Thank you Jeremiah for your answer
my service.json file
{
@class: org.apereo.cas.support.saml.services.SamlRegisteredService
serviceId: https://test-moodle.exemple.com
name: testpra
id: 1730131468521
evaluationOrder: 2
attributeReleasePolicy:
{
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
attributeFilter:
{
@class:
org.apereo.cas.services.support.RegisteredServiceChainingAttributeFilter
filters:
[
java.util.ArrayList
[
{
@class:
org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter
patterns:
{
@class: java.util.LinkedHashMap
givenName: givenName
sn: sn
mail: mail
}
}
]
]
order: -2147483648
}
excludeDefaultAttributes: true
principalIdAttribute: mail
}
metadataLocation: https://test-moodle.exemple.com/Shibboleth.sso/Metadata
requiredNameIdFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
encryptAssertions: true
signingCredentialType: X509
attributeNameFormats:
{
@class: java.util.LinkedHashMap
mail: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
givenName: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
sn: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
}
}
##########################################################
i have this log
2024-10-28 19:17:30,982 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<Authenticated principal [email protected]] with attributes
[{displayName=[personnel], eduPersonPrimaryAffiliation=[Personnel],
givenName=[user ], mail=[[email protected]], sn=[personnel]}] via
credentials [[UsernamePasswordCredential([email protected]
source=null, customFields={})]].>
2024-10-28 19:17:30,982 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: [email protected]
WHAT: [UsernamePasswordCredential([email protected], source=null,
customFields={})]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Mon Oct 28 19:17:30 UTC 2024
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2024-10-28 19:17:30,984 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: [email protected]
WHAT: {result=Service Access Granted,
service=https://test-moodle.exemple.com, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Oct 28 19:17:30 UTC 2024
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2024-10-28 19:17:31,022 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: [email protected]
WHAT: {result=Service Access Granted,
service=https://test-moodle.exemple.com, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Oct 28 19:17:31 UTC 2024
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2024-10-28 19:17:31,024 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: [email protected]
WHAT: TGT-2-********EvlQ7eY-srv-casfree
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Mon Oct 28 19:17:31 UTC 2024
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2024-10-28 19:17:31,030 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: [email protected]
WHAT: {result=Service Access Granted,
service=https://test-moodle.exemple.com, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Oct 28 19:17:31 UTC 2024
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2024-10-28 19:17:31,031 INFO
[org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service
ticket [ST-2-********QpYP9CE-srv-casfree] for service
[https://test-moodle.exemple.com] and principal [[email protected]]>
2024-10-28 19:17:31,031 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: [email protected]
WHAT: {ticket=ST-2-********QpYP9CE-srv-casfree,
service=https://test-moodle.exemple.com}
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Mon Oct 28 19:17:31 UTC 2024
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: 127.0.0.1
Le lundi 28 octobre 2024 à 13:10:47 UTC, Jeremiah Garmatter a écrit :
> Papeace,
>
> If you haven't already, I'd recommend installing a web-browser plugin
> called "SAMLTracer". It'll decode SAML requests and responses which you can
> use to troubleshoot the authentication process.
> I'm not sure if this is an copy-paste issue or some sort of encoding
> problem, but your requiredNameIdFormat has an "@6bb1a595" at the end. I'm
> not sure that is a valid nameID format.
> Typically, I obtain the nameID format from the SP metadata. I'll copy the
> string directly from the SP's metadata and paste it into the json file.
> Then, if necessary, I'll map it to another attribute with something like
> this:
> "requiredNameIdFormat":
> "urn:oasis:names:tc:SAML:1.1:nameid-format:persistent",
> "usernameAttributeProvider" : {
> "@class" :
> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute" : "myPersistentIDAttribute",
> }
>
> On Saturday, October 26, 2024 at 2:44:29 PM UTC-4 Papeace Ndiaye wrote:
>
>> I am configuring CAS SAML2 to authenticate my applications like Moodle,
>> WAYF, Shibboleth, etc., but the issue is that I can obtain the metadata,
>> yet I still encounter authorization errors.
>> cas.server.name=https://cas.exemple.com
>> cas.server.prefix=${cas.server.name}/cas
>> logging.config=file:/etc/cas/config/log4j2.xml
>> cas.authn.attributeRepository.ldap[0].attributes.mail=mail
>> cas.authn.attributeRepository.ldap[0].attributes.sn=sn
>> cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
>> cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldap://10.10.10.10
>> cas.authn.ldap[0].baseDn=dc=exemple,dc=com
>> cas.authn.ldap[0].searchFilter=uid={user}
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].bindDn=cn=admin,dc=exemple,dc=com
>> cas.authn.ldap[0].bindCredential=password
>> cas.authn.ldap[0].principalAttributeId=uid
>>
>> cas.authn.ldap[0].principalAttributeList=sn,givenName,mail,eduPersonPrimaryAffiliation,displayName
>> cas.service-registry.core.init-from-json=false
>> cas.service-registry.json.location=file:/etc/cas/services
>> #################### SAML2 ##############################
>>
>> cas.authn.saml-idp.core.entity-id=https://cas.exemple.com/cas/idp
>> cas.authn.saml-idp.metadata.file-system.location=file:/etc/cas/saml/
>> cas.server.scope=exemple.com
>> cas.authn.saml-idp.metadata.file-system.sign-metadata=false
>> cas.authn.saml-idp.metadata.core.cache-expiration=PT5M
>>
>> my service saml-1001.json
>> {
>> @class: org.apereo.cas.support.saml.services.SamlRegisteredService
>> serviceId: https://moodle.exemple.com
>> name: sml
>> id: 1001
>> evaluationOrder: 3
>> attributeReleasePolicy:
>> {
>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>> excludeDefaultAttributes: true
>> }
>> metadataLocation:
>> https://moodle.unchk.sn/auth/mo_saml/index.php?option=mosaml_metadata
>> requiredNameIdFormat:
>> org.opensaml.saml.saml2.metadata.impl.NameIDFormatImpl@6bb1a595
>> signAssertions: TRUE
>> signingCredentialType: BASIC
>> }
>> @ray
>> @jeremy
>> please can you help me
>>
>>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/894f186b-f3c4-4d84-839d-b37d3a2b8467n%40apereo.org.
