The IdP automatically generates metadata. And the correct endpoints are listed on this page, including the metadata endpoint:
https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html Usually with SAML you provide the SP with a copy of your metadata, ideally loaded from the URL automatically. If you need to provide separate URLs to the SP, you'll find the correct ones in the metadata and/or using the paths from documentation. On Wed, 2021-03-17 at 10:26 -0700, Bartosz Nitkiewicz wrote: > Hi, > Thanks for reply. > What do you mean your IdP generated metadata? > > I did something like this as they recommended: > https://help.servicedeskplus.com/saml-authentication$configuration > > As loginURL I've provided my https://myserver.org/cas/idp, I don't > know if it is correct url? > I'm wondering what is Assertion Consumer URL and where should I place > it? > > Also I've uploaded my certificate. > > my cas.properties for SAML looks like this: > > ## SAML2 ## > > cas.authn.saml-idp.entity-id: ${cas.server.prefix}/idp > cas.authn.saml-idp.metadata.location=file:/etc/cas/saml > > and service registry for app: > > { > @class: org.apereo.cas.support.saml.services.SamlRegisteredService > serviceId: MExx_6d2ea86d-b4e1-4473-8d4b-7a1378964e8b > name: serwisapp > id: 1615981648113 > proxyTicketExpirationPolicy: > { > @class: > org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpiration > Policy > } > serviceTicketExpirationPolicy: > { > @class: > org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirati > onPolicy > } > evaluationOrder: 2 > attributeReleasePolicy: > { > @class: > org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy > excludeDefaultAttributes: true > authorizedToReleaseAuthenticationAttributes: false > } > metadataLocation: file://etc/cas- > mgmt/metadata/174faaa56d5138f63770fb792b1a35e26d5486e0.xml <- (this > is correct as cas-managment app create this directory) > requiredAuthenticationContextClass: > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid- > format:transient > nameIdQualifier: "" > signAssertions: true > signingCredentialType: X509 > assertionAudiences: https://servicedeskplus.com/SamlResponseServlet > } > > Regards, > BN > > środa, 17 marca 2021 o 16:49:11 UTC+1 richard.frovarp napisał(a): > > Did you provide the app your IdP generated metadata or provide the > > SP with the information in a different method? As that's the wrong > > end point for the SP to be sending you to: > > > > https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html > > > > On Wed, 2021-03-17 at 06:21 -0700, Bartosz Nitkiewicz wrote: > > > Hi, > > > Another day another CAS problem :) > > > I'm trying to authenticate servicedeskplus.com application > > > through SAML protocol. > > > I've compiled in cas-server-support-saml-idp in my CAS app. > > > Added service registry in CAS-Management app. I used xml file > > > form servicedesk. > > > > > > Everything seems to work but if I want to authenticate > > > serivcedesk it redirects me to this: > > > > > > https://myserver.org/cas/idp?SAMLRequest=fZJfb5swFMWf10%2BBeDdgCCFYSaS02bRI7YaSbA97qRz70loCm%2FmadNunn01XtdWkvB6f3%2F1zrpfI%2B25gm9E96j38HAFddBX96juNbHpaxaPVzHBUyDTvAZkT7LC5u2V5krHBGmeE6eJ30GWGI4J1yugA7bar%2BO7j%2FYwLSSWn5NSWOZnRuiQLkUsyP0EhOM9o3s6D%2FTtY9OQq9oUmHHGEnUbHtfNillOSFYRWR1owmrGy%2BhFcjTVnJcF%2B8bOEds9k4wdRZy%2B0vEMIWrT16yvN3dTi0bkBWZo6LwqOySj%2BQKcVT8anPgE5JkOXej1VcvjXZIriWmmp9MPlDE7PJmSfj8eGNF8Px1Bi85LMjdE49mAPYM9KwLf97es43vKk8O0QBx%2F5HnDwEASiAxevr6IPy3ALNkVk1z7krIRW0iojxUJIMlvUBannBSXzRU3LquSc1tUyfQu9FBlYiG63bUynxO%2Fok7E9d5c3DIqSpJ2sbAh3QwfaxVE6lU3%2F%2F3jrvw%3D%3D > > > > > > service.xlm as attachement (without real cert) > > > > > > Please help me. > > > > > > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4413c968149d8f873e74f136dad7da1c1b00fe75.camel%40ndsu.edu.
