Hi, Thanks for reply. What do you mean *your IdP generated metadata*? I did something like this as they recommended: https://help.servicedeskplus.com/saml-authentication$configuration
As loginURL I've provided my https://myserver.org/cas/idp, I don't know if it is correct url? I'm wondering what is Assertion Consumer URL and where should I place it? Also I've uploaded my certificate. my cas.properties for SAML looks like this: ## SAML2 ## cas.authn.saml-idp.entity-id: ${cas.server.prefix}/idp cas.authn.saml-idp.metadata.location=file:/etc/cas/saml and service registry for app: { @class: org.apereo.cas.support.saml.services.SamlRegisteredService serviceId: MExx_6d2ea86d-b4e1-4473-8d4b-7a1378964e8b name: serwisapp id: 1615981648113 proxyTicketExpirationPolicy: { @class: org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy } serviceTicketExpirationPolicy: { @class: org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy } evaluationOrder: 2 attributeReleasePolicy: { @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy excludeDefaultAttributes: true authorizedToReleaseAuthenticationAttributes: false } metadataLocation: file://etc/cas-mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml *<- (this is correct as cas-managment app create this directory)* requiredAuthenticationContextClass: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:transient nameIdQualifier: "" signAssertions: true signingCredentialType: X509 assertionAudiences: https://servicedeskplus.com/SamlResponseServlet } Regards, BN środa, 17 marca 2021 o 16:49:11 UTC+1 richard.frovarp napisał(a): > Did you provide the app your IdP generated metadata or provide the SP with > the information in a different method? As that's the wrong end point for > the SP to be sending you to: > > > https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html > > On Wed, 2021-03-17 at 06:21 -0700, Bartosz Nitkiewicz wrote: > > Hi, > Another day another CAS problem :) > I'm trying to authenticate servicedeskplus.com application through SAML > protocol. > > - I've compiled in cas-server-support-saml-idp in my CAS app. > > > - Added service registry in CAS-Management app. I used xml file form > servicedesk. > > > Everything seems to work but if I want to authenticate serivcedesk it > redirects me to this: > > > https://myserver.org/cas/idp?SAMLRequest=fZJfb5swFMWf10%2BBeDdgCCFYSaS02bRI7YaSbA97qRz70loCm%2FmadNunn01XtdWkvB6f3%2F1zrpfI%2B25gm9E96j38HAFddBX96juNbHpaxaPVzHBUyDTvAZkT7LC5u2V5krHBGmeE6eJ30GWGI4J1yugA7bar%2BO7j%2FYwLSSWn5NSWOZnRuiQLkUsyP0EhOM9o3s6D%2FTtY9OQq9oUmHHGEnUbHtfNillOSFYRWR1owmrGy%2BhFcjTVnJcF%2B8bOEds9k4wdRZy%2B0vEMIWrT16yvN3dTi0bkBWZo6LwqOySj%2BQKcVT8anPgE5JkOXej1VcvjXZIriWmmp9MPlDE7PJmSfj8eGNF8Px1Bi85LMjdE49mAPYM9KwLf97es43vKk8O0QBx%2F5HnDwEASiAxevr6IPy3ALNkVk1z7krIRW0iojxUJIMlvUBannBSXzRU3LquSc1tUyfQu9FBlYiG63bUynxO%2Fok7E9d5c3DIqSpJ2sbAh3QwfaxVE6lU3%2F%2F3jrvw%3D%3D > > service.xlm as attachement (without real cert) > > Please help me. > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8fb673df-ee05-46c1-b684-dbff878d87a0n%40apereo.org.
