Yes. We are behind an haproxy. I’ll take a look at that. Thank you! Sent from my iPhone.
On Apr 2, 2020, at 12:24 PM, Michael J Barsic <[email protected]> wrote: CAUTION: This email was generated from outside of CCRI. Please do not click on links or attachments unless you have verified legitimacy of this email. Are you behind a proxy server? I've had a similar issue due to our Nginx proxy blocking the request. Thanks, Mike ________________________________ From: "Michael Daley" <[email protected]> To: "CAS Community" <[email protected]> Sent: Thursday, April 2, 2020 11:43:47 AM Subject: [cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request Hi, A vendor (gartner) performing an sp-initiated SSO to our HTTP-POST binding in unable to complete the authentication webflow. The url that CAS send's the user to on the login page is over 3900 characters long, and appears to cause a browser error. We get 400 - Bad Request when clicking on "sign in". I've used the saml-sp-integration to configure this. cas.samlSp.gartner.name=Gartner cas.samlSp.gartner.metadata=/etc/cas/services/sp-metadata/gartner.xml cas.samlSp.gartner.description=Gartner Integration cas.samlSp.gartner.nameIdAttribute=email cas.samlSp.gartner.attributes=givenName,sn,email cas.samlSp.gartner.entityIds=http://www.gartner.com cas.samlSp.gartner.signResponses=true cas.samlSp.gartner.signAssertions=true There are no errors in the cas log. Running CAS 6.1.5. Also tested against 6.2.0-RC3 Attaching the only logs i could find that could be relevent. I've stripped out some of the base64 encoded SAMLRequest. DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Created service url [https://idp_hostname/cas/idp/profile/SAML2/Callback?entityId=http%3A%2F%2Fwww.gartner.com&SAMLRequest=PD94bWwgdmVyc2lv...]> DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Redirecting SAML authN request to [https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3QuY2NyaS5lZHUvY2FzL2lkcC9wcm9maWxlL1NBTUwyL1BPU1QvU1NPIiBJRD0iSGhFMTZsNldLcWxyRjVmcG5ReV9IODdXSzBRIiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDQtMDJUMTI6Mzg6MjYuMjQxWiIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5h{ removed part of the request param } GF5MkdVQWE5UG5mbmw4ClJhb0IwTjZLaE9mdTBqTTJ0djJoT2VaVVNqNTA0blo2dmJaOXQ3MU5EdGJiNkl2VnZleEgzN0lGVGF3Wk1Cd2hsc3VFWm5SZlFDUGkKbks5dVBWL1pNdFpGTGtYb1l1U3FjV21xTFlrZm1KZTVVQT09CjwvZHM6WDUwOUNlcnRpZmljYXRlPgo8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8%252BCjwvZHM6U2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4%253D%26RelayState%3DOBr0GYRPutE46ryaLYWwapTklrOUUx]> DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Created service url [https://idp_hostname/cas/idp/profile/SAML2/Callback?entityId=http%3A%2F%2Fwww.gartner.com&SAMLRequest=PD94bWwgdmVyc2lv...]> DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Redirecting SAML authN request to [https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3{ removed part of the request param }m5SZlFDUGkKbks5dVBWL1pNdFpGTGtYb1l1U3FjV21xTFlrZm1KZTVVQT09CjwvZHM6WDUwOUNlcnRpZmljYXRlPgo8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8%252BCjwvZHM6U2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4%253D%26RelayState%3DOBr0GYRPutE46ryaLYWwapTklrOUUx]> DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: Thanks for any help. -- - Website: https://apereo.github.io/cas<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868649583&sdata=EMPpcnN1uPzRlU8ayBNYDBMRDaX8cR8peuVXjYm%2B5eY%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868649583&sdata=YazF6k2JuIwO578tKeR6dwnTscA8%2F5l%2BA1lkIdga%2FTs%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868659109&sdata=0ygM7LRbGdPsqaXaZg7liwj6flQ%2BMD3F57gXITNxVqA%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868659109&sdata=9xGB0YsMiHd2l795kAY2oEHLpCXrcPhp4sfFR%2F9BWDw%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/65fca71a-4f64-44f8-a2c1-f19b44b0c241%40apereo.org<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2F65fca71a-4f64-44f8-a2c1-f19b44b0c241%2540apereo.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868668630&sdata=vDXKF4HXdwz5SgIgPscqkLmTRHxgrfdQK%2BmyLJs0NYI%3D&reserved=0>. -- - Website: https://apereo.github.io/cas<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868668630&sdata=MCUErpG20UbYvTaVWrfrQjy5N27nXb%2B29EybtjS%2FGts%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868678153&sdata=NtzBnEuhukduPUZ1tVP1OCI97QLwSg6dVIXiCm4rjXE%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868678153&sdata=e9N7k2GNooR9%2BGOYWW%2BG%2Fif3%2BxQxVSsOrXPC4xsA%2Bb8%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868687673&sdata=9CEDMr%2BMJB6nbcyoiYyQSREBTpI8rwO%2B7lWmrd%2B6kLM%3D&reserved=0> --- You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group. To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/wtbYzvSeaRE/unsubscribe<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Ftopic%2Fcas-user%2FwtbYzvSeaRE%2Funsubscribe&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868687673&sdata=gGxn%2BuX4VPCrllw2ub32DfmaRO8s0NP1SIxYpYgztdk%3D&reserved=0>. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/443768275.36721916.1585844646462.JavaMail.zimbra%40scad.edu<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2F443768275.36721916.1585844646462.JavaMail.zimbra%2540scad.edu%3Futm_medium%3Demail%26utm_source%3Dfooter&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868687673&sdata=RV1CQTWkaSpR7NMRxrWQQFhxIt7By5rsRaqhsDxxNZg%3D&reserved=0>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/FD852EB1-AB22-4252-86B2-9889A62164C2%40ccri.edu.
