For SAML2 to work, you need a single entry like this in your service
registry:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "
https://cas.example.org/cas/idp/profile/SAML2/Callback.+";,
"name" : "SAML Authentication Request",
"id" : 12345678,
"evaluationOrder" : 123
}
You do not need to have a registry entry for any other "/SAML2" path.
And then of course you need the service registry entry for the service
itself:
{
"@class" :
"org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "http://www.workday.com/tenant";,
"name" : "Workday",
"id" : 23456789,
"description" : "Workday",
"metadataLocation" : "/etc/cas/saml/sp-metadata/workday.xml",
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [
"uid"
],
},
"evaluationOrder" : 234
}
Or something like that.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • [email protected]
On Fri, Feb 22, 2019 at 7:07 AM Matthew Uribe <[email protected]>
wrote:
> I don't think you can use regex in the service id for SAML services. You
> have to specify the service name exactly.
>
> On Fri, Feb 22, 2019, 2:31 AM Pameliya Mukherjee <
> [email protected]> wrote:
>
>> I am using CAS 5.3.8.
>>
>> I have created the service like below and kept the file in
>> etc\cas\services:
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^https://.+";,
>> "name" : "SAML Authentication Request",
>> "id" : 20190219131300,
>> "accessStrategy" : {
>> "@class" :
>> "org.apereo.cas.services.RemoteEndpointServiceAccessStrategy",
>> "endpointUrl" : "
>> https://cas.example.org/idp/profile/SAML2/Redirect/SSO";,
>> "acceptableResponseCodes" : "200,202"
>> }
>> }
>>
>> CAS properties like:
>> cas.authn.samlIdp.entityId=https://cas.example.org/cas/idp
>> cas.authn.samlIdp.scope=example.org
>>
>>
>> On Friday, February 22, 2019 at 12:40:16 PM UTC+5:30, Pameliya Mukherjee
>> wrote:
>>>
>>> While I am hitting an endpoint like : "
>>> https://localhost:8443/cas/login?service=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO&entityId=https://cas.org.example/cas/idp
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A8443_cas_login-3Fservice-3Dhttps-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO-26entityId-3Dhttps-3A__cas.org.example_cas_idp&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=65M4s-1NAnXQFOaLjDvYHFveir0udwahv327wkyEhTk&e=>
>>> "
>>>
>>> I am getting error like:
>>>
>>> 2019-02-22 12:31:13,015 WARN
>>> [org.apereo.cas.web.flow.ServiceAuthorizationCheck] -<*Service
>>> Management: missing service. Service
>>> [https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=q1LipHl7wjet4vbtJVeJ4tFAN62mAVjPRYceJotd8V8&e=>]
>>> is not found in service registry.>*
>>> 2019-02-22 12:31:13,017 WARN
>>> [org.apereo.cas.services.web.RegisteredServiceThemeResolver] - <*No
>>> registered service is found to match
>>> [AbstractWebApplicationService(id=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=q1LipHl7wjet4vbtJVeJ4tFAN62mAVjPRYceJotd8V8&e=>,
>>> originalUrl=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=q1LipHl7wjet4vbtJVeJ4tFAN62mAVjPRYceJotd8V8&e=>,
>>> artifactId=null, principal=null, source=service, loggedOutAlready=false,
>>> format=XML, attributes={})] or access is denied. Using default theme
>>> [cas-theme-default]>*
>>>
>>> *Please Help. I am new to this.*
>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__apereo.github.io_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=Ihw9f6sGwNSMlv1sgLQon8iI3PKB7cNVJ0YtccoHUW8&e=>
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gitter.im_apereo_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=rCPKRRQltyvNCnG50fwBnyBzPGMuvu2kWyaYu4uMUNU&e=>
>> - List Guidelines: https://goo.gl/1VRrw7
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_1VRrw7&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=omXuHF7Uxjhpk16uyJWoTWuVAu-GmNj7LgMpUQ5YZ04&e=>
>> - Contributions: https://goo.gl/mh7qDG
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_mh7qDG&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=dOUjOI7aItrrVWvjIp6leQHO0UxnW-uzXfIHGmZAO_8&e=>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/765da512-fd68-4fcd-8df5-b95e98154bd8%40apereo.org
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Duser_765da512-2Dfd68-2D4fcd-2D8df5-2Db95e98154bd8-2540apereo.org-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=cPIuCFUVTLq3hBKZ2T6YHd1x2tzZvQmISZ5OW_-7wzY&e=>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdxy9dTq7r-cJh-vAQXgDh%2BYXPbqpcZjYDCXbNbDQ80kVo5-w%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdxy9dTq7r-cJh-vAQXgDh%2BYXPbqpcZjYDCXbNbDQ80kVo5-w%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAO1MaqL2grP2rMZd1oJKEUuHTzxcvWtBud0smih_1huLg%40mail.gmail.com.
