Hi Everybody, Juste tried the last 6.4.1 CAS Version and the broken SP works again :)
If you intend to use SAML2 just pass the 6.4.0 version to avoid any issue on SP integrations. Bye Le mer. 29 sept. 2021 à 17:49, Jérôme Rautureau <[email protected]> a écrit : > Hi, > > I have issues when i want to integrate SAMLService for certain SP (2 for > now) on 6.4.0 branch (witch was working on 6.2.8 branch). > > Here the log WARN/ERROR of CAS for these services. > > 2021-09-29 11:25:50,231 DEBUG >> [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] >> - <Attempting to validate signature using key from supplied credential> >> 2021-09-29 11:25:50,231 DEBUG >> [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] >> - <Accessing XMLSignature object> >> 2021-09-29 11:25:50,231 DEBUG >> [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] >> - <Validating signature with signature algorithm URI: >> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> >> 2021-09-29 11:25:50,231 DEBUG >> [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] >> - <Validation credential key algorithm 'RSA', key instance class >> 'sun.security.rsa.RSAPublicKeyImpl'> >> 2021-09-29 11:25:50,236 DEBUG >> [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] >> - <Signature validated with key from supplied credential> >> 2021-09-29 11:25:50,236 INFO >> [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] >> - <Successfully validated the request signature.> >> 2021-09-29 11:25:51,337 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] >> - <Locating assertion consumer service url for binding [null] and index [0]> >> 2021-09-29 11:25:51,337 WARN [org.apereo.cas.support.saml.SamlIdPUtils] - >> <Unable to locate acs url in for entity [ >> https://preprod-talents.elsatis.fr] and binding [null] with index [0]> >> 2021-09-29 11:25:51,337 DEBUG >> [org.opensaml.saml.metadata.support.SAML2MetadataSupport] - <Selecting >> default IndexedEndpoint> >> 2021-09-29 11:25:51,337 DEBUG >> [org.opensaml.saml.metadata.support.SAML2MetadataSupport] - >> <IndexedEndpoint list was null or empty, returning null> >> 2021-09-29 11:25:51,341 ERROR >> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] >> - <Endpoint for null is not available or does not define a binding for null> >> org.apereo.cas.support.saml.SamlException: Endpoint for null is not >> available or does not define a binding for null >> at >> org.apereo.cas.support.saml.SamlIdPUtils.determineEndpointForRequest(SamlIdPUtils.java:160) >> ~[cas-server-support-saml-idp-core-6.4.0.jar!/:6.4.0] >> > > Certains services are ok but for 2 others, AuthRequest is broken (it was > working on 6.2.8 version). > > here in the mail the metadata of the broken integration (i don't know what > is missing...) > > It seems that "var acsUrl = > authnRequest.getAssertionConsumerServiceURL();" of > https://github.com/apereo/cas/blob/a2a50a0fc99c89dc8de59ccd3e2b3f50add3def9/support/cas-server-support-saml-idp-core/src/main/java/org/apereo/cas/support/saml/SamlIdPUtils.java#L319 > gives null, don't know if it's normal or not... > > Thanks for your help > > PS : i have tried a lot of version of the sp metadata without no success > -- > Jérôme Rautureau (https://github.com/le-zell) > -- Jérôme Rautureau -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BM02Ys2qcmnk_SZg12XMBbCxdsw9K9V5BdxGoDXHC5LXFBdPg%40mail.gmail.com.
