This issue is resolved and I had to use the idp metadata obtained from the azure ad portal. Now, the delegated authenticated against azure ad with Cas-5.2.6 is working. (The same with CAS-5.3.3 is failing. But that is a separate issue to be resolved)
Raghavan On Thursday, September 20, 2018 at 1:04:41 AM UTC+5:30, Raghavan TV wrote: > > Hi All > > Am testing CAS 5.2.6 to work on a delegated authentication mode against > Azure AD > > When we get a SAML response back from the Idp, am getting redirect to CAS > > UnAuthorized Access page > > The logs indicate the following errors > > 2018-09-19 19:28:09,358 ERROR > [org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator] - <Current > assertion validation failed, continue with the next one> > org.pac4j.saml.exceptions.SAMLException: Signature is not trusted > at > org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSignature(SAML2DefaultResponseValidator.java:704) > > ~[pac4j-saml-2.3.1.jar:?] > ... > ... > 2018-09-19 19:28:09,363 DEBUG > [org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction] > - <The request requires http action> > org.pac4j.saml.exceptions.SAMLException: No valid subject assertion found > in response > ... > ... > > Any pointers on which cert should be imported into the keystore ? > > > Thanks > Raghavan > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0d38659f-d2c7-4deb-8b6a-6ee05135dd45%40apereo.org.
