SOLVED.
I found my problem.
I defined service for the url twice.
The first one for web application, the second one for saml application. It
found the web application first, so denied because it was not a saml
service.
For my dev, I permit all .*.localhost application to use CAS :
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^http://..localhost/.";,
And for my SAML test, I permit :
@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "http://saml.localhost/demo1/metadata.php";,
Le mardi 5 mai 2020 13:27:10 UTC+2, Matthieu Marc a écrit :
>
> Hello,
>
> I am using CAS 6.1.6 and I am trying to configure CAS as SAML2 IDP.
>
> I included compile
> "org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}" in
> build.gradle.
>
> I am able to retrieve metadata information :
> https://cas.localhost/cas/idp/metadata
>
> To test, I installed php-saml demo1 script from
> https://developers.onelogin.com/saml/php. Client URL is
> http://saml.localhost/demo1/
>
> My client settings are :
> $settingsInfo = array (
> 'sp' => array (
> 'entityId' => $spBaseUrl.'/demo1/metadata.php',
> 'assertionConsumerService' => array (
> 'url' => $spBaseUrl.'/demo1/index.php?acs',
> ),
> 'singleLogoutService' => array (
> 'url' => $spBaseUrl.'/demo1/index.php?sls',
> ),
> 'NameIDFormat' =>
> 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
> ),
> 'idp' => array (
> 'entityId' => 'https://cas.example.org/idp',
> 'singleSignOnService' => array (
> 'url' => '
> https://cas.localhost/cas/idp/profile/SAML2/Redirect/SSO',
> ),
> 'singleLogoutService' => array (
> 'url' => '
> https://cas.localhost/cas/idp/profile/SAML2/POST/SLO',
> ),
> 'x509cert' => 'MIIDF...==',
> ),
> );
>
> When trying to login, I get an error on CAS : service is not authorized.
>
> I installed service registry as json file :
>
> {
> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId" : "http://saml.localhost/demo1/metadata.php";,
> "name" : "saml",
> "id" : 2000,
> "evaluationOrder" : 10,
> "metadataLocation" : "http://saml.localhost/demo1/metadata.php";,
> "accessStrategy" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled" : true
> }
> }
>
> In CAS log, I can see :
>
> [org.apereo.cas.services.AbstractServicesManager] - <Adding registered
> service [http://saml.localhost/demo1/metadata.php] with name [saml] and
> internal identifier [2000]>
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>
> - <Checking service access in CAS service registry for
> [AbstractWebApplicationService(id=http://saml.localhost/demo1/metadata.php,
> originalUrl=http://saml.localhost/demo1/metadata.php, artifactId=null,
> principal=null, source=null, loggedOutAlready=false, format=XML,
> attributes={})]>
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>
> - <[http://saml.localhost/demo1/metadata.php] is not found in the
> registry or service access is denied. Ensure service is registered in
> service registry>
>
> Where is my error ? I tried to configure serviceId with regex, without
> success.
>
> Can someone help ? Thanks
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/23bd91e0-d52f-41e9-8747-234a300738d1%40apereo.org.
