I found the problem.
URL comes like:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
If I replace entityId%3D -> entityId= then it works
CAS does not decode %3D which is for = sign, thus leaving the attribute
empty.
<Launching new execution of flow 'login' with input map['service' ->
'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
- <Starting in
org.springframework.webflow.mvc.servlet.MvcExternalContext@4c2a6e41 with
input map['service' -> 'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
- <No entity id found for parameter [entityId]>
G
On 14/01/2022 12:28, Kapetanakis Giannis wrote:
Hi,
I've configured CAS to be SSO for Shibboleth IdP (External). This works fine.
I'm trying to display SAML MDUI (logo) but it cannot detect the entityId so
nothing happens.
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] - <No
entity id found for parameter [entityId]>
implementation
"org.apereo.cas:cas-server-support-saml-mdui:${project.'cas.version'}" in
build.gradle
cas.saml-metadata-ui.resources=file:///etc/cas/config/idp-metadata/sp.xml
Log says:
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
<Loading [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
<Evaluating metadata resource [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
<Locating metadata resource from input stream.>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
<Parsing [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
<Initializing metadata resolver for [URL
[file:/etc/cas/config/idp-metadata/sp.xml]]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
<Collected metadata from [1] resolvers(s). Initializing aggregate resolver...>
INFO [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
<Metadata aggregate initialized successfully.>
However when I'm redirected to CAS, to login to this SP (via shibboleth)
with URL:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
I get in logs:
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] - <No
entity id found for parameter [entityId]>
Service registry lists the SP's entityId as serviceId:
--- !<org.apereo.cas.services.RegexRegisteredService>
serviceId:"https://www.example.com/sp"
...
logo:"https://www.example.com/images/logo-idp.png"
...
In advance the metadata loaded also have mdui relevant info:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdui="urn:oasis
:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="https: //www.example.com/sp">
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn
:oasis:names:tc:SAML:1.1:protocol">
<md:Extensions>
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:Logo width="208" height="96"
xml:lang="en">https://www.example.com/images/logo-idp.png</mdui:Logo>
</mdui:UIInfo>
What am I missing here?
Thanks,
Giannis
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cfded964-4f43-7ce0-7b0c-936b4b2c05cb%40edu.physics.uoc.gr.