Noelette,
It looks like there is a problem with the validation request. It is either
incorrectly formatted, incomplete, or has the wrong application id.
Try this logger to see what is being sent:
<AsyncLogger name="org.apache" level="warn" />
<AsyncLogger name="org.apache.http" level="debug" />
Ray
On Sat, 2020-11-07 at 12:01 -0800, Noelette Stout wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I am in the process of migrating off of the old Luminis CAS (3.5.3) server and
onto a new CAS 6.2.4 server. I have successfully migrated all of the services
and have them working except for one: Banner ePrint. This one was a pain to get
working on the old server, and it's being a pain now. The actual authentication
is working, but the information is not getting back to ePrint
I am seeing this error in cas.log:
2020-11-04 17:53:43,918 ERROR
[org.apereo.cas.support.saml.util.AbstractSamlObjectBuilder] - <Error on line
1: Element type "samlp:Request" must be followed by either attribute
specifications, ">" or "/>".>
2020-11-04 17:53:43,920 ERROR
[org.apereo.cas.support.saml.util.AbstractSamlObjectBuilder] - <Error on line
1: Element type "samlp:Request" must be followed by either attribute
specifications, ">" or "/>".>
2020-11-04 17:53:43,920 WARN
[org.apereo.cas.web.AbstractServiceValidateController] - <Could not identify
service and/or service ticket for service:
[AbstractWebApplicationService(id=https://banepr.isos.isu.edu/cgi-bin/eprintcas.cgi?ACTION=LOGIN&REPOSITORY=XFIN,
originalUrl=https://banepr.isos.isu.edu/cgi-bin/eprintcas.cgi?ACTION=LOGIN&REPOSITORY=XFIN,
artifactId=null, principal=null, source=TARGET, loggedOutAlready=false,
format=XML, attributes={})]>
2020-11-04 17:53:43,921 ERROR
[org.apereo.cas.support.saml.util.AbstractSamlObjectBuilder] - <Error on line
1: Element type "samlp:Request" must be followed by either attribute
specifications, ">" or "/>".>
In the ssl_error_log on the eprint server, I see this:
[Wed Nov 04 17:53:43.935254 2020] [cgi:error] [pid 26887] [client
134.50.202.49:52641] AH01215: <SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Body><saml1p:Response
InResponseTo="banepr.isos.isu.edu" IssueInstant="2020-11-05T00:53:38.922Z"
MajorVersion="1" MinorVersion="1"
ResponseID="_0b92ab2297f8c2c84009fe6d0d84b7a4"
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"><saml1p:Status><saml1p:StatusCode
Value="saml1p:RequestDenied"/></saml1p:Status></saml1p:Response></SOAP-ENV:Body></SOAP-ENV:Envelope>,
referer: https://banepr.isos.isu.edu/
ePrint uses the AuthCASSaml perl module which I had to tweak (and I'm not a
perl programmer) to work with Luminis CAS. I have tried both the original
version and the modified version but get the same results with both.
I'm relatively new to the intricacies of CAS, so any help or insights would be
greatly appreciated.
Thanks,
Noelette
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b80f48e5dafe16e02f6bd47eec311dce75c9035f.camel%40uvic.ca.
