subject:"\[cas\-user\] CAS 5.3.8 \- SAML2 IdP \- match found for service in registry but the match is not defined as a SAML service"

Re: [cas-user] CAS 5.3.8 - SAML2 IdP - match found for service in registry but the match is not defined as a SAML service

2019-05-20 Thread Nicola Boldrin

Hi Ray,
the first declaration of serviceId was "https://localhost:/saml/login; 
as you suggested but the error was the same.

The file SAML2_client5-109005.xml  contains the demo app metadata and is 
imported by the service's JSON with declaration

"metadataLocation": 
"/home/user/Documents/eclipse-workspace/DEV_CERTIFICATE_UTIL/SAML2_client5-109005.xml"

Thanks


Il giorno venerdì 17 maggio 2019 21:33:50 UTC+2, rbon ha scritto:
>
> Nicola,
>
> I assume you have imported SP metadata.
> Perhaps you have to name your service registry entry "serviceId" : "
> https://localhost:/saml/login; to match the entityId.
>
> Ray
>
> On Fri, 2019-05-17 at 01:55 -0700, Nicola Boldrin wrote:
>
> Hi all,
> I'm trying to configure CAS 3.5.8 to be SAML2 IdP; I'm trying to do an SSO 
> login with a Spring sample app too (
> https://github.com/spring-projects/spring-security-saml).
> When the sample app send auth request, CAS says "Application Not 
> Authorized to Use CAS".
>
> Below the log's messages
>
> INFO [org.apereo.cas.support.saml.web.idp.profile.sso.request.
> DefaultSSOSamlHttpRequestExtractor] Received SAML profile request [
> /cas-jpa/idp/profile/SAML2/POST/SSO]
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
> DefaultSSOSamlHttpRequestExtractor] Locating SAML object from message 
> context...
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
> DefaultSSOSamlHttpRequestExtractor] Decoded SAML object [{urn:oasis:names:
> tc:SAML:2.0:protocol}AuthnRequest] from http request
> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] 
> Audit trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: [issuer=https:
> //localhost:/saml/login,binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]
> ACTION: SAML2_REQUEST_CREATED
> APPLICATION: CAS
> WHEN: Thu May 16 17:27:10 CEST 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =
>
>
>
>
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.
> AbstractSamlProfileHandlerController] Located issuer 
> [https://localhost:/saml/login] 
> from authentication request
> DEBUG [org.apereo.cas.support.saml.web.idp.profile.
> AbstractSamlProfileHandlerController] Checking service access in CAS 
> service registry for [https://localhost:/saml/login]
> ERROR [org.apereo.cas.support.saml.web.idp.profile.
> AbstractSamlProfileHandlerController] CAS has found a match for service [
> https://localhost:/saml/login] in registry but the match is not 
> defined as a SAML service
> WARN [org.springframework.web.servlet.mvc.method.annotation.
> ExceptionHandlerExceptionResolver] Resolved [org.apereo.cas.services.
> UnauthorizedServiceException: screen.service.error.message] to 
> ModelAndView: reference to view with name 'casServiceErrorView'; model is 
> {rootCauseException=org.apereo.cas.services.UnauthorizedServiceException: 
> }
> INFO [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', 
> this.callbackUrl='
> https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
> DEBUG [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] Authentication request is 
> not identified as an OAuth request
> INFO [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', 
> this.callbackUrl='
> https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
> DEBUG [org.apereo.cas.support.oauth.services.
> OAuth20AuthenticationServiceSelectionStrategy] Authentication request is 
> not identified as an OAuth request
>
>
>
> Below my configuration
>
> # === SAML 2 Idp
>
>
> cas.authn.samlIdp.entityId=https://localhost:6443/cas-jpa/idp
> cas.authn.samlIdp.metadata.location=file:${etc.cas.dir}saml
> cas.authn.samlIdp.attributeQueryProfileEnabled=true
>
>
>
> Thanks
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e1438cb-cfce-48cc-8cf1-e3e93e403610%40apereo.org.

[cas-user] CAS 5.3.8 - SAML2 IdP - match found for service in registry but the match is not defined as a SAML service

2019-05-17 Thread Nicola Boldrin

Hi all,
I'm trying to configure CAS 3.5.8 to be SAML2 IdP; I'm trying to do an SSO 
login with a Spring sample app too (
https://github.com/spring-projects/spring-security-saml).
When the sample app send auth request, CAS says "Application Not Authorized 
to Use CAS".

Below the log's messages

INFO [org.apereo.cas.support.saml.web.idp.profile.sso.request.
DefaultSSOSamlHttpRequestExtractor] Received SAML profile request [/cas-jpa/
idp/profile/SAML2/POST/SSO]
DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
DefaultSSOSamlHttpRequestExtractor] Locating SAML object from message 
context...
DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
DefaultSSOSamlHttpRequestExtractor] Decoded SAML object [{urn:oasis:names:tc
:SAML:2.0:protocol}AuthnRequest] from http request
INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] Audit 
trail record BEGIN
=
WHO: audit:unknown
WHAT: [issuer=https:
//localhost:/saml/login,binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]
ACTION: SAML2_REQUEST_CREATED
APPLICATION: CAS
WHEN: Thu May 16 17:27:10 CEST 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=




DEBUG [org.apereo.cas.support.saml.web.idp.profile.
AbstractSamlProfileHandlerController] Located issuer 
[https://localhost:/saml/login] 
from authentication request
DEBUG [org.apereo.cas.support.saml.web.idp.profile.
AbstractSamlProfileHandlerController] Checking service access in CAS 
service registry for [https://localhost:/saml/login]
ERROR [org.apereo.cas.support.saml.web.idp.profile.
AbstractSamlProfileHandlerController] CAS has found a match for service [
https://localhost:/saml/login] in registry but the match is not defined 
as a SAML service
WARN [org.springframework.web.servlet.mvc.method.annotation.
ExceptionHandlerExceptionResolver] Resolved [org.apereo.cas.services.
UnauthorizedServiceException: screen.service.error.message] to ModelAndView: 
reference to view with name 'casServiceErrorView'; model is {
rootCauseException=org.apereo.cas.services.UnauthorizedServiceException: }
INFO [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', 
this.callbackUrl='https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
DEBUG [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] Authentication request is not 
identified as an OAuth request
INFO [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', 
this.callbackUrl='https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
DEBUG [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] Authentication request is not 
identified as an OAuth request



Below my configuration

# === SAML 2 Idp


cas.authn.samlIdp.entityId=https://localhost:6443/cas-jpa/idp
cas.authn.samlIdp.metadata.location=file:${etc.cas.dir}saml
cas.authn.samlIdp.attributeQueryProfileEnabled=true



Thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ded45e8-7b70-42f6-b3d3-c9a55bbdd22c%40apereo.org.


CASSAML2CallbackProfile-999020.json
Description: application/json


idp-metadata.xml
Description: XML document


SAML2_client5-109005.json
Description: application/json


SAML2_client5-109005.xml
Description: XML document

Re: [cas-user] CAS 5.3.8 - SAML2 IdP - match found for service in registry but the match is not defined as a SAML service

[cas-user] CAS 5.3.8 - SAML2 IdP - match found for service in registry but the match is not defined as a SAML service

2 matches

Site Navigation

Mail list logo

Footer information