Can you try this with 5.3.12? On Thursday, September 5, 2019 at 6:46:44 PM UTC+4:30, Josh G wrote: > > Apologies for the bump - just wanted to see if anyone else has run into > this before? > > On Wednesday, August 21, 2019 at 11:44:03 AM UTC, Josh G wrote: >> >> Hi all - >> >> We are working on integrating a service (dmp.cdlib.org) in our CAS 5.2.x >> environment, but are having trouble accommodating a specific requirement, >> specifically setting the Destination in the SAML response. >> >> In order to validate our configuration, the vendor offers a test >> Shibboleth SP instance at https://dmptool.org/cgi-bin/PrintShibInfo.pl. >> >> Upon logging into the service, we are receiving the following error: >> >> opensaml::BindingException >> >> The system encountered an error at Wed Aug 21 04:40:17 2019 >> >> To report this problem, please contact the site administrator at >> [email protected]. >> >> Please include the following message in any email: >> >> opensaml::BindingException at ( >> https://uc3-dmpx2-prd-2c.cdlib.org/Shibboleth.sso/SAML2/POST) >> >> SAML message delivered with POST to incorrect server URL. >> >> The issue appears to be the SAML Response Destination is incorrect: >> >> >> *Here is an example of the SAML Request:* >> >> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> AssertionConsumerServiceURL=" >> https://dmptool.org/Shibboleth.sso/SAML2/POST"; >> Destination="https://<CAS >> URL>.edu/cas/idp/profile/SAML2/Redirect/SSO" >> ID="_16cb2cd64c7aab9b86d5766ec9a86cf9" >> IssueInstant="2019-08-20T18:19:10Z" >> >> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >> Version="2.0" >> > >> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> >> https://dmp.cdlib.org</saml:Issuer> >> <samlp:NameIDPolicy AllowCreate="1" /> >> </samlp:AuthnRequest> >> >> *Here is a snipped of the SAML Response:* >> >> <saml2p:Response >> *Destination="https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST >> <https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST>"* >> ID="_1919448364467476034" >> InResponseTo="_16cb2cd64c7aab9b86d5766ec9a86cf9" >> IssueInstant="2019-08-20T18:19:10.862Z" >> Version="2.0" >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >> > >> >> >> >> The item in red above is incorrect, the Destination should be https:// >> dmptool.org/Shibboleth.sso/SAML2/POST. >> >> Is there a way in CAS to specify the Destination redirect? >> >> This is possible to do natively in Shibboleth IdP, however we run all of >> our InCommon SAML configuration (this is an InCommon Federated service) >> through CAS. >> >
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1458c7b4-4725-452d-b847-c60f7bb95413%40apereo.org.
