[cas-user] Re: CAS 5.1 and SAML2 parsing error

[Jeremiah Garmatter]

Scott,

To me, it sounds like the 
*org.apereo.cas.support.saml.services.SamlRegisteredService 
*class is not defined. If you're using the Maven or Gradle overlay 
template, did you include the  dependency for cas-server-support-saml-idp?
Here is the CAS documentation for more info on 5.1.x saml 2 protocol: 
https://apereo.github.io/cas/5.1.x/installation/Configuring-SAML2-Authentication.html#configuration

Hope this helps!

On Wednesday, August 12, 2020 at 8:50:53 AM UTC-4 Scott G wrote:

> Hi all,
>
> I'm seeking help with an existing CAS 5.1.5 instance SAML1.1 setup with 
> David Curry's outstanding CAS setup guide. It's been working just fine for 
> our basic needs with our LDAP using SAML 1.1.
>
> We recently took on a COVID-related project that requires use of a 
> third-party SAML2 SSO authentication method, which CAS 5.1.5 appears to 
> support (I think). 
>
> We've submitted the IdP 509x signing cert (from certs auto-generated in 
> /etc/cas/saml) to the vendor who in turn generated our sign on information 
> for their auth0 mechanism and we generated the json service entry for our 
> CAS instance:
>
> file: /etc/cas/services/vendor-
> *1597152880.json [redacted vendor and ourconnectionname] *
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *{     "@class": 
> "org.apereo.cas.support.saml.services.SamlRegisteredService",     
> "serviceId": "urn:auth0:vendor:ourconnectionname",     "name": "Vendor", 
>     "id": 1597152880,     "metadataLocation": 
> "https://vendor.us.auth0.com/samlp/metadata?connection=ourconnectionname"; 
> <https://vendor.us.auth0.com/samlp/metadata?connection=ourconnectionname>, 
>     "signingSignatureAlgorithms": [         "java.util.ArrayList",         
> [             "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; 
> <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>         ]     ],     
> "signingSignatureReferenceDigestMethods": [         "java.util.ArrayList", 
>         [             "http://www.w3.org/2001/04/xmlenc#sha256"; 
> <http://www.w3.org/2001/04/xmlenc#sha256>         ]     ],     
> "attributeReleasePolicy": {         "@class": 
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", 
> "allowedAttributes": [             "java.util.ArrayList",             [     
>                     "UDC_IDENTIFIER",                 /* some other 
> attributes here*/                ]         ]     } } *
>
>
> Here's /etc/cas/config/cas.properties [edited/redacted]
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *cas.server.name <http://cas.server.name>: https://hostname:8443 
> <https://hostname:8443> cas.server.prefix: ${cas.server.name 
> <http://cas.server.name>}:8443/cas 
> cas.adminPagesSecurity.actuatorEndpointsEnabled:        true 
> cas.monitor.endpoints.enabled:          true 
> endpoints.enabled:                      true 
> cas.monitor.endpoints.sensitive:        false 
> endpoints.sensitive:                    false 
> cas.adminPagesSecurity.loginUrl:        ${cas.server.prefix}/login 
> cas.adminPagesSecurity.service:         
> ${cas.server.prefix}/status/dashboard 
> cas.adminPagesSecurity.users:           
> file:/etc/cas/config/admusers.properties 
> cas.adminPagesSecurity.adminRoles[0]:   ROLE_ADMIN **logging.config: 
> file:/etc/cas/config/log4j2.xml*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> * #location of service registry files cas.serviceRegistry.config.location: 
> file:/etc/cas/services cas.tgc.secure:                       true 
> cas.tgc.crypto.signing.key:   [redacted] cas.tgc.crypto.encryption.key:    
> [redacted] cas.webflow.crypto.signing.key:    [redacted] 
> cas.webflow.crypto.encryption.key:    [redacted] cas.authn.accept.users: 
> cas.authn.ldap[0].name:                 LDAP 
> cas.authn.ldap[0].type=AUTHENTICATED #rest of  LDAP config omitted but it 
> works cas.authn.samlIdp.entityId=https://hostname.simons-rock.edu/idp 
> <https://hostname.simons-rock.edu/idp> 
> cas.authn.samlIdp.scope=simons-rock.edu <http://simons-rock.edu> 
> cas.samlidp.metadata.location=file:/etc/cas/saml 
> cas.samlidp.hostname=hostname.simons-rock.edu 
> <http://hostname.simons-rock.edu> cas.samlidp.scope=simons-rock.edu 
> <http://simons-rock.edu> 
> cas.samlidp.entityid=https://hostname.simons-rock.edu/idp 
> <https://hostname.simons-rock.edu/idp> cas.samlidp.response.skewAllowance=0 
> cas.samlidp.metadata.cache.exp.minutes=30 
> cas.samlidp.metadata.failfast.init=true 
> cas.samlidp.metadata.require.valid=true 
> cas.authn.ldap[0].principalAttributeId=uid 
> cas.logout.followServiceRedirects=true *
>
>
>
> The parsing error is as follows:
>
> *2020-08-12 08:26:16,658 ERROR 
> [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - 
> <Cannot read/parse JSON [{"*
> *@class":"org.apereo.cas.support.saml.services.SamlRegisteredService","serviceId":"urn:auth0:cov...]
>  
> to deserialize into type [interfa*
> *ce org.apereo.cas.services.RegisteredService]. This may be caused in the 
> absence of a configuration/support module that knows how to *
> *interpret the JSON fragment, specially if the fragment describes a CAS 
> registered service definition. Internal parsing error is [Coul*
> *d not resolve type id 
> 'org.apereo.cas.support.saml.services.SamlRegisteredService' into a subtype 
> of [simple type, class org.apereo.c*
> *as.services.RegisteredService]: no such class found*
> * at [Source: 
> {"@class":"org.apereo.cas.support.saml.services.SamlRegisteredService","serviceId":"urn:auth0:vendor:connectionname","name":"CoVerified","id":1597152880,"metadataLocation":"https://vendor.us.auth0.com/samlp/metadata?connection=connectionname
>  
> <https://vendor.us.auth0.com/samlp/metadata?connection=connectionname>*
> *imonrock","signingSignatureAlgorithms":["java.util.ArrayList",["http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
>  
> <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>]],"signingSignatur*
> *eReferenceDigestMethods":["java.util.ArrayList",["http://www.w3.org/2001/04/xmlenc#sha256";
>  
> <http://www.w3.org/2001/04/xmlenc#sha256>]],"attributeReleasePolicy":{"@class":"org.*
> *apereo.cas.services.ReturnAllowedAttributeReleasePolicy","allowedAttributes":["java.util.ArrayList",["UDC_IDENTIFIER"]]}};
>  
> line: 1, c*
> *olumn: 11]]>*
> *2020-08-12 08:26:16,658 ERROR 
> [org.apereo.cas.services.AbstractResourceBasedServiceRegistryDao] - <Could 
> not load service definition *
> *from file [/etc/cas/services/vendor-1597152880.json]>*
>
> I'm not sure if I have this setup properly or if using this somewhat older 
> version of CAS part issue? 
>
> Any advise you have to offer would be greatly appreciated. 
>
> Thanks in advance,
>
> Scott
>
> -- 
> Scott Gennari
> System Administrator
> Information Technology Services
> Bard College at Simon's Rock
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/de9358ed-38ee-4cd8-ad85-2fcd062c401dn%40apereo.org.