Hi all,
I'm seeking help with an existing CAS 5.1.5 instance SAML1.1 setup with
David Curry's outstanding CAS setup guide. It's been working just fine
for our basic needs with our LDAP using SAML 1.1.
We recently took on a COVID-related project that requires use of a
third-party SAML2 SSO authentication method, which CAS 5.1.5 appears to
support (I think).
We've submitted the IdP 509x signing cert (from certs auto-generated in
/etc/cas/saml) to the vendor who in turn generated our sign on
information for their auth0 mechanism and we generated the json service
entry for our CAS instance:
file: /etc/cas/services/vendor-/1597152880.json [redacted vendor and
ourconnectionname]
/
/{
"@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "urn:auth0:vendor:ourconnectionname",
"name": "Vendor",
"id": 1597152880,
"metadataLocation":
"https://vendor.us.auth0.com/samlp/metadata?connection=ourconnectionname";,
"signingSignatureAlgorithms": [
"java.util.ArrayList",
[
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
]
],
"signingSignatureReferenceDigestMethods": [
"java.util.ArrayList",
[
"http://www.w3.org/2001/04/xmlenc#sha256";
]
],
"attributeReleasePolicy": {
"@class":
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes": [
"java.util.ArrayList",
[
"UDC_IDENTIFIER",
/* some other attributes here*/
]
]
}
}
/
Here's /etc/cas/config/cas.properties [edited/redacted]
/cas.server.name: https://hostname:8443
cas.server.prefix: ${cas.server.name}:8443/cas
cas.adminPagesSecurity.actuatorEndpointsEnabled: true
cas.monitor.endpoints.enabled: true
endpoints.enabled: true
cas.monitor.endpoints.sensitive: false
endpoints.sensitive: false
cas.adminPagesSecurity.loginUrl: ${cas.server.prefix}/login
cas.adminPagesSecurity.service: ${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users: file:/etc/cas/config/admusers.properties
cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN
//logging.config: file:/etc/cas/config/log4j2.xml//
#location of service registry files
cas.serviceRegistry.config.location: file:/etc/cas/services
cas.tgc.secure: true
cas.tgc.crypto.signing.key: [redacted]
cas.tgc.crypto.encryption.key: [redacted]
cas.webflow.crypto.signing.key: [redacted]
cas.webflow.crypto.encryption.key: [redacted]
cas.authn.accept.users:
cas.authn.ldap[0].name: LDAP
cas.authn.ldap[0].type=AUTHENTICATED
#rest of LDAP config omitted but it works
*cas.authn.samlIdp.entityId=https://hostname.simons-rock.edu/idp**
**cas.authn.samlIdp.scope=simons-rock.edu**
**
**cas.samlidp.metadata.location=file:/etc/cas/saml**
**cas.samlidp.hostname=hostname.simons-rock.edu**
**cas.samlidp.scope=simons-rock.edu**
**cas.samlidp.entityid=https://hostname.simons-rock.edu/idp**
**cas.samlidp.response.skewAllowance=0**
**cas.samlidp.metadata.cache.exp.minutes=30**
**cas.samlidp.metadata.failfast.init=true**
**cas.samlidp.metadata.require.valid=true*
cas.authn.ldap[0].principalAttributeId=uid
cas.logout.followServiceRedirects=true
/
/
/
The parsing error is as follows:
/2020-08-12 08:26:16,658 ERROR
[org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer]
- <Cannot read/parse JSON [{"//
//@class":"org.apereo.cas.support.saml.services.SamlRegisteredService","serviceId":"urn:auth0:cov...]
to deserialize into type [interfa//
//ce org.apereo.cas.services.RegisteredService]. This may be caused in
the absence of a configuration/support module that knows how to //
//interpret the JSON fragment, specially if the fragment describes a CAS
registered service definition. Internal parsing error is [Coul//
//d not resolve type id
'org.apereo.cas.support.saml.services.SamlRegisteredService' into a
subtype of [simple type, class org.apereo.c//
//as.services.RegisteredService]: no such class found//
// at [Source:
{"@class":"org.apereo.cas.support.saml.services.SamlRegisteredService","serviceId":"urn:auth0:vendor:connectionname","name":"CoVerified","id":1597152880,"metadataLocation":"https://vendor.us.auth0.com/samlp/metadata?connection=connectionname//
//imonrock","signingSignatureAlgorithms":["java.util.ArrayList",["http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"]],"signingSignatur//
//eReferenceDigestMethods":["java.util.ArrayList",["http://www.w3.org/2001/04/xmlenc#sha256"]],"attributeReleasePolicy":{"@class":"org.//
//apereo.cas.services.ReturnAllowedAttributeReleasePolicy","allowedAttributes":["java.util.ArrayList",["UDC_IDENTIFIER"]]}};
line: 1, c//
//olumn: 11]]>//
//2020-08-12 08:26:16,658 ERROR
[org.apereo.cas.services.AbstractResourceBasedServiceRegistryDao] -
<Could not load service definition //
//from file [/etc/cas/services/vendor-1597152880.json]>//
/
I'm not sure if I have this setup properly or if using this somewhat
older version of CAS part issue?
Any advise you have to offer would be greatly appreciated.
Thanks in advance,
Scott
--
Scott Gennari
System Administrator
Information Technology Services
Bard College at Simon's Rock
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1042bb2d-d3eb-4ba9-0e31-ee44c4ea4c65%40simons-rock.edu.
