Are you missing service-provider-metadata-path? Ray
On Wed, 2024-05-01 at 20:20 +0200, wouldsmina wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I want to use SAML2 Delegated Authentication as explained in this documentation :https://fawnoos.com/2023/10/04/cas66-delegate-authn-saml2-idp/ Unfortunately, I'm encountering an error upon restarting the Tomcat service: ----------------------------------------------------------------------------------------------------------- [2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,585 ERROR [net.shibboleth.utilities.java.support.xml.BasicParserPool] - <XML Parsing Error>#033[m [2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,587 ERROR [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver] - <Metadata Resolver FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Unable to unmarshall metadata: net.shibboleth.utilities.java.support.xml.XMLParserException: Unable to parse inputstream, it contained invalid XML>#033[m [2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,588 ERROR [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver] - <Metadata Resolver FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Error occurred while attempting to refresh metadata from '/tmp/samlSpMetadata6083509884623035039.xml'>#033[m [2024-05-01 19:44:46] [info] net.shibboleth.utilities.java.support.resolver.ResolverException: Unable to unmarshall metadata ... [2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,595 ERROR [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver] - <Metadata Resolver FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Metadata provider failed to properly initialize, fail-fast=true, halting>#033[m [2024-05-01 19:44:46] [info] #033[33m2024-05-01 19:44:46,598 WARN [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedController' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedController' parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedService' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedService' parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdentityProviderEntityParser' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.util.spring.beans.BeanContainer]: Factory method 'samlIdentityProviderEntityParser' threw exception; nested exception is org.pac4j.saml.exceptions.SAMLException: Unable to generate metadata for service provider>#033[m [2024-05-01 19:44:51] [info] #033[1;31m2024-05-01 19:44:51,752 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>#033[m [2024-05-01 19:44:51] [info] org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedController' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedController' parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedService' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedService' parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdentityProviderEntityParser' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.util.spring.beans.BeanContainer]: Factory method 'samlIdentityProviderEntityParser' threw exception; nested exception is org.pac4j.saml.exceptions.SAMLException: Unable to generate metadata for service provider ... [2024-05-01 19:44:51] [info] Caused by: org.xml.sax.SAXParseException: Premature end of file. ----------------------------------------------------------------------------------------------------------- I checked the XML file with an online parser, and there are no errors. I've tried with several IDPs (Shibboleth or CAS) with both a URL and a local file, but the error remains the same. . However, if I use a file or URL that doesn't exist, the error is quite different. I'm using Tomcat 9, Java 11 (from debian 11 apt) and CAS 6.6.15. cas.properties : ----------------------------------------------------------------------------------------------------------- cas.authn.pac4j.saml[0].keystore-password=xxxxxxxxxxxxxxxxxxxxxxx cas.authn.pac4j.saml[0].private-key-password=xxxxxxxxxxxxxxx cas.authn.pac4j.saml[0].service-provider-entity-id=https://cas.domain.fr/cas/sp cas.authn.pac4j.saml[0].keystore-path=/etc/cas/config/samlKeystore.jks cas.authn.pac4j.saml[0].identity-provider-metadata-path=https://idp.domain.fr/idp/shibboleth cas.authn.pac4j.saml[0].destination-binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect cas.authn.pac4j.saml[0].client-name=TEST1 ----------------------------------------------------------------------------------------------------------- Would anyone have an idea of the origin of my issue, please? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/275d40252411fadca3bcaf4a7f17c09eafebcbc0.camel%40uvic.ca.
