Hi Ray,
the first declaration of serviceId was "https://localhost:/saml/login;
as you suggested but the error was the same.
The file SAML2_client5-109005.xml contains the demo app metadata and is
imported by the service's JSON with declaration
"metadataLocation":
"/home/user/Documents/eclipse-workspace/DEV_CERTIFICATE_UTIL/SAML2_client5-109005.xml"
Thanks
Il giorno venerdì 17 maggio 2019 21:33:50 UTC+2, rbon ha scritto:
>
> Nicola,
>
> I assume you have imported SP metadata.
> Perhaps you have to name your service registry entry "serviceId" : "
> https://localhost:/saml/login; to match the entityId.
>
> Ray
>
> On Fri, 2019-05-17 at 01:55 -0700, Nicola Boldrin wrote:
>
> Hi all,
> I'm trying to configure CAS 3.5.8 to be SAML2 IdP; I'm trying to do an SSO
> login with a Spring sample app too (
> https://github.com/spring-projects/spring-security-saml).
> When the sample app send auth request, CAS says "Application Not
> Authorized to Use CAS".
>
> Below the log's messages
>
> INFO [org.apereo.cas.support.saml.web.idp.profile.sso.request.
> DefaultSSOSamlHttpRequestExtractor] Received SAML profile request [
> /cas-jpa/idp/profile/SAML2/POST/SSO]
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
> DefaultSSOSamlHttpRequestExtractor] Locating SAML object from message
> context...
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
> DefaultSSOSamlHttpRequestExtractor] Decoded SAML object [{urn:oasis:names:
> tc:SAML:2.0:protocol}AuthnRequest] from http request
> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> Audit trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: [issuer=https:
> //localhost:/saml/login,binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]
> ACTION: SAML2_REQUEST_CREATED
> APPLICATION: CAS
> WHEN: Thu May 16 17:27:10 CEST 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =
>
>
>
>
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.
> AbstractSamlProfileHandlerController] Located issuer
> [https://localhost:/saml/login]
> from authentication request
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.
> AbstractSamlProfileHandlerController] Checking service access in CAS
> service registry for [https://localhost:/saml/login]
> ERROR [org.apereo.cas.support.saml.web.idp.profile.
> AbstractSamlProfileHandlerController] CAS has found a match for service [
> https://localhost:/saml/login] in registry but the match is not
> defined as a SAML service
> WARN [org.springframework.web.servlet.mvc.method.annotation.
> ExceptionHandlerExceptionResolver] Resolved [org.apereo.cas.services.
> UnauthorizedServiceException: screen.service.error.message] to
> ModelAndView: reference to view with name 'casServiceErrorView'; model is
> {rootCauseException=org.apereo.cas.services.UnauthorizedServiceException:
> }
> INFO [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null',
> this.callbackUrl='
> https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
> DEBUG [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] Authentication request is
> not identified as an OAuth request
> INFO [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null',
> this.callbackUrl='
> https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
> DEBUG [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] Authentication request is
> not identified as an OAuth request
>
>
>
> Below my configuration
>
> # === SAML 2 Idp
>
>
> cas.authn.samlIdp.entityId=https://localhost:6443/cas-jpa/idp
> cas.authn.samlIdp.metadata.location=file:${etc.cas.dir}saml
> cas.authn.samlIdp.attributeQueryProfileEnabled=true
>
>
>
> Thanks
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e1438cb-cfce-48cc-8cf1-e3e93e403610%40apereo.org.