I don't believe the SAML parameters are service and ticket. Its something like TARGET and SAMLart: https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/SamlService.java
On Tue, Nov 27, 2012 at 1:51 PM, Ourada, John <[email protected]> wrote: > Originally we had a custom authenticator to authenticate against an > internal authentication service. As part of the customization, the > person’s university id was returned as part of the username (username:ID)* > *** > > ** ** > > We moving to use MS-AD so I have started working on setting CAS up to use > AD/LDAP. I don’t want to modify the LDAP authenticators to return the > hacked username so I want to use SAML to get the University ID from AD.*** > * > > ** ** > > I am using 3.4.12 to test with and am using the uber-webapp war for now.** > ** > > ** ** > > I have LDAP working correctly using FastBind and am filling the Attribute > Repository.**** > > ** ** > > SAML on the other hand isn’t playing nice. I am doing this all from my > desktop (Windows 7) for now.**** > > ** ** > > After authenticating a service, I am using Fiddler to post to the > samlValidate service.**** > > ** ** > > POST à > https://140.192.89.33/cas/serviceValidate?ticket=ST-1-2acg0RAFuewme4DWnvi0-logintst.depaul.edu&service=http://www.depaul.edu/ > **** > > Headers:**** > > Host: 140.192.89.33**** > > Content-Length: 465**** > > Content-Type: text/xml**** > > SOAPAction: http://www.oasis-open.org/committees/security**** > > ** ** > > Request Body:**** > > <SOAP-ENV:Envelope xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/";>**** > > <SOAP-ENV:Header/>**** > > <SOAP-ENV:Body>**** > > <samlp:Request**** > > xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"**** > > MajorVersion="1"**** > > MinorVersion="1"**** > > RequestID="_192.168.16.51.1024506224022"**** > > IssueInstant="2002-06-19T17:03:44.022Z">**** > > <samlp:AssertionArtifact>**** > > ST-1-2acg0RAFuewme4DWnvi0-logintst.depaul.edu**** > > </samlp:AssertionArtifact>**** > > </samlp:Request>**** > > </SOAP-ENV:Body>**** > > </SOAP-ENV:Envelope>**** > > ** ** > > Unfortunately, I am getting 500 errors all the time. I can successfully > GET serviceValidate though with the same URL**** > > ** ** > > What I see in the logs is:**** > > 2012-11-27 11:39:02,031 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN**** > > =============================================================**** > > WHO: JOURADA**** > > WHAT: ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu for > http://www.depaul.edu/**** > > ACTION: SERVICE_TICKET_CREATED**** > > APPLICATION: CAS**** > > WHEN: Tue Nov 27 11:39:02 CST 2012**** > > CLIENT IP ADDRESS: 140.192.89.33**** > > SERVER IP ADDRESS: 140.192.89.33**** > > =============================================================**** > > ** ** > > >** ** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Attempted to > extract Request from HttpServletRequest. Results:>**** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Request Body: > <SOAP-ENV:Envelope xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/ > "><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Requestxmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"MajorVersion="1"MinorVersion="1"RequestID="_192.168.16.51.1024506224022"IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact> > ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu > </samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>> > **** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted > ArtifactId: ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu>**** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request > Id: _192.168.16.51.1024506224022>**** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated > service for: null>**** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu]>**** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ > ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu] found in registry.>**** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu]>**** > > 2012-11-27 11:39:36,741 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ > ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu] found in registry.>**** > > 2012-11-27 11:39:36,741 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN**** > > =============================================================**** > > WHO: JOURADA**** > > WHAT: ST-2-jpmMvmFN5R3qCDm6WszA-logintst.depaul.edu**** > > ACTION: SERVICE_TICKET_VALIDATE_FAILED**** > > APPLICATION: CAS**** > > WHEN: Tue Nov 27 11:39:36 CST 2012**** > > CLIENT IP ADDRESS: 140.192.89.33**** > > SERVER IP ADDRESS: 140.192.89.33**** > > =============================================================**** > > ** ** > > >** ** > > 2012-11-27 11:39:36,757 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: http://www.depaul.edu/>**** > > ** ** > > And a corresponding null reference exception in the catalina log that I > won’t put here, but have included. I feel like I have missed something > simple in configuring and have attached all configs that I changed for this. > **** > > ** ** > > Thank you for looking at this!**** > > -John**** > > ** ** > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
