Yes, that's what I meant sorry :). Le mercredi 8 mars 2017 19:20:13 UTC+1, Misagh Moayyed a écrit : > > Sounds like a bug to me. > > > PS There is no such thing as CAS 5.0.4. Did you mean SNAPSHOT? > > -- > Misagh > > From: Paul Legeay <[email protected]> <javascript:> > Reply: [email protected] <javascript:> <[email protected]> <javascript:> > Date: March 8, 2017 at 7:37:16 PM > To: CAS Community <[email protected]> <javascript:> > Subject: [cas-user] [cas user] missing inResponeTo attribute > > Hi everyone, >> >> I'm trying to use a local installation of simplesamlphp as a SP to log >> through a local CAS 5.0.4 server using the saml 2 protocol. >> The issue I have at the moment, is that the response I get from the CAS >> server is missing the inResponseTo attribute in the response Element. >> >> The saml 2 spec specifies that the InResponseTo must be present in the >> response element if the response is associated to a request. >> Do I have something missing in my configuration or is it a bug ? >> >> Any help would be apreciated. >> >> Thanks >> >> >> relevent part application.properties >> >> cas.authn.samlIdp.metadata.location=${user.home}/work/metadata/ >> cas.authn.samlIdp.entityId=http://localhost:8042/cas/idp >> cas.authn.samlIdp.hostName=http://localhost:8042 >> cas.samlCore.ticketidSaml2=true >> >> IDP metadata in php format >> <?php >> /** >> * SAML 2.0 remote IdP metadata for SimpleSAMLphp. >> * >> * Remember to remove the IdPs you don't use from this file. >> * >> * See: >> https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-remote >> */ >> >> >> $metadata['http://localhost:8042/cas/idp'] = array ( >> 'entityid' => 'http://localhost:8042/cas/idp', >> 'contacts' => >> array ( >> ), >> 'metadata-set' => 'saml20-idp-remote', >> 'SingleSignOnService' => >> array ( >> 0 => >> array ( >> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', >> 'Location' => ' >> http://localhost:8042/cas/idp/profile/SAML2/Redirect/SSO', >> ), >> 1 => >> array ( >> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', >> 'Location' => 'http://localhost:8042/cas/idp/profile/SAML2/POST/SSO >> ', >> ), >> 2 => >> array ( >> 'Binding' => >> 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign', >> 'Location' => ' >> http://localhost:8042/idp/profile/SAML2/POST-SimpleSign/SSO', >> ), >> ), >> 'ArtifactResolutionService' => >> array ( >> 0 => >> array ( >> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', >> 'Location' => ' >> http://localhost:8042/cas/idp/profile/SAML2/SOAP/ArtifactResolution', >> 'index' => 2, >> ), >> ), >> 'NameIDFormats' => >> array ( >> 0 => 'urn:mace:shibboleth:1.0:nameIdentifier', >> 1 => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', >> ), >> 'keys' => >> array ( >> 0 => >> array ( >> 'encryption' => false, >> 'signing' => true, >> 'type' => 'X509Certificate', >> 'X509Certificate' => ' >> MIIDGDCCAgCgAwIBAgIUTHtu3X3oSmNnElYPdxoY3QzjOgwwDQYJKoZIhvcNAQEL >> BQAwGTEXMBUGA1UEAwwObG9jYWxob3N0OjgwNDIwHhcNMTcwMzA3MTA1NzI0WhcN >> MzcwMzA3MTA1NzI0WjAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODA0MjCCASIwDQYJ >> KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ7L2leA8jlRxrkWm0q3prVAMOJBxr0J >> A2Z74h+9k3c4vAzb7FlvWV3TIY8YDXDZ29YZ0dtTIodeleVJfAcUMpZ6RLcHdiBK >> C5VgAQ8ci98aM5aXxS+kXxjjilOHB8ckKFqjb8asPlvpN368Z1Qk/lKNbsE35hxb >> f/9V2oiHtbShG0vrSC7da2uOTpBiguO2yB6mJO92FymBWS7zlZ+G9pWTE4EuizWk >> 10kz7jHYfUm/BKgVOnEDTL4e+eb5cTIxnpZ9iA3+dfi8qU2bOQ0PlXW7nW4ZMSzW >> 4BlWjuK4G78HnlZu+FqgNlQwjR9tjbvma6aovE3UH1nHJWy93uALrnECAwEAAaNY >> MFYwHQYDVR0OBBYEFKTnbarNb/ik8VO/dkLDxyrRWeDcMDUGA1UdEQQuMCyCDmxv >> Y2FsaG9zdDo4MDQyhhpsb2NhbGhvc3Q6ODA0MmlkcC9tZXRhZGF0YTANBgkqhkiG >> 9w0BAQsFAAOCAQEANnk4BeurZaPWVdVDalg+jQdBlfi6DtF8oKGWoc3tlmA414Cu >> Aih+4nopXl8/xByk0DQdBcnhYJ59hPNm5BBwlM66T0eUP7kzOoVw2PgOhjEfCbqG >> a8S3Cu0fULL2OxrxSozAhz2fTsd+zn6cla0KJGMjQmEjiORs8ThHFZhPlueqAtwp >> cyrNyeO3vSt8A28kyY5TOZPjWickk39ilveuRZKMkBN4TAFAHciKZP8Y3foESB6+ >> rC/guihxOCgUNKfUEREVveBxaFEV6xUYNcnIFAQNnTzwDbSM63+Sq2hAKh8ynnML >> cVl0ONhI47hxf1HWQN5TGhip2rcARx2T0v+mfA== >> ',Hi everyone, >> >> I'm trying to use a local installation of simplesamlphp as a SP to log >> through a local CAS 5.0.4 server using the saml 2 protocol. >> The issue I have at the moment is that the response I get from the CAS >> server is missing the inResponseTo attribute in the response Element. >> >> The saml 2 spec specifies that the InResponseTo must be present in the >> response element if the response is associated to a request. >> Do I have something missing in my configuration or is it a bug ? >> >> Any help would be apreciated. >> >> Thanks >> >> >> relevent part application.properties >> >> cas.authn.samlIdp.metadata.location=${user.home}/work/metadata/ >> cas.authn.samlIdp.entityId=http://localhost:8042/cas/idp >> cas.authn.samlIdp.hostName=http://localhost:8042 >> cas.samlCore.ticketidSaml2=true >> >> IDP metadata in php format >> <?php >> /** >> * SAML 2.0 remote IdP metadata for SimpleSAMLphp. >> * >> * Remember to remove the IdPs you don't use from this file. >> * >> * See: >> https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-remote >> */ >> >> >> $metadata['http://localhost:8042/cas/idp'] = array ( >> 'entityid' => 'http://localhost:8042/cas/idp', >> 'contacts' => >> array ( >> ), >> 'metadata-set' => 'saml20-idp-remote', >> 'SingleSignOnService' => >> array ( >> 0 => >> array ( >> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', >> 'Location' => ' >> http://localhost:8042/cas/idp/profile/SAML2/Redirect/SSO', >> ), >> 1 => >> array ( >> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', >> 'Location' => 'http://localhost:8042/cas/idp/profile/SAML2/POST/SSO >> ', >> ), >> 2 => >> array ( >> 'Binding' => >> 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign', >> 'Location' => ' >> http://localhost:8042/idp/profile/SAML2/POST-SimpleSign/SSO', >> ), >> ), >> 'ArtifactResolutionService' => >> array ( >> 0 => >> array ( >> 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', >> 'Location' => ' >> http://localhost:8042/cas/idp/profile/SAML2/SOAP/ArtifactResolution', >> 'index' => 2, >> ), >> ), >> 'NameIDFormats' => >> array ( >> 0 => 'urn:mace:shibboleth:1.0:nameIdentifier', >> 1 => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', >> ), >> 'keys' => >> array ( >> 0 => >> array ( >> 'encryption' => false, >> 'signing' => true, >> 'type' => 'X509Certificate', >> 'X509Certificate' => ' >> MIIDGDCCAgCgAwIBAgIUTHtu3X3oSmNnElYPdxoY3QzjOgwwDQYJKoZIhvcNAQEL >> BQAwGTEXMBUGA1UEAwwObG9jYWxob3N0OjgwNDIwHhcNMTcwMzA3MTA1NzI0WhcN >> MzcwMzA3MTA1NzI0WjAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODA0MjCCASIwDQYJ >> KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ7L2leA8jlRxrkWm0q3prVAMOJBxr0J >> A2Z74h+9k3c4vAzb7FlvWV3TIY8YDXDZ29YZ0dtTIodeleVJfAcUMpZ6RLcHdiBK >> C5VgAQ8ci98aM5aXxS+kXxjjilOHB8ckKFqjb8asPlvpN368Z1Qk/lKNbsE35hxb >> ), >> 