Thank you so much to both of you for your answers! It's very appreciated. I did more tests and I still can't get this to work. I get the same result: I get sent to CAS from Atlassian, I enter my credentials, and then I dont get sent back to Atlassian, I'm stuck in CAS. The message says that I see this page because CAS doesnt know my final destination. I installed samltracer as suggested to try and find my mistake but I can't see it :(.
Here is my metadata file: <?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2024-11-03T19:47:00Z" cacheDuration="PT604800S" entityID="https://auth.atlassian.com/saml/b87b0545-cb70-4fe0-8c96-61034fefb7cc";> <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:X509Data> <ds:X509Certificate>MIIDoTCCAomgAwIBAgIUNhHfnD6GS6Vpe0UmMu5RLDe9SMwwDQYJKoZIhvcNAQELBQAwYDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9udHJlYWwxEDAOBgNVBAoMB1BvbHltdGwxGzAZBgNVBAMMEmNhczZkZXYucG9seW10bC5jYTAeFw0yNDA5MTkxODIxNDVaFw0zNDA5MTcxODIxNDVaMGAxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMRAwDgYDVQQKDAdQb2x5bXRsMRswGQYDVQQDDBJjYXM2ZGV2LnBvbHltdGwuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgaX5dGAb2xA02O8H1ozE4hmTYvbvV0uemh4DPUjsaybUCIn2Yx4U8HDNn9WigcibfEeD9nTq++jaV8+Gl5LepX5FjmFCNWn+f6t9Oz0h8NFqGj+gcFJURK0ZFOWsB1C7aut/ZRVh3mlJdl8X36BgO1Aufx+C9gQbvUVkWnX3NV3+2TRBB7WrgMFPAw8Y9CMexGK7hYqYQkL0xrau7+swRYZJLhqWU78x0YrOq5kg5Z00RThWPuzyAoif9U0dfUgjo7rXZd489ae3+fpNKAJxtJBif4Y/gq1RII32iNzDp4rpOzO88pZgy8UNJWAPkAYjD8g50RnlW7w8nCWsi6cbZAgMBAAGjUzBRMB0GA1UdDgQWBBRpR8obg/zDQnzAyKGh3bcXyyQlVDAfBgNVHSMEGDAWgBRpR8obg/zDQnzAyKGh3bcXyyQlVDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqVdUgcOyQ+QhRJXTKhhF7z7RxMGjvqnwfWzR3ZE4PADew/J48ULEcEa6VUrNXeyrgAa+YJQivXW4SbVqRzf3RSkwneL4b5ln7oH3eL5Q0ZvKOlxljQvTbhtjPn0jwuWhFtNc/7miBbURb1ywG0DUHD6IpzOjrnzKYCHZkISxFDKSLEkHb3lo0bs31nakA0NqFnbGg2D37T1C95vhPUdbb7xzQqQfa/1qm35vB05hnI2NrIEWyEztLEb30PPizNM6fyLy0U/snA9fgS6Xb++vvN5M2JcbytundR1RupARcguWLe1vprqnYumg9Quph6wjBki0ntH11ZvmNgZDT1K1U</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:X509Data> <ds:X509Certificate>MIIDoTCCAomgAwIBAgIUNhHfnD6GS6Vpe0UmMu5RLDe9SMwwDQYJKoZIhvcNAQELBQAwYDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9udHJlYWwxEDAOBgNVBAoMB1BvbHltdGwxGzAZBgNVBAMMEmNhczZkZXYucG9seW10bC5jYTAeFw0yNDA5MTkxODIxNDVaFw0zNDA5MTcxODIxNDVaMGAxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMRAwDgYDVQQKDAdQb2x5bXRsMRswGQYDVQQDDBJjYXM2ZGV2LnBvbHltdGwuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgaX5dGAb2xA02O8H1ozE4hmTYvbvV0uemh4DPUjsaybUCIn2Yx4U8HDNn9WigcibfEeD9nTq++jaV8+Gl5LepX5FjmFCNWn+f6t9Oz0h8NFqGj+gcFJURK0ZFOWsB1C7aut/ZRVh3mlJdl8X36BgO1Aufx+C9gQbvUVkWnX3NV3+2TRBB7WrgMFPAw8Y9CMexGK7hYqYQkL0xrau7+swRYZJLhqWU78x0YrOq5kg5Z00RThWPuzyAoif9U0dfUgjo7rXZd489ae3+fpNKAJxtJBif4Y/gq1RII32iNzDp4rpOzO88pZgy8UNJWAPkAYjD8g50RnlW7w8nCWsi6cbZAgMBAAGjUzBRMB0GA1UdDgQWBBRpR8obg/zDQnzAyKGh3bcXyyQlVDAfBgNVHSMEGDAWgBRpR8obg/zDQnzAyKGh3bcXyyQlVDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqVdUgcOyQ+QhRJXTKhhF7z7RxMGjvqnwfWzR3ZE4PADew/J48ULEcEa