Hi team My Keyclock setup on host localhost:8080
>From Keycloak I call set CAS Idp by next URL : https://localhost:8443/cas/idp/profile/SAML2/Redirect/SSO CAS version is 6.0 My application.properties file is cas.serviceRegistry.json.location=file:/etc/cas/services cas.serviceRegistry.initFromJson=true cas.authn.samlIdp.entityId=${cas.server.prefix}/idp cas.authn.samlIdp.scope=localhost cas.authn.samlIdp.metadata.privateKeyAlgName=RSA cas.authn.samlIdp.metadata.location=file:/etc/cas/saml cas.authn.samlIdp.attributeQueryProfileEnabled=true And service { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "^http://localhost:8080/auth/realms/master.*";, "name" : "SAML", "id" : 10000010, "evaluationOrder" : 1, "usernameAttributeProvider" : { "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider", "usernameAttribute" : "sAMAccountName" }, "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy" , "allowedAttributes" : { "@class" : "java.util.TreeMap", "sAMAccountName" : "Username", "mail" : "Email", "givenName" : "FirstName", "sn" : "LastName" } }, "requiredNameIdFormat" : "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "metadataLocation" : "file:/etc/cas/saml/saml.xml", "signAssertions": true, "signResponses": false } File saml.xml from Keyclock <?xml version="1.0" encoding="UTF-8"?> <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Name="urn:keycloak"> <EntityDescriptor entityID="http://localhost:8080/auth/realms/master";> <IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <dsig:KeyInfo> <dsig:KeyName>28MEWm8hWj0zNxNI8VegsxRNMUEw69aZWW0btpcers8</dsig:KeyName> <dsig:X509Data> <dsig:X509Certificate> MIICmzCCAYMCBgFp3PI4OTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTkwNDAyMDcyNTU1WhcNMjkwNDAyMDcyNzM1WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf8Rew1RGrlowLfKmuIul9sknJCQYbe5gzc/2tdU3U+xkOOmurMUo+L22xLHmd0dfvGBUM/NrxYSa2b/ck2hx2G8+Y4PHpPrlnWc1pQGR9FaTjAfKXGydeIs42cZ6qg3XYiNYSfHLKrEENJBMEhZQXSKb7xLMec38/Dz7/eSFGNQhYd3jGEowmYZpPVEjK5QvfNW8CalnbUD9vXFi2GTraSqJWLO35DkbgCCr8TRsbJa9PS245bT1dcvOdPKeOFmCf/XjUi7IL74R+jD10kZD3Fpn6ICztgq7ud8ZFa3gfSW0FR4+kBs0AkNoaXfIuDg0YXTDahF/0ooBX67YgvXgrAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABx23a3/vL4X8ErlcvRT2qD9oEpmwYUqZD8LRyuZ9tZZpL1NrJ6j0xHkHzvw6xp19IMZigW7Tsz9suKJvL9zTDo1EZM+j91iD8uPVQe+0U8D2sHbdcQn7Z13ocLETeLuVAGNYTDwlZgL/tkRrTn6zxV6qyumaWAxDifBnOgzBirVNyMM1nvlDs18gMfgWX7glGwtXBidQM9RCOe754KL2ISK3BMYqh8B6XXUHD4bL/skUKWQYht+R59YHaWqp8naMTck9rk6zybKA2U32SKTgqR75Be7X24FnZ9atdjxdrvAgZznTT89qTCF0Zojf5+OAbJ/GKWQLABrNx2cAjJAKMw= </dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/auth/realms/master/protocol/saml"/> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/auth/realms/master/protocol/saml"/> <NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:persistent </NameIDFormat> <NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:transient </NameIDFormat> <NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified </NameIDFormat> <NameIDFormat> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress </NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/auth/realms/master/protocol/saml"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/auth/realms/master/protocol/saml"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://localhost:8080/auth/realms/master/protocol/saml"/> </IDPSSODescriptor> </EntityDescriptor> </EntitiesDescriptor> When it redirect I am getting next trace 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Located issuer [http://localhost:8080/auth/realms/master] from authentication request 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Checking service access in CAS service registry for [http://localhost:8080/auth/realms/master] 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Located SAML service in the registry as [^http://localhost:8080/auth/realms/master.*] with the metadata location of [http://localhost:8080/auth/realms/master/protocol/saml/descriptor] 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Fetching saml metadata adaptor for [http://localhost:8080/auth/realms/master] 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Adapting SAML metadata for CAS service [SAML] issued by [http://localhost:8080/auth/realms/master] 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Locating metadata for entityID [http://localhost:8080/auth/realms/master] by attempting to run through the metadata chain... 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver - Resolving metadata for [SAML] at [http://localhost:8080/auth/realms/master/protocol/saml/descriptor]. 