1 => >> array ( >> 'encryption' => true, >> 'signing' => false, >> 'type' => 'X509Certificate', >> 'X509Certificate' => ' >> MIIDGDCCAgCgAwIBAgIUMTFA5LKKiMYwxBvZ8xPv8zXccWcwDQYJKoZIhvcNAQEL >> BQAwGTEXMBUGA1UEAwwObG9jYWxob3N0OjgwNDIwHhcNMTcwMzA3MTA1NzI0WhcN >> MzcwMzA3MTA1NzI0WjAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODA0MjCCASIwDQYJ >> KoZIhvcNAQEBBQADggEPADCCAQoCggEBALdk2QNzLvTaGQ+JfzbqzEvUR4Rbl0yt >> gksokiknda446QTJDMCXRibeQ0jJks5i8IDSDH0CMTHg3RtO0UNCR1tLQ/5Ocnx0 >> ZK7CdBHtnKc++vQ7nX3IcJD1Qt7lrI3K8s2JcpJLL796vsiDcfCXo19zQnZGA+NM >> xiaOnytW/GiTSDbeHIGkaJK0GzEOGdf2a523WaMZtCWhO2Q2DHRphkb5Iz40piQ1 >> JBmf5Cx0iPCmJXZwommV8MjaYvxfQUHLHe9VYKMSJUJXkeFunyLV/VbX3rwE7fJK >> YACnc/l49jmCcffuFPoSyfeBxO/5V/NP2R6KThLITE9yYiGnpDGkt2UCAwEAAaNY >> MFYwHQYDVR0OBBYEFICPhiHbxQHx2TeVcoeS3Q9WNyaQMDUGA1UdEQQuMCyCDmxv >> Y2FsaG9zdDo4MDQyhhpsb2NhbGhvc3Q6ODA0MmlkcC9tZXRhZGF0YTANBgkqhkiG >> 9w0BAQsFAAOCAQEAgv7XbF+macOs+OLswlX0IEGfV2489zZyCbuyHq/wT+uYMMfC >> YhPP1g7nWObcE4O7nWeRM2AiAIE5l/6bTVtn1buc06QWJZyPH+dRJG26MQqrD6I2 >> 9o0Sw/q9pL+p/BGfB8nyxvD2PsYg1VhL64G7TLWOfpTQgWMxJrkPzYrLYTif06fj >> fotMcnmIzMtYP8TMUEyynPUTD5TUNjeBvalIO/pzXP8GuDy5qGczhjz6pgFlN1Oi >> MED+9FiXP/ZJ+97w1MUPUTXpQqY+POWiqlHQ3by9VgRfBj4ju/4TuGKclC4e6ntK >> EwXO+bVDxCMlkcHiAtUfu7JaY0IId1uM90lbxw== >> ', >> ), >> ), >> 'scope' => >> array ( >> 0 => 'localhost:8042', >> ), >> ); >> >> >> >> >> >> >> SP metadatas >> >> <?xml version="1.0"?> >> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" >> entityID="http://localhost:8000/simplesaml";> >> <md:SPSSODescriptor >> protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol >> urn:oasis:names:tc:SAML:2.0:protocol"> >> <md:SingleLogoutService >> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" >> Location="http://localhost:8000/simplesaml/module.php/saml/sp/saml2-logout.php/local-sso"/> >> <md:AssertionConsumerService >> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >> Location="http://localhost:8000/simplesaml/module.php/saml/sp/saml2-acs.php/local-sso"; >> index="0"/> >> <md:AssertionConsumerService >> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" >> Location="http://localhost:8000/simplesaml/module.php/saml/sp/saml1-acs.php/local-sso"; >> index="1"/> >> <md:AssertionConsumerService >> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" >> Location="http://localhost:8000/simplesaml/module.php/saml/sp/saml2-acs.php/local-sso"; >> index="2"/> >> <md:AssertionConsumerService >> Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" >> Location="http://localhost:8000/simplesaml/module.php/saml/sp/saml1-acs.php/local-sso/artifact"; >> index="3"/> >> </md:SPSSODescriptor> >> </md:EntityDescriptor> >> >> >> >> auth request >> >> >> >> <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" >> AssertionConsumerServiceURL="http://localhost:8000/simplesaml/module.php/saml/sp/saml2-acs.php/local-sso"; >> Destination="http://localhost:8042/cas/idp/profile/SAML2/Redirect/SSO"; >> ID="_dba8369b90c24b172fb07fc8bde77e9b323ba71f30" >> IssueInstant="2017-03-08T14:57:07Z" >> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >> Version="2.0"> >> <saml:Issuer>http://localhost:8000/simplesaml</saml:Issuer> >> <samlp:NameIDPolicy AllowCreate="true" >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/></samlp:AuthnRequest> >> >> >> >> response >> >> >> <?xml version="1.0" encoding="UTF-8"?