Hi all. I'm having trouble setting up SAML2 delegation with the version mentioned in the subject.
The IdP I'm working with only provides me the SAML specification for requesting attributes, their certificate chain (including mine, which is signed by them). So, to work with CAS, I had to build the metadata files for both IdP (them) and SP (mine). I've already built a KeyStore containing only the private key for my certificate and its loaded. When I change the key alias in the properties, an exception is thrown in CAS. When I try to access the IdP through the button provided in the login page, CAS throws an exception: 2020-01-20 15:31:17,406 DEBUG > [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler] > - <Message Handler: Evaluating message replay for message ID > 'xxxxf0ax-xxxx-xxxx-xxxx-xxxxe7bd26ce', issue instant > '2020-01-20T15:31:49.019Z', entityID 'saml.xxx.xxxx.xxx'> > *2020-01-20 15:31:17,407 DEBUG > [org.opensaml.storage.AbstractMapBackedStorageService] - <Read failed, > context > 'org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler' > not found>*2020-01-20 15:31:17,408 DEBUG > [org.opensaml.storage.ReplayCache] - <Value ' > xxxxf0ax-xxxx-xxxx-xxxx-xxxxe7bd26ce' was not a replay, adding to cache > with expiration time 1579534609019> > 2020-01-20 15:31:17,419 ERROR > [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] > - <Servlet.service() for servlet [dispatcherServlet] in context with path > [/cas] threw exception [Request processing failed; nested exception is > org.springframework.webflow.execution.ActionExecutionException: Exception > thrown executing > org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@5a9d26d6 in > state 'delegatedAuthenticationAction' of flow 'login' -- action execution > attributes were 'map[[empty]]'] with root cause> > > *org.pac4j.saml.exceptions.SAMLException: Response is not success ; actual > urn:oasis:names:tc:SAML:2.0:status:Requester / > urn:oasis:names:tc:SAML:2.0:status:RequestDenied (The issuer is unknown)* > at > org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator.validateSuccess(AbstractSAML2ResponseValidator.java:105) > ~[pac4j-saml-4.0.0-RC2.jar!/:?] > at > org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlProtocolResponse(SAML2AuthnResponseValidator.java:190) > ~[pac4j-saml-4.0.0-RC2.jar!/:?] > at > org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:106) > ~[pac4j-saml-4.0.0-RC2.jar!/:?] ... I don't know what to look for. I know there's a <saml:issuer> tag on the request standard for SAML, but the documentation is not clear about this subject. Can you guys give me some advice or point me in the right direction? Thanks -- Francisco Castel-Branco -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMrou-McLgcuhA5h%2BN6E8YkyV5EGgeg8adDxYp1Hh-R%2B%2B2Ckeg%40mail.gmail.com.