6VUrNXeyrgAa+YJQivXW4SbVqRzf3RSkwneL4b5ln7oH3eL5Q0ZvKOlxljQvTbhtjPn0jwuWhFtNc/7miBbURb1ywG0DUHD6IpzOjrnzKYCHZkISxFDKSLEkHb3lo0bs31nakA0NqFnbGg2D37T1C95vhPUdbb7xzQqQfa/1qm35vB05hnI2NrIEWyEztLEb30PPizNM6fyLy0U/snA9fgS6Xb++vvN5M2JcbytundR1RupARcguWLe1vprqnYumg9Quph6wjBki0ntH11ZvmNgZDT1K1U</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://auth.atlassian.com/login/callback?connection=saml-b87b0545-cb70-4fe0-8c96-61034fefb7cc"; index="1"/> </md:SPSSODescriptor> </md:EntityDescriptor> And here is the request I see using saml-tracer: <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL= "https://auth.atlassian.com/login/callback?connection=saml-b87b0545-cb70-4fe0-8c96-61034fefb7cc"; Destination="https://cas6dev.polymtl.ca/cas"; ID= "_c59ebaed7f8b7fbc8dd55d5b0afb84fb" IssueInstant="2024-11-15T15:59:41.525Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version= "2.0" > <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> https://auth.atlassian.com/saml/b87b0545-cb70-4fe0-8c96-61034fefb7cc</ saml2:Issuer> <saml2p:NameIDPolicy AllowCreate="true" Format= "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> </ saml2p:AuthnRequest> Can you see any obvious mistake I am making? Le mardi 5 novembre 2024 à 23:38:01 UTC-5, Ray Bon a écrit : > Neon, > > The Location and Binding protocol must match what is sent in the request. > You can use a browser plugin like samltracer to see what the > request/response looks like. > Also check cas logs. > > Ray > > On Tue, 2024-11-05 at 10:44 -0800, Neon Dazzle wrote: > > You don't often get email from [email protected]. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > Thank you so much for your answer. > I created the metadata file using a web service and added: > > <md:AssertionConsumerService > index="1" > > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Location="https://atlassian.start.com"; /> > > I'm still getting no redirection and I stay on the CAS website. > > Le lundi 4 novembre 2024 à 13:38:22 UTC-5, Ray Bon a écrit : > > Neon, > > ACS is required in metadata. > You can create the metadata file if the vendor does not supply it. There > are some online services that will help. > > Ray > > On Fri, 2024-11-01 at 12:17 -0700, Neon Dazzle wrote: > > You don't often get email from [email protected] why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > Hi everyone, we have CAS6 and are trying to setup SSO with our Atlassian > org on the cloud. It seems like we almost have it, we get redirected to CAS > and the login works, but we can't get redirected to Atlassian after, we are > stuck in CAS. > It seems like there is not json parameters for redirection so I'm > wondering where we should put the ACS adresse given by Atlassian. > All our other services connected with CAS provide metadata files so it's > easy, but Atlassian doesnt provide that. > Has anyone been able to setup SSO with Atlassian Cloud? > > > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ddcd841b-7f16-4aea-a035-f8c9eed3aeb8n%40apereo.org.