11:22:20.806 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver - Loaded and cached SAML metadata [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver] from [http://localhost:8080/auth/realms/master/protocol/saml/descriptor] 11:22:20.806 [https-jsse-nio-8443-exec-7] INFO org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Resolved metadata chain for service [^http://localhost:8080/auth/realms/master.*]. Filtering the chain by entity ID [http://localhost:8080/auth/realms/master] 11:22:20.806 [https-jsse-nio-8443-exec-7] WARN org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Cannot find entity [http://localhost:8080/auth/realms/master] in metadata provider Ensure the metadata is valid and has not expired. 11:22:20.806 [https-jsse-nio-8443-exec-7] WARN org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - No metadata could be found for [http://localhost:8080/auth/realms/master] 11:22:20.814 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.web.view.CasReloadableMessageBundle - No properties file found for [classpath:custom_messages_ru_RU] - neither plain properties nor XML 11:22:20.814 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.web.view.CasReloadableMessageBundle - No properties file found for [classpath:messages_ru_RU] - neither plain properties nor XML 11:22:20.818 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.web.view.CasReloadableMessageBundle - No properties file found for [classpath:custom_messages_ru] - neither plain properties nor XML 11:22:20.822 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.web.view.CasReloadableMessageBundle - No properties file found for [classpath:custom_messages] - neither plain properties nor XML 11:22:20.822 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.web.view.CasReloadableMessageBundle - Re-caching properties for filename [classpath:messages_ru] - file hasn't been modified 11:22:20.822 [https-jsse-nio-8443-exec-7] DEBUG org.apereo.cas.web.view.CasReloadableMessageBundle - Re-caching properties for filename [classpath:messages] - file hasn't been modified 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor - Decoded SAML object [{urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest] from http request 11:22:21.230 [https-jsse-nio-8443-exec-9] INFO org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [issuer=http://localhost:8080/auth/realms/master,binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect] ACTION: SAML2_REQUEST_CREATED APPLICATION: CAS WHEN: Sun Apr 07 11:22:21 EEST 2019 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 ============================================================= 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Located issuer [http://localhost:8080/auth/realms/master] from authentication request 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Checking service access in CAS service registry for [http://localhost:8080/auth/realms/master] 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Located SAML service in the registry as [^http://localhost:8080/auth/realms/master.*] with the metadata location of [http://localhost:8080/auth/realms/master/protocol/saml/descriptor] 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - Fetching saml metadata adaptor for [http://localhost:8080/auth/realms/master] 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Adapting SAML metadata for CAS service [SAML] issued by [http://localhost:8080/auth/realms/master] 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Locating metadata for entityID [http://localhost:8080/auth/realms/master] by attempting to run through the metadata chain... 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver - Resolving metadata for [SAML] at [http://localhost:8080/auth/realms/master/protocol/saml/descriptor]. 11:22:21.230 [https-jsse-nio-8443-exec-9] DEBUG org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver - Loaded and cached SAML metadata [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver] from [http://localhost:8080/auth/realms/master/protocol/saml/descriptor] 11:22:21.230 [https-jsse-nio-8443-exec-9] INFO org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Resolved metadata chain for service [^http://localhost:8080/auth/realms/master.*]. Filtering the chain by entity ID [http://localhost:8080/auth/realms/master] 11:22:21.230 [https-jsse-nio-8443-exec-9] WARN org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade - Cannot find entity [http://localhost:8080/auth/realms/master] in metadata provider Ensure the metadata is valid and has not expired. 11:22:21.230 [https-jsse-nio-8443-exec-9] WARN org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController - No metadata could be found for [http://localhost:8080/auth/realms/master] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/24de7f17-b45f-4cb3-b7e1-a3f7cf8aa7b2%40apereo.org.
