> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - 
> <Prepared logout message to send is [HttpMessage(url=
> https://localhost:8443/cas/logout, 
> message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-1-Zkra8FA-8YIF7kVhWkRWyAWy%22+Version%3D%222.0%22+IssueInstant%3D%222018-09-04T17%3A29%3A21Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
>  
> responseCode=0, asynchronous=true, 
> contentType=application/x-www-form-urlencoded)]. Sending...>
> 2018-09-04 17:29:21,532 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] 
> - <Created HTTP post message payload [POST 
> https://localhost:8443/cas/logout HTTP/1.1]>
> 2018-09-04 17:29:21,558 INFO [org.apereo.cas.logout.DefaultLogoutManager] 
> - <[1] logout requests were processed>
>
>
> I have gone through the CAS codebase, as per my understanding, CAS is not 
> getting some SAML metadata for a given SP for logout.
> I have added "SamlRegisteredService" service registry for the same but no 
> luck.
>
> service registry:
>
> {
>   "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
>   "serviceId" :  "urn:herb:saml:pac4j.org",
>   "name" : "SAMLService",
>   "id" : 10000003,
>   "evaluationOrder" : 10,
>   "metadataLocation" : "
> https://myoktaClient.com/app/exkfsyqtvxlhZ2i9f0h7/sso/saml/metadata";
> }
>
> Also, I have added logoutType and logoutUrl in HTTPSandIMAPS-10000001.json 
> registry file as below,
>
>  "logoutType": "BACK_CHANNEL",
>  "logoutUrl":"https://localhost:8443/cas/logout";,
>
>  
> Is there anything missing?
>
> Thanks,
> Sarika D.
>
>
> On Monday, 2 October 2017 12:49:48 UTC+5:30, Антон Шихмат wrote:
>>
>> Hello everyone,
>>
>> I'm trying to integrate CAS SAML 2 delegated auth with OKTA using this 
>> tutorial https://apereo.github.io/2017/03/22/cas51-delauthn-tutorial/
>> CAS properties file should contain such values: keystore path (that 
>> contains OKTA signing certificate), keystore password and private key 
>> password.
>> OKTA provides signing certificate, so I can create a keystore using it. 
>> But OKTA does not provide private key for this certificate (or at least I 
>> cannot find it). I cannot left this value empty, because I will receive an 
>> exception during CAS startup.
>> Can anyone help me, how can I configure OKTA integration without private 
>> key or where I can find it?
>>
>> Thanks
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6ddbe837-cac5-4001-854d-b5bc6f2ff610%40apereo.org.

Reply via email to