You’re quite welcome. 5.2.x is EOLed [1]. So aside from manually patching your deployment with the right set of changes, I’d wait until 6.1 is out, or better yet, I’d keep testing RCs to make sure no surprises pop up when it’s fully out [2].
[1] https://apereo.github.io/cas/developer/Maintenance-Policy.html <https://apereo.github.io/cas/developer/Maintenance-Policy.html> [2] https://apereo.github.io/2017/03/08/the-myth-of-ga-rel/ <https://apereo.github.io/2017/03/08/the-myth-of-ga-rel/> > On Sep 9, 2019, at 4:19 PM, Josh G <[email protected]> wrote: > > Hi Misagh - > > Thank you for your reply. > > I have tested and confirms this works as expected in CAS 6.1.0-RC5 which we > are planning on upgrading to in January (assuming a non-RC version of 6.1.x > is released by then). > > Is there any work around that can be applied to 5.2.x, or should we wait > until our 6.1.0 upgrade? > > > On Monday, September 9, 2019 at 6:45:11 AM UTC, Misagh Moayyed wrote: > Can you try this with 5.3.12? > > On Thursday, September 5, 2019 at 6:46:44 PM UTC+4:30, Josh G wrote: > Apologies for the bump - just wanted to see if anyone else has run into this > before? > > On Wednesday, August 21, 2019 at 11:44:03 AM UTC, Josh G wrote: > Hi all - > > We are working on integrating a service (dmp.cdlib.org > <http://dmp.cdlib.org/>) in our CAS 5.2.x environment, but are having trouble > accommodating a specific requirement, specifically setting the Destination in > the SAML response. > > In order to validate our configuration, the vendor offers a test Shibboleth > SP instance at https://dmptool.org/cgi-bin/PrintShibInfo.pl > <https://dmptool.org/cgi-bin/PrintShibInfo.pl>. > > Upon logging into the service, we are receiving the following error: > > opensaml::BindingException > > The system encountered an error at Wed Aug 21 04:40:17 2019 > > To report this problem, please contact the site administrator at > [email protected] <>. > > Please include the following message in any email: > > opensaml::BindingException at > (https://uc3-dmpx2-prd-2c.cdlib.org/Shibboleth.sso/SAML2/POST > <https://uc3-dmpx2-prd-2c.cdlib.org/Shibboleth.sso/SAML2/POST>) > > SAML message delivered with POST to incorrect server URL. > > > The issue appears to be the SAML Response Destination is incorrect: > > > Here is an example of the SAML Request: > > <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > > AssertionConsumerServiceURL="https://dmptool.org/Shibboleth.sso/SAML2/POST > <https://dmptool.org/Shibboleth.sso/SAML2/POST>" > Destination="https://<CAS > URL>.edu/cas/idp/profile/SAML2/Redirect/SSO" > ID="_16cb2cd64c7aab9b86d5766ec9a86cf9" > IssueInstant="2019-08-20T18:19:10Z" > > ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Version="2.0" > > > <saml:Issuer > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://dmp.cdlib.org > <https://dmp.cdlib.org/></saml:Issuer> > <samlp:NameIDPolicy AllowCreate="1" /> > </samlp:AuthnRequest> > > Here is a snipped of the SAML Response: > > <saml2p:Response Destination="https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST > <https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST>" > ID="_1919448364467476034" > InResponseTo="_16cb2cd64c7aab9b86d5766ec9a86cf9" > IssueInstant="2019-08-20T18:19:10.862Z" > Version="2.0" > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > > > > > > The item in red above is incorrect, the Destination should be > https://dmptool.org/Shibboleth.sso/SAML2/POST > <https://dmptool.org/Shibboleth.sso/SAML2/POST>. > > Is there a way in CAS to specify the Destination redirect? > > This is possible to do natively in Shibboleth IdP, however we run all of our > InCommon SAML configuration (this is an InCommon Federated service) through > CAS. > > -- > - Website: https://apereo.github.io/cas <https://apereo.github.io/cas> > - Gitter Chatroom: https://gitter.im/apereo/cas <https://gitter.im/apereo/cas> > - List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7> > - Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6eb7ceae-6023-4718-874d-13496839257e%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6eb7ceae-6023-4718-874d-13496839257e%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/48C2787E-3C6A-4935-B23A-CC4F2F7BAD44%40gmail.com.