> >> >> <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >> Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" >> ID="_5525762746082961547" IssueInstant="2017-03-08T10:36:39.837Z" >> Version="2.0"> >> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8042/cas/idp</saml2:Issuer> >> <saml2p:Status> >> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> >> >> <saml2p:StatusMessage>urn:oasis:names:tc:SAML:2.0:status:Success</saml2p:StatusMessage> >> </saml2p:Status> >> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >> ID="_759790977264922675" IssueInstant="2017-03-08T10:36:39.830Z" >> Version="2.0"> >> <saml2:Issuer>http://localhost:8042/cas/idp</saml2:Issuer> >> <saml2:Subject> >> <saml2:NameID >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">plegeay</saml2:NameID> >> <saml2:SubjectConfirmation >> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> >> <saml2:SubjectConfirmationData >> InResponseTo="_30cd159c03da7a2226630390df87f49edb3ab09381" >> NotOnOrAfter="2017-03-08T10:36:39.823Z" >> Recipient="http://localhost:8000/simplesaml/module.php/saml/sp/saml2-acs.php/local-sso"/> >> </saml2:SubjectConfirmation> >> </saml2:Subject> >> <saml2:Conditions NotBefore="2017-03-08T10:36:39.836Z" >> NotOnOrAfter="2017-03-08T10:36:39.836Z"> >> <saml2:AudienceRestriction> >> <saml2:Audience>http://localhost:8000/simplesaml</saml2:Audience> >> </saml2:AudienceRestriction> >> </saml2:Conditions> >> <saml2:AuthnStatement AuthnInstant="2017-03-08T10:36:39.823Z"> >> <saml2:SubjectLocality Address="http://localhost:8000/simplesaml"/> >> <saml2:AuthnContext> >> >> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef> >> </saml2:AuthnContext> >> </saml2:AuthnStatement> >> <saml2:AttributeStatement> >> <saml2:Attribute FriendlyName="samlAuthenticationStatementAuthMethod" >> Name="samlAuthenticationStatementAuthMethod"> >> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:type="xsd:string">urn:oasis:names:tc:SAML:1.0:am:password</saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="isFromNewLogin" Name="isFromNewLogin"> >> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:type="xsd:string">true</saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="authenticationDate" >> Name="authenticationDate"> >> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:type="xsd:string">2017-03-08T11:36:39.645+01:00[Europe/Paris]</saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="authenticationMethod" >> Name="authenticationMethod"> >> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:type="xsd:string">LdapAuthenticationHandler</saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="successfulAuthenticationHandlers" >> Name="successfulAuthenticationHandlers"> >> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:type="xsd:string">LdapAuthenticationHandler</saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="longTermAuthenticationRequestTokenUsed" >> Name="longTermAuthenticationRequestTokenUsed"> >> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:type="xsd:string">false</saml2:AttributeValue> >> </saml2:Attribute> >> </saml2:AttributeStatement> >> </saml2:Assertion></saml2p:Response> >> >> >> -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/54926d2d-a00e-4f29-a768-1d8e20045b60%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/54926d2d-a00e-4f29-a768-1d8e20045b60%40apereo.org?utm_medium=email&utm_source=footer> > . > >
-- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2a45e3d1-691b-41e0-ad3a-0a9b4152aaa3%40apereo.org.
