For SAML2 to work, you need a single entry like this in your service
registry:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "
https://cas.example.org/cas/idp/profile/SAML2/Callback.+";,
"name" : "SAML Authentication Request",
"id" : 12345678,
"evaluationOrder" : 123
}
You do not need to have a registry entry for any other "/SAML2" path.
And then of course you need the service registry entry for the service
itself:
{
"@class" :
"org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "http://www.workday.com/tenant";,
"name" : "Workday",
"id" : 23456789,
"description" : "Workday",
"metadataLocation" : "/etc/cas/saml/sp-metadata/workday.xml",
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [
"uid"
],
},
"evaluationOrder" : 234
}
Or something like that.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
On Fri, Feb 22, 2019 at 7:07 AM Matthew Uribe <matthew.ur...@aims.edu>
wrote:
> I don't think you can use regex in the service id for SAML services. You
> have to specify the service name exactly.
>
> On Fri, Feb 22, 2019, 2:31 AM Pameliya Mukherjee <
> pameliya.mukherj...@gmail.com> wrote:
>
>> I am using CAS 5.3.8.
>>
>> I have created the service like below and kept the file in
>> etc\cas\services:
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^https://.+";,
>> "name" : "SAML Authentication Request",
>> "id" : 20190219131300,
>> "accessStrategy" : {
>> "@class" :
>> "org.apereo.cas.services.RemoteEndpointServiceAccessStrategy",
>> "endpointUrl" : "
>> https://cas.example.org/idp/profile/SAML2/Redirect/SSO";,
>> "acceptableResponseCodes" : "200,202"
>> }
>> }
>>
>> CAS properties like:
>> cas.authn.samlIdp.entityId=https://cas.example.org/cas/idp
>> cas.authn.samlIdp.scope=example.org
>>
>>
>> On Friday, February 22, 2019 at 12:40:16 PM UTC+5:30, Pameliya Mukherjee
>> wrote:
>>>
>>> While I am hitting an endpoint like : "
>>> https://localhost:8443/cas/login?service=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO&entityId=https://cas.org.example/cas/idp
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A8443_cas_login-3Fservice-3Dhttps-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO-26entityId-3Dhttps-3A__cas.org.example_cas_idp&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=65M4s-1NAnXQFOaLjDvYHFveir0udwahv327wkyEhTk&e=>
>>> "
>>>
>>> I am getting error like:
>>>
>>> 2019-02-22 12:31:13,015 WARN
>>> [org.apereo.cas.web.flow.ServiceAuthorizationCheck] -<*Service
>>> Management: missing service. Service
>>> [https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=q1LipHl7wjet4vbtJVeJ4tFAN62mAVjPRYceJotd8V8&e=>]
>>> is not found in service registry.>*
>>> 2019-02-22 12:31:13,017 WARN
>>> [org.apereo.cas.services.web.RegisteredServiceThemeResolver] - <*No
>>> registered service is found to match
>>> [AbstractWebApplicationService(id=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=q1LipHl7wjet4vbtJVeJ4tFAN62mAVjPRYceJotd8V8&e=>,
>>> originalUrl=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cas.example.org_cas_idp_profile_SAML2_Redirect_SSO&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=q1LipHl7wjet4vbtJVeJ4tFAN62mAVjPRYceJotd8V8&e=>,
>>> artifactId=null, principal=null, source=service, loggedOutAlready=false,
>>> format=XML, attributes={})] or access is denied. Using default theme
>>> [cas-theme-default]>*
>>>
>>> *Please Help. I am new to this.*
>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__apereo.github.io_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=Ihw9f6sGwNSMlv1sgLQon8iI3PKB7cNVJ0YtccoHUW8&e=>
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gitter.im_apereo_cas&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=rCPKRRQltyvNCnG50fwBnyBzPGMuvu2kWyaYu4uMUNU&e=>
>> - List Guidelines: https://goo.gl/1VRrw7
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_1VRrw7&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=omXuHF7Uxjhpk16uyJWoTWuVAu-GmNj7LgMpUQ5YZ04&e=>
>> - Contributions: https://goo.gl/mh7qDG
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_mh7qDG&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=dOUjOI7aItrrVWvjIp6leQHO0UxnW-uzXfIHGmZAO_8&e=>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/765da512-fd68-4fcd-8df5-b95e98154bd8%40apereo.org
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Duser_765da512-2Dfd68-2D4fcd-2D8df5-2Db95e98154bd8-2540apereo.org-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=auWoa16BPqAWqsx-0-lnCDVAVu-ZWi_vyIfKhfMtR_E&m=2YCJVsYZPvMMMJ_imkoWWQATbE0I5SM_YcxMA6Ok-s4&s=cPIuCFUVTLq3hBKZ2T6YHd1x2tzZvQmISZ5OW_-7wzY&e=>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdxy9dTq7r-cJh-vAQXgDh%2BYXPbqpcZjYDCXbNbDQ80kVo5-w%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdxy9dTq7r-cJh-vAQXgDh%2BYXPbqpcZjYDCXbNbDQ80kVo5-w%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAO1MaqL2grP2rMZd1oJKEUuHTzxcvWtBud0smih_1huLg%40mail.gmail.com.
