You are welcome, David! I would like to thank you for CAS Deployment step-by-step guide, it has been a great help for me.
Kontakt David Curry (<[email protected]>) kirjutas kuupäeval N, 13. detsember 2018 kell 18:12: > Thanks, Andres! That was exactly the problem. > > --Dave > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • [email protected] > > > On Thu, Dec 13, 2018 at 10:43 AM Andres Rattur <[email protected]> > wrote: > >> Hi Dave, >> >> Yes, we are using this combination: Pulse Secure VPN + CAS as SAML2 IdP >> and it works well. >> >> If this highlighted string from log is exactly the same as in your >> service registry id then perhaps the problem is in question mark, it has to >> be escaped: >> As-Is: "serviceId" : "^ >> https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi?p=sp1"; >> To-Be: "serviceId" : "^ >> https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi\\?p=sp1"; >> >> From documentation: >> https://apereo.github.io/cas/5.2.x/installation/JSON-Service-Management.html >> >> "If the service is defined as a regular expression, certain regex >> constructs such as "." and "\d" need to be doubly escaped." >> >> With best regards, >> Andres >> >> Kontakt <[email protected]> kirjutas kuupäeval N, 13. detsember 2018 >> kell 17:13: >> >>> Has anyone managed to configure their Pulse Secure VPN as a SAML2 SP to >>> use CAS as a SAML2 IdP? >>> >>> I've got (according to the documentation) all the configuration bits on >>> the Pulse Secure box set up, and I've put an entry into the CAS service >>> registry for a SAML2 service with the correct entityId. >>> >>> And when I access the VPN endpoint that's supposed to go to CAS, it does >>> indeed redirect to the CAS server. But CAS fails with: >>> >>> 2018-12-13 09:56:25,661 WARN >>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] >>> - <[https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi?p=sp1] is >>> not found in the registry or service access is denied. Ensure service is >>> registered in service registry> >>> >>> despite the fact that the string highlighted above is exactly what's >>> listed in the service registry and as the entityId in the metadata >>> downloaded from the Pulse Secure appliance. I have also tried with the >>> entityId set to that string minus the "?p=sp1" bit (because depending on >>> where you download the metadata from in the Pulse UI, it's either a part of >>> the entityId or it's not), but the string in the warning message is always >>> the same. >>> >>> Clearly I'm missing something fundamental here, but turning on DEBUG >>> logging on the CAS server doesn't offer any clues, nor do the logs on the >>> Pulse. >>> >>> Any ideas / answers / guesses appreciated... >>> >>> CAS 5.2.7 / Pulse 8.2R3.1 >>> >>> Thanks, >>> --Dave >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e8ff0b-10b4-41f2-852b-9358d9c875c9%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e8ff0b-10b4-41f2-852b-9358d9c875c9%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOQH-Q37sVvEaXfnrL5LTpqHgY_ncgLVR3toG7ECsOpL169CGA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOQH-Q37sVvEaXfnrL5LTpqHgY_ncgLVR3toG7ECsOpL169CGA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > On Thu, Dec 13, 2018 at 10:43 AM Andres Rattur <[email protected]> > wrote: > >> Hi Dave, >> >> Yes, we are using this combination: Pulse Secure VPN + CAS as SAML2 IdP >> and it works well. >> >> If this highlighted string from log is exactly the same as in your >> service registry id then perhaps the problem is in question mark, it has to >> be escaped: >> As-Is: "serviceId" : "^ >> https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi?p=sp1"; >> To-Be: "serviceId" : "^ >> https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi\\?p=sp1"; >> >> From documentation: >> https://apereo.github.io/cas/5.2.x/installation/JSON-Service-Management.html >> >> "If the service is defined as a regular expression, certain regex >> constructs such as "." and "\d" need to be doubly escaped." >> >> With best regards, >> Andres >> >> Kontakt <[email protected]> kirjutas kuupäeval N, 13. detsember 2018 >> kell 17:13: >> >>> Has anyone managed to configure their Pulse Secure VPN as a SAML2 SP to >>> use CAS as a SAML2 IdP? >>> >>> I've got (according to the documentation) all the configuration bits on >>> the Pulse Secure box set up, and I've put an entry into the CAS service >>> registry for a SAML2 service with the correct entityId. >>> >>> And when I access the VPN endpoint that's supposed to go to CAS, it does >>> indeed redirect to the CAS server. But CAS fails with: >>> >>> 2018-12-13 09:56:25,661 WARN >>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] >>> - <[https://vpn.newschool.edu/dana-na/auth/saml-endpoint.cgi?p=sp1] is >>> not found in the registry or service access is denied. Ensure service is >>> registered in service registry> >>> >>> despite the fact that the string highlighted above is exactly what's >>> listed in the service registry and as the entityId in the metadata >>> downloaded from the Pulse Secure appliance. I have also tried with the >>> entityId set to that string minus the "?p=sp1" bit (because depending on >>> where you download the metadata from in the Pulse UI, it's either a part of >>> the entityId or it's not), but the string in the warning message is always >>> the same. >>> >>> Clearly I'm missing something fundamental here, but turning on DEBUG >>> logging on the CAS server doesn't offer any clues, nor do the logs on the >>> Pulse. >>> >>> Any ideas / answers / guesses appreciated... >>> >>> CAS 5.2.7 / Pulse 8.2R3.1 >>> >>> Thanks, >>> --Dave >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e8ff0b-10b4-41f2-852b-9358d9c875c9%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e8ff0b-10b4-41f2-852b-9358d9c875c9%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOQH-Q37sVvEaXfnrL5LTpqHgY_ncgLVR3toG7ECsOpL169CGA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOQH-Q37sVvEaXfnrL5LTpqHgY_ncgLVR3toG7ECsOpL169CGA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMy8XY0oTREPHN0K%2BVZxuxpORTBoxFEdRcemVdkZOB5LQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMy8XY0oTREPHN0K%2BVZxuxpORTBoxFEdRcemVdkZOB5LQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOQH-Q2AZWo2FDSYaSbc3YVdB4kzKdugq%2B_pMYa-Z%2BZgb%2Bm30g%40mail.gmail.com.
