Has anyone managed to configure their Pulse Secure VPN as a SAML2 SP to use CAS as a SAML2 IdP?
I've got (according to the documentation) all the configuration bits on the Pulse Secure box set up, and I've put an entry into the CAS service registry for a SAML2 service with the correct entityId. And when I access the VPN endpoint that's supposed to go to CAS, it does indeed redirect to the CAS server. But CAS fails with: 2018-12-13 09:56:25,661 WARN [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <[https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi?p=sp1] is not found in the registry or service access is denied. Ensure service is registered in service registry> despite the fact that the string highlighted above is exactly what's listed in the service registry and as the entityId in the metadata downloaded from the Pulse Secure appliance. I have also tried with the entityId set to that string minus the "?p=sp1" bit (because depending on where you download the metadata from in the Pulse UI, it's either a part of the entityId or it's not), but the string in the warning message is always the same. Clearly I'm missing something fundamental here, but turning on DEBUG logging on the CAS server doesn't offer any clues, nor do the logs on the Pulse. Any ideas / answers / guesses appreciated... CAS 5.2.7 / Pulse 8.2R3.1 Thanks, --Dave -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e8ff0b-10b4-41f2-852b-9358d9c875c9%40apereo.org.
