Apologies for the bump - just wanted to see if anyone else has run into this before?
On Wednesday, August 21, 2019 at 11:44:03 AM UTC, Josh G wrote: > > Hi all - > > We are working on integrating a service (dmp.cdlib.org) in our CAS 5.2.x > environment, but are having trouble accommodating a specific requirement, > specifically setting the Destination in the SAML response. > > In order to validate our configuration, the vendor offers a test > Shibboleth SP instance at https://dmptool.org/cgi-bin/PrintShibInfo.pl. > > Upon logging into the service, we are receiving the following error: > > opensaml::BindingException > > The system encountered an error at Wed Aug 21 04:40:17 2019 > > To report this problem, please contact the site administrator at > [email protected]. > > Please include the following message in any email: > > opensaml::BindingException at ( > https://uc3-dmpx2-prd-2c.cdlib.org/Shibboleth.sso/SAML2/POST) > > SAML message delivered with POST to incorrect server URL. > > The issue appears to be the SAML Response Destination is incorrect: > > > *Here is an example of the SAML Request:* > > <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > AssertionConsumerServiceURL=" > https://dmptool.org/Shibboleth.sso/SAML2/POST"; > Destination="https://<CAS > URL>.edu/cas/idp/profile/SAML2/Redirect/SSO" > ID="_16cb2cd64c7aab9b86d5766ec9a86cf9" > IssueInstant="2019-08-20T18:19:10Z" > > ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Version="2.0" > > > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> > https://dmp.cdlib.org</saml:Issuer> > <samlp:NameIDPolicy AllowCreate="1" /> > </samlp:AuthnRequest> > > *Here is a snipped of the SAML Response:* > > <saml2p:Response > *Destination="https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST > <https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST>"* > ID="_1919448364467476034" > InResponseTo="_16cb2cd64c7aab9b86d5766ec9a86cf9" > IssueInstant="2019-08-20T18:19:10.862Z" > Version="2.0" > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > > > > > > The item in red above is incorrect, the Destination should be https:// > dmptool.org/Shibboleth.sso/SAML2/POST. > > Is there a way in CAS to specify the Destination redirect? > > This is possible to do natively in Shibboleth IdP, however we run all of > our InCommon SAML configuration (this is an InCommon Federated service) > through CAS. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c3243968-89ef-4289-bb2b-fcad66ddec54%40apereo.org.
