Nicola, I assume you have imported SP metadata. Perhaps you have to name your service registry entry "serviceId" : "https://localhost:7777/saml/login"; to match the entityId.
Ray On Fri, 2019-05-17 at 01:55 -0700, Nicola Boldrin wrote: Hi all, I'm trying to configure CAS 3.5.8 to be SAML2 IdP; I'm trying to do an SSO login with a Spring sample app too (https://github.com/spring-projects/spring-security-saml). When the sample app send auth request, CAS says "Application Not Authorized to Use CAS". Below the log's messages INFO [org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor] Received SAML profile request [/cas-jpa/idp/profile/SAML2/POST/SSO] DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor] Locating SAML object from message context... DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor] Decoded SAML object [{urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest] from http request INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [issuer=https://localhost:7777/saml/login,binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] ACTION: SAML2_REQUEST_CREATED APPLICATION: CAS WHEN: Thu May 16 17:27:10 CEST 2019 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 ============================================================= DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] Located issuer [https://localhost:7777/saml/login] from authentication request DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] Checking service access in CAS service registry for [https://localhost:7777/saml/login] ERROR [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] CAS has found a match for service [https://localhost:7777/saml/login] in registry but the match is not defined as a SAML service WARN [org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver] Resolved [org.apereo.cas.services.UnauthorizedServiceException: screen.service.error.message] to ModelAndView: reference to view with name 'casServiceErrorView'; model is {rootCauseException=org.apereo.cas.services.UnauthorizedServiceException: } INFO [org.apereo.cas.support.oauth.services.OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', this.callbackUrl='https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize' DEBUG [org.apereo.cas.support.oauth.services.OAuth20AuthenticationServiceSelectionStrategy] Authentication request is not identified as an OAuth request INFO [org.apereo.cas.support.oauth.services.OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', this.callbackUrl='https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize' DEBUG [org.apereo.cas.support.oauth.services.OAuth20AuthenticationServiceSelectionStrategy] Authentication request is not identified as an OAuth request Below my configuration # === SAML 2 Idp cas.authn.samlIdp.entityId=https://localhost:6443/cas-jpa/idp cas.authn.samlIdp.metadata.location=file:${etc.cas.dir}saml cas.authn.samlIdp.attributeQueryProfileEnabled=true Thanks -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7dfe8980a95e1499e38dad117eeb20d8b2510eb5.camel%40uvic.ca.
