Mike, After increasing the http buffer size, this integration is now working. Thank you for the pointer to the proxy. adding the following to haproxy.cfg global section worked for me in this case.
tune.bufsize 65535 tune.maxrewrite 16384 On Thursday, April 2, 2020 at 12:34:41 PM UTC-4, Michael Daley wrote: > > Yes. We are behind an haproxy. I’ll take a look at that. Thank you! > > Sent from my iPhone. > > On Apr 2, 2020, at 12:24 PM, Michael J Barsic <[email protected]> wrote: > > > > CAUTION: This email was generated from outside of CCRI. Please do not > click on links or attachments unless you have verified legitimacy of this > email. > > Are you behind a proxy server? I've had a similar issue due to our Nginx > proxy blocking the request. > > Thanks, > Mike > > ------------------------------ > *From: *"Michael Daley" <[email protected]> > *To: *"CAS Community" <[email protected]> > *Sent: *Thursday, April 2, 2020 11:43:47 AM > *Subject: *[cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad > Request > > Hi, > A vendor (gartner) performing an sp-initiated SSO to our HTTP-POST binding > in unable to complete the authentication webflow. The url that CAS send's > the user to on the login page is over 3900 characters long, and appears to > cause a browser error. We get 400 - Bad Request when clicking on "sign > in". I've used the saml-sp-integration to configure this. > > cas.samlSp.gartner.name=Gartner > cas.samlSp.gartner.metadata=/etc/cas/services/sp-metadata/gartner.xml > cas.samlSp.gartner.description=Gartner Integration > cas.samlSp.gartner.nameIdAttribute=email > cas.samlSp.gartner.attributes=givenName,sn,email > cas.samlSp.gartner.entityIds=http://www.gartner.com > cas.samlSp.gartner.signResponses=true > cas.samlSp.gartner.signAssertions=true > > There are no errors in the cas log. > Running CAS 6.1.5. Also tested against 6.2.0-RC3 > > Attaching the only logs i could find that could be relevent. I've > stripped out some of the base64 encoded SAMLRequest. > > DEBUG > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] > > - <Created service url [ > https://idp_hostname/cas/idp/profile/SAML2/Callback?entityId=http%3A%2F%2Fwww.gartner.com&SAMLRequest=PD94bWwgdmVyc2lv... > ]> > DEBUG > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] > > - <Redirecting SAML authN request to [ > https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3QuY2NyaS5lZHUvY2FzL2lkcC9wcm9maWxlL1NBTUwyL1BPU1QvU1NPIiBJRD0iSGhFMTZsNldLcWxyRjVmcG5ReV9IODdXSzBRIiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDQtMDJUMTI6Mzg6MjYuMjQxWiIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5h{ > > <https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3QuY2NyaS5lZHUvY2FzL2lkcC9wcm9maWxlL1NBTUwyL1BPU1QvU1NPIiBJRD0iSGhFMTZsNldLcWxyRjVmcG5ReV9IODdXSzBRIiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDQtMDJUMTI6Mzg6MjYuMjQxWiIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5h%7B> > > removed part of the request param } > GF5MkdVQWE5UG5mbmw4ClJhb0IwTjZLaE9mdTBqTTJ0djJoT2VaVVNqNTA0blo2dmJaOXQ3MU5EdGJiNkl2VnZleEgzN0lGVGF3Wk1Cd2hsc3VFWm5SZlFDUGkKbks5dVBWL1pNdFpGTGtYb1l1U3FjV21xTFlrZm1KZTVVQT09CjwvZHM6WDUwOUNlcnRpZmljYXRlPgo8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8%252BCjwvZHM6U2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4%253D%26RelayState%3DOBr0GYRPutE46ryaLYWwapTklrOUUx]> > DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing > service in context scope: DEBUG > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] > > - <Created service url [ > https://idp_hostname/cas/idp/profile/SAML2/Callback?entityId=http%3A%2F%2Fwww.gartner.com&SAMLRequest=PD94bWwgdmVyc2lv... > ]> > DEBUG > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] > > - <Redirecting SAML authN request to [ > https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3{ > > <https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3%7B> > > removed part of the request param > }m5SZlFDUGkKbks5dVBWL1pNdFpGTGtYb1l1U3FjV21xTFlrZm1KZTVVQT09CjwvZHM6WDUwOUNlcnRpZmljYXRlPgo8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8%252BCjwvZHM6U2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4%253D%26RelayState%3DOBr0GYRPutE46ryaLYWwapTklrOUUx]> > DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing > service in context scope: > > > Thanks for any help. > > -- > - Website: https://apereo.github.io/cas > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868649583&sdata=EMPpcnN1uPzRlU8ayBNYDBMRDaX8cR8peuVXjYm%2B5eY%3D&reserved=0> > - Gitter Chatroom: https://gitter.im/apereo/cas > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868649583&sdata=YazF6k2JuIwO578tKeR6dwnTscA8%2F5l%2BA1lkIdga%2FTs%3D&reserved=0> > - List Guidelines: https://goo.gl/1VRrw7 > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868659109&sdata=0ygM7LRbGdPsqaXaZg7liwj6flQ%2BMD3F57gXITNxVqA%3D&reserved=0> > - Contributions: https://goo.gl/mh7qDG > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868659109&sdata=9xGB0YsMiHd2l795kAY2oEHLpCXrcPhp4sfFR%2F9BWDw%3D&reserved=0> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/65fca71a-4f64-44f8-a2c1-f19b44b0c241%40apereo.org > > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2F65fca71a-4f64-44f8-a2c1-f19b44b0c241%2540apereo.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868668630&sdata=vDXKF4HXdwz5SgIgPscqkLmTRHxgrfdQK%2BmyLJs0NYI%3D&reserved=0> > . > > -- > - Website: https://apereo.github.io/cas > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868668630&sdata=MCUErpG20UbYvTaVWrfrQjy5N27nXb%2B29EybtjS%2FGts%3D&reserved=0> > - Gitter Chatroom: https://gitter.im/apereo/cas > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868678153&sdata=NtzBnEuhukduPUZ1tVP1OCI97QLwSg6dVIXiCm4rjXE%3D&reserved=0> > - List Guidelines: https://goo.gl/1VRrw7 > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868678153&sdata=e9N7k2GNooR9%2BGOYWW%2BG%2Fif3%2BxQxVSsOrXPC4xsA%2Bb8%3D&reserved=0> > - Contributions: https://goo.gl/mh7qDG > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868687673&sdata=9CEDMr%2BMJB6nbcyoiYyQSREBTpI8rwO%2B7lWmrd%2B6kLM%3D&reserved=0> > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/wtbYzvSeaRE/unsubscribe > > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Ftopic%2Fcas-user%2FwtbYzvSeaRE%2Funsubscribe&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868687673&sdata=gGxn%2BuX4VPCrllw2ub32DfmaRO8s0NP1SIxYpYgztdk%3D&reserved=0> > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/443768275.36721916.1585844646462.JavaMail.zimbra%40scad.edu > > <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2F443768275.36721916.1585844646462.JavaMail.zimbra%2540scad.edu%3Futm_medium%3Demail%26utm_source%3Dfooter&data=02%7C01%7Cmjdaley1%40ccri.edu%7C7c370da2628241d12dcf08d7d72250e4%7Caf75351b37eb4405bf7a7327cec380a5%7C0%7C1%7C637214414868687673&sdata=RV1CQTWkaSpR7NMRxrWQQFhxIt7By5rsRaqhsDxxNZg%3D&reserved=0> > . > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a4bfe6f-520e-42c2-9a60-40b0516f5eea%40apereo.org.
