Hello everyone, I am trying to integrate CAS 6.1 and share point 2013. I managed to adjust the mapping and everything looks fine. unfortunately I am getting this error from share point
[FailedAuthenticationException: The Audience URI could not be validated.] Microsoft.SharePoint.IdentityModel.SPSaml11SecurityTokenHandler.ValidateConditions(SamlConditions conditions, Boolean enforceAudienceRestriction) +147 Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) +322 Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +127 Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) +147 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +508 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +323 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +138 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +142 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +75 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +93 on CAS side I get no error. I tried to investigate further and found that share point is looking for a different namespace than the one sent by cas share point is looking for <t:RequestSecurityTokenResponse xmlns:t= "http://schemas.xmlsoap.org/ws/2005/02/trust";> <t:Lifetime> But CAS returns : <RequestSecurityTokenResponseCollection xmlns= "http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:ns3= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:ns4="http://www.w3.org/2005/08/addressing"; xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802"; > <RequestSecurityTokenResponse> This is our service definition: { "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService" , "serviceId" : "^(https|http)://xxx.xxx.xxx.xxx(.*)", "realm" : "urn:org:apereo:cas:ws:idp:realm-CAS", "name" : "Simple WS fed test application", "id" : 101, "evaluationOrder" : 2, "tokenType" : "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";, "attributeReleasePolicy" : { "@class" : "org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy", "allowedAttributes" : { "@class" : "java.util.TreeMap", "USER_PRINCIPAL_NAME":"groovy { return attributes['mail'].get(0) }", "COMMON_NAME":"groovy { return attributes['displayName'].get(0) }", "ROLE":"file:/tmp/cas-service-registry/script.groovy", "EMAIL_ADDRESS":"groovy { return attributes['mail'].get(0) }" } } } Any idea how can I solve this problem ?? kindest regards. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1a8e330-be1f-4d28-9854-cc207641d9d8%40apereo.org.
