Good question. Oddly I never see a SAML2 request in the audit log. Could be that the sp is not doing SAML2.0. Would that make sense??
Keith Alston Regent University IT Department keit...@regent.edu 757.619.3421 ________________________________ From: cas-user@apereo.org <cas-user@apereo.org> on behalf of Ray Bon <r...@uvic.ca> Sent: Tuesday, April 13, 2021 11:31 AM To: cas-user@apereo.org <cas-user@apereo.org> Subject: [External] Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3 Keith, What is the value of the Issuer in the authentication request? It should be the same as the entityId in the metadata. Ray On Mon, 2021-04-12 at 20:41 +0000, Keith Alston (Staff) wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. replaced the serviceid with the entityid from the sp metadata which is: https://regent-team.myfreshworks.com/sp/SAML/26912657608931/metadata<https://urldefense.com/v3/__https://regent-team.myfreshworks.com/sp/SAML/26912657608931/metadata__;!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKRtzMkq8$> yes, this is the entityid in the sp metadata! now I'm getting this: 2021-04-12 16:27:27,481 WARN [org.apereo.cas.web.flow.ServiceAuthorizationCheck] - <Service Management: missing service. Service [https://regent-team.myfreshwor<https://urldefense.com/v3/__https://regent-team.myfreshwor__;!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKaF5et-a$> ks.com/sp/SAML/26912657608931/callback] is not found in service registry.> 2021-04-12 16:27:27,481 DEBUG [org.springframework.webflow.engine.impl.FlowExecu tionImpl] - <Attempting to handle [org.springframework.webflow.execution.ActionE xecutionException: Exception thrown executing org.apereo.cas.web.flow.ServiceAut horizationCheck@2262e7de in state 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause [org.apereo.ca s.services.UnauthorizedServiceException: Service Management: missing service. Se rvice [https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback<https://urldefense.com/v3/__https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback__;!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKWC9oCWy$>] is not found in service registry.]> 2021-04-12 16:27:27,481 DEBUG [org.springframework.webflow.engine.support.Transi tionExecutingFlowExecutionExceptionHandler] - <Handling flow execution exception org.springframework.webflow.execution.ActionExecutionException: Exception throw n executing org.apereo.cas.web.flow.ServiceAuthorizationCheck@2262e7de in state 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes were 'map[[empty]]'> Keith Alston Regent University IT Department keit...@regent.edu 757.352.4081 ________________________________ From: cas-user@apereo.org <cas-user@apereo.org> on behalf of Trenton Adams <tre...@athabascau.ca> Sent: Monday, April 12, 2021 2:56 PM To: cas-user@apereo.org <cas-user@apereo.org> Subject: [External] Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3 Oops, I had meant to paste this. This should allow anything with domain.com and prefix regent-team.myfresh to authenticate against your CAS server. ^(https|http):\/\/regent-team\.myfresh.*domain\.com(:[0-9]{1,5})?\/.*$" From: <cas-user@apereo.org> on behalf of Trenton Adams <tre...@athabascau.ca> Reply-To: "cas-user@apereo.org" <cas-user@apereo.org> Date: Monday, April 12, 2021 at 12:53 PM To: "cas-user@apereo.org" <cas-user@apereo.org> Subject: Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3 I’m pretty sure the serviced is supposed to be a regular expression, no?. * after an ‘h’ means repeat the ‘h’. Put ‘.*’ and you’ll repeat anything, but that wouldn’t be what you want either, as that would allow any domain with a DNS prefix of ‘regent-team.myfresh’, to authenticate against your CAS instance. From: <cas-user@apereo.org> on behalf of "Keith Alston (Staff)" <keit...@regent.edu> Reply-To: "cas-user@apereo.org" <cas-user@apereo.org> Date: Monday, April 12, 2021 at 12:46 PM To: "cas-user@apereo.org" <cas-user@apereo.org> Subject: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3 Any ideas on what might be going on here? I get the "Application Not Authorized to Use CAS" page when redirected to CAS. 2021-04-12 14:21:32,474 WARN [org.apereo.cas.services.web.RegisteredServiceThemeResolver] - <No registered service is found to match [AbstractWebApplicationService(id=https://regent-team.myfreshworks.com/sp/SAML/269126576089314274/callback<https://urldefense.com/v3/__https://regent-team.myfreshworks.com/sp/SAML/269126576089314274/callback__;!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhLv-YOwe$>, originalUrl=https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback<https://urldefense.com/v3/__https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback__;!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhPOLBa3M$>, artifactId=null, principal=null, source=AssertionConsumerServiceURL, loggedOutAlready=true, format=XML, attributes={})] or access is denied. Using default theme [cas-theme-default]> here's my service file: { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "^(https|http)://regent-team.myfresh*", "name" : "freshregistrar", "id" : 1608070210, "metadataLocation" : "https://regent-team.myfreshworks.com/sp/SAML/26912657608931/metadata"<https://urldefense.com/v3/__https://regent-team.myfreshworks.com/sp/SAML/26912657608931/metadata*22__;JQ!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhGAk9jv4$>, "evaluationOrder" : 17, "requiredNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", "attributeReleasePolicy" : { @class : org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy allowedAttributes : [ "java.util.ArrayList", [ "firstname","lastname","email","nameid","phone","mobile","title" ]] }, } Keith Alston Regent University IT Department keit...@regent.edu 757.619.3421 -- - Website: https://apereo.github.io/cas<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fapereo.github.io*2Fcas&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031085158*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=Qvk*2Bza9Bd6ZkUJ5Wh11fsBEEDdMdCyyrDFnBeDRuj20*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUl!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhLJhIuyC$> - Gitter Chatroom: https://gitter.im/apereo/cas<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgitter.im*2Fapereo*2Fcas&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031095158*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=fvVp*2F0f*2Fsx5LhhMkJudoZMqSv938Fs8ddDswJOc20J0*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSU!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhDxNW9Qc$> - List Guidelines: https://goo.gl/1VRrw7<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgoo.gl*2F1VRrw7&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031095158*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=gLLJDiSsyMYnm6WQbc5wEViIQ*2BQmMXbHvMOGl0izB9k*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUl!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhKdhvgKR$> - Contributions: https://goo.gl/mh7qDG<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgoo.gl*2Fmh7qDG&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031105153*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=Nj70rBUUUS2DuqpRftIv7cLcFFJ9Fxc7*2F2QCyxsPWDg*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUl!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhNj6zEWX$> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR10MB29952DEBE257C8F1901C6B25D9709%40BL0PR10MB2995.namprd10.prod.outlook.com<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgroups.google.com*2Fa*2Fapereo.org*2Fd*2Fmsgid*2Fcas-user*2FBL0PR10MB29952DEBE257C8F1901C6B25D9709*2540BL0PR10MB2995.namprd10.prod.outlook.com*3Futm_medium*3Demail*26utm_source*3Dfooter&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031115144*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=2kitkZjgGLubfLG712WqAOUJLYmOAKo6rtJ45at8ATM*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhFUM0n7O$>. -- This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- -- - Website: https://apereo.github.io/cas<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fapereo.github.io*2Fcas&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031125141*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=xW75TPUQlrFy*2BNbZOWc*2FGrZjFsa7Wx3ecSK69dUaKMY*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhBqMt6yc$> - Gitter Chatroom: https://gitter.im/apereo/cas<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgitter.im*2Fapereo*2Fcas&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031125141*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=JTMnr*2BnNuApmF0hifdf3OLNowRiw5ctK9IWxPFYDl2A*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhH8p9Xfb$> - List Guidelines: https://goo.gl/1VRrw7<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgoo.gl*2F1VRrw7&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031135136*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=udrjeh3hsZpEL5vLuUTxBXQwEOtKAnmtTcjAHtMFb4g*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSU!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhAxqyRe9$> - Contributions: https://goo.gl/mh7qDG<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgoo.gl*2Fmh7qDG&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031135136*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=XBsnancbh4dZhKMVhRGIzfJctzpr75lzlQjzV*2B81kyQ*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUl!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhE6iqOqZ$> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/A96F1C24-41F0-47CF-A721-5B6E817C76DC%40athabascau.ca<https://urldefense.com/v3/__https://can01.safelinks.protection.outlook.com/?url=https*3A*2F*2Fgroups.google.com*2Fa*2Fapereo.org*2Fd*2Fmsgid*2Fcas-user*2FA96F1C24-41F0-47CF-A721-5B6E817C76DC*2540athabascau.ca*3Futm_medium*3Demail*26utm_source*3Dfooter&data=04*7C01*7Ctrenta*40athabascau.ca*7Cbc8708cf5bda41a5bb4e08d8fde43e57*7Ca893bdd2f4604252aa344d057436a09d*7C0*7C0*7C637538504031145133*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=mdir4lvSbsiG6rBDvBy94jZomdBQ*2BvS3fM5xmvS68OA*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhC6PoK4U$>. -- This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed. --- -- - Website: https://apereo.github.io/cas<https://urldefense.com/v3/__https://apereo.github.io/cas__;!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhI-ea-bB$> - Gitter Chatroom: https://gitter.im/apereo/cas<https://urldefense.com/v3/__https://gitter.im/apereo/cas__;!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhAJWBJSL$> - List Guidelines: https://goo.gl/1VRrw7<https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhF8r2pob$> - Contributions: https://goo.gl/mh7qDG<https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhLwhLwAF$> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7A6B6B44-384B-485D-8ABD-B1FCA9BED183%40athabascau.ca<https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/7A6B6B44-384B-485D-8ABD-B1FCA9BED183*40athabascau.ca?utm_medium=email&utm_source=footer__;JQ!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhFCeKXth$>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas<https://urldefense.com/v3/__https://apereo.github.io/cas__;!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKWaaTOIV$> - Gitter Chatroom: https://gitter.im/apereo/cas<https://urldefense.com/v3/__https://gitter.im/apereo/cas__;!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKf3U9UE_$> - List Guidelines: https://goo.gl/1VRrw7<https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKdEPUQ6V$> - Contributions: https://goo.gl/mh7qDG<https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKebh_C5I$> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4a8f6cf1fd9b9c08558c4360518f35e25abf90f5.camel%40uvic.ca<https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/4a8f6cf1fd9b9c08558c4360518f35e25abf90f5.camel*40uvic.ca?utm_medium=email&utm_source=footer__;JQ!!CHfpmW4!0EOgbQDnRD3SWVtgCUapVvw7Y3tpj7XOa-iIwl8tXzb3r5L7wMpq3cWVKVgFkpAD$>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR10MB29955ED1A923E15E2DA53084D94D9%40BL0PR10MB2995.namprd10.prod.outlook.com.