Hi there,
When CAS is the SAML2 IDP, I am able to run a client app authenticating successfully. But have trouble when CAS delegates authN to Okta (cas is set up as a SP in Okta) Client app runs on localhost:8081, CAS 6.6.x runs on localhost:8443, delegate to Okta SAML2 IDP. Here is my problem, i likely misunderstood how delegated authN should work, but do not know how. When go to client: localhost:8081, redirects to: http://localhost:8081/saml/login?idp=https%3A%2F%2Flocalhost%3A8443%2Fidp Redirects to: https://localhost:8443/cas/idp/profile/SAML2/POST/SSO I would expect Okta login page comes up, but I am getting CAS error page that says: page Not found, I did not see any error in cas log. In Okta, i configured my local CAS as a SAML 2.0 application ================================================== SSO URL: https://localhost:8443/cas/login Audience URI: https://localhost:8443/cas/idp cas.properties ============== cas.authn.pac4j.saml[0].keystorePath=file:///C:/apereocas66x/config/casas-samlsp/samlkeystore <== i do not see keystore being created, why is this not created? cas.authn.pac4j.saml[0].keystorePassword=changeit cas.authn.pac4j.saml[0].keystoreAlias=cas-samlsp cas.authn.pac4j.saml[0].privateKeyPassword=changeit cas.authn.pac4j.saml[0].serviceProviderEntityId=http://localhost:8081/saml/metadata <== same SP entity ID when CAS was the IDP itself, without delegated authN cas.authn.pac4j.saml[0].clientName=bootsp2 cas.authn.pac4j.saml[0].forceAuth=false cas.authn.pac4j.saml[0].passive=false cas.authn.pac4j.saml[0].maximumAuthenticationLifetime=1209600 cas.authn.pac4j.saml[0].serviceProviderMetadataPath=file:///C:/apereocas66x/config/spmetadata/1005-metadata.xml <== same SP meta data when CAS was the IDP itself, without delegated authN cas.authn.pac4j.saml[0].identityProviderMetadataPath=https://dev-11792448.okta.com/app/exkas4vj25jdUfJEx5d7/sso/saml/metadata cas.authn.pac4j.saml[0].destinationBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST cas.authn.pac4j.saml[0].userNameQualifier=false JSON file in service registry ====================== { "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "bootsp2", "name" : "bootsp2", "id" : 1005, "description" : "sample", "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", "allowedAttributes" : [ "java.util.ArrayList", [ "name", "first_name", "middle_name" ] ] } } thanks, Yan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f98e1a51-d49f-4f44-9de4-ec5ebb727239n%40apereo.org.
