Hi there, I am using CAS 6.4.6.6 for delegated authN using SAML, CAS delegates authN to Okta. I run into a strange error, on Windows, this works fine (i.e., once I point to /cas/login, it generates SP metadata and keystore), but on Linux, CAS does not generate SP meta data and SP keystore. I am not sure why. I did not see any error in logs.
This is the portion of relevant cas.properties. cas.authn.saml-idp.core.entity-id= https://qa.......com/idp cas.authn.saml-idp.metadata.fileSystem.location=file:///opt/jboss/ssoconf/idpmetadata cas.authn.pac4j.saml[0].keystorePath=/opt/jboss/ssoconf/samlsp/samlkeystore cas.authn.pac4j.saml[0].keystorePassword=changeit cas.authn.pac4j.saml[0].keystoreAlias=cas-samlsp cas.authn.pac4j.saml[0].privateKeyPassword=changeit cas.authn.pac4j.saml[0].serviceProviderEntityId=https://qa.......com/cas/samlsp cas.authn.pac4j.saml[0].clientName=Okta cas.authn.pac4j.saml[0].forceAuth=false cas.authn.pac4j.saml[0].passive=false cas.authn.pac4j.saml[0].maximumAuthenticationLifetime=3600 cas.authn.pac4j.saml[0].serviceProviderMetadataPath=/opt/jboss/ssoconf/samlsp/sp-metadata.xml cas.authn.pac4j.saml[0].identityProviderMetadataPath=https://dev-1......8.okta.com/app/e.......b5d7/sso/saml/metadata cas.authn.pac4j.saml[0].useNameQualifier=false cas.authn.pac4j.saml[0].signAuthnRequest=true cas.authn.pac4j.saml[0].signServiceProviderLogoutRequest=true On windows (it says: Initializing: SAML2Client), then it generates keystore and SP metadata. ====== > 2023-10-24 16:05:23,317 DEBUG [https-openssl-nio-8443-exec-7] [org.apereo.cas.support.pac4j.RefreshableDelegatedClients] - <The following clients are built: [[#SAML2Client# | name: Okta | callbackUrl: https://localhost:8443/cas/login | urlResolver: null | callbackUrlResolver: org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@59d1889c | ajaxRequestResolver: null | redirectionActionBuilder: null | credentialsExtractor: null | authenticator: null | profileCreator: org.pac4j.core.profile.creator.AuthenticatorProfileCreator@4ddff72c | logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@1d8000ee | authorizationGenerators: [] | checkAuthenticationAttempt: true |]]> 2023-10-24 16:05:23,317 DEBUG [https-openssl-nio-8443-exec-7] [org.apereo.cas.validation.DelegatedAuthenticationAccessStrategyHelper] - <Can not evaluate delegated authentication policy without a service> 2023-10-24 16:05:23,318 DEBUG [https-openssl-nio-8443-exec-7] [org.pac4j.core.util.InitializableObject] - <Initializing: SAML2Client (nb: 0, last: null)> 2023-10-24 16:05:23,321 INFO [https-openssl-nio-8443-exec-7] [org.pac4j.saml.config.SAML2Configuration] - <Using service provider entity ID https://localhost:8443/cas/samlsp> 2023-10-24 16:05:23,321 DEBUG [https-openssl-nio-8443-exec-7] [org.pac4j.core.util.InitializableObject] - <Initializing: SAML2Configuration (nb: 0, last: null)> 2023-10-24 16:05:23,326 WARN [https-openssl-nio-8443-exec-7] [org.pac4j.saml.config.SAML2Configuration] - <Generating keystore one for/via: file [C:\apereocas66x\config\casas-samlsp\samlkeystore]> 2023-10-24 16:05:23,326 WARN [https-openssl-nio-8443-exec-7] [org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator] - <Defaulting keystore type pkcs12> 2023-10-24 16:05:23,435 INFO [https-openssl-nio-8443-exec-7] [org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator] - <Created keystore file [C:\apereocas66x\config\casas-samlsp\samlkeystore] with key alias cas-samlsp> On linux, notice it says: Initializing: RefreshableDelegatedClients ..... Not sure why it does not recognize it is a SAML2Client. Any idea? Thanks, ====== ^[[m^[[36m2023-10-24 15:59:35,488 DEBUG [main] [org.apereo.cas.support.pac4j.authentication.DefaultDelegatedClientFactory] - <Created delegated client [#SAML2Client# | name: Okta | callbackUrl: https://qa....com/cas/login | urlResolver: null | callbackUrlResolver: org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@76eec7bb | ajaxRequestResolver: null | redirectionActionBuilder: null | credentialsExtractor: null | authenticator: null | profileCreator: org.pac4j.core.profile.creator.AuthenticatorProfileCreator@6c83322b | logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@241532d3 | authorizationGenerators: [] | checkAuthenticationAttempt: true |]> ^[[m^[[36m2023-10-24 15:59:35,489 DEBUG [main] [org.apereo.cas.support.pac4j.RefreshableDelegatedClients] - <The following clients are built: [[#SAML2Client# | name: Okta | callbackUrl: https://qa....com/cas/login | urlResolver: null | callbackUrlResolver: org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@76eec7bb | ajaxRequestResolver: null | redirectionActionBuilder: null | credentialsExtractor: null | authenticator: null | profileCreator: org.pac4j.core.profile.creator.AuthenticatorProfileCreator@6c83322b | logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@241532d3 | authorizationGenerators: [] | checkAuthenticationAttempt: true |]]> ^[[m^[[36m2023-10-24 15:59:35,489 DEBUG [main] [org.pac4j.core.util.InitializableObject] - <Initializing: RefreshableDelegatedClients (nb: 0, last: null)> ^[[m^[[32m2023-10-24 15:59:35,489 INFO [main] [org.apereo.cas.config.Pac4jAuthenticationEventExecutionPlanConfiguration] - <Registering delegated authentication clients...> ^[[m^[[36m2023-10-24 15:59:35,744 DEBUG [main] [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Attribute repository sources are not available for person-directory principal resolution> ^[[m^[[32m2023-10-24 15:59:36,180 INFO [main] [org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry] - <Watching service registry directory at [/opt/jboss/whitelist/....]> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ad30b7db-d52f-42b5-81c8-e77a223e0b51n%40apereo.org.
