Hi Dave, Yes, we are using this combination: Pulse Secure VPN + CAS as SAML2 IdP and it works well.
If this highlighted string from log is exactly the same as in your service registry id then perhaps the problem is in question mark, it has to be escaped: As-Is: "serviceId" : "^ https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi?p=sp1"; To-Be: "serviceId" : "^ https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi\\?p=sp1"; >From documentation: https://apereo.github.io/cas/5.2.x/installation/JSON-Service-Management.html "If the service is defined as a regular expression, certain regex constructs such as "." and "\d" need to be doubly escaped." With best regards, Andres Kontakt <[email protected]> kirjutas kuupƤeval N, 13. detsember 2018 kell 17:13: > Has anyone managed to configure their Pulse Secure VPN as a SAML2 SP to > use CAS as a SAML2 IdP? > > I've got (according to the documentation) all the configuration bits on > the Pulse Secure box set up, and I've put an entry into the CAS service > registry for a SAML2 service with the correct entityId. > > And when I access the VPN endpoint that's supposed to go to CAS, it does > indeed redirect to the CAS server. But CAS fails with: > > 2018-12-13 09:56:25,661 WARN > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] > - <[https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi?p=sp1] is > not found in the registry or service access is denied. Ensure service is > registered in service registry> > > despite the fact that the string highlighted above is exactly what's > listed in the service registry and as the entityId in the metadata > downloaded from the Pulse Secure appliance. I have also tried with the > entityId set to that string minus the "?p=sp1" bit (because depending on > where you download the metadata from in the Pulse UI, it's either a part of > the entityId or it's not), but the string in the warning message is always > the same. > > Clearly I'm missing something fundamental here, but turning on DEBUG > logging on the CAS server doesn't offer any clues, nor do the logs on the > Pulse. > > Any ideas / answers / guesses appreciated... > > CAS 5.2.7 / Pulse 8.2R3.1 > > Thanks, > --Dave > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e8ff0b-10b4-41f2-852b-9358d9c875c9%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e8ff0b-10b4-41f2-852b-9358d9c875c9%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOQH-Q37sVvEaXfnrL5LTpqHgY_ncgLVR3toG7ECsOpL169CGA%40mail.gmail.com.
