We have a CAS 4.15 server which authenticates for our Shib IDP 3.1 using shibcas (Unicon/shib-cas-authn3<https://github.com/Unicon/shib-cas-authn3/tree/master/IDP_HOME/flows/authn/Shibcas>). The service requests are getting to CAS with the EntityID of the SP correctly according to the CAS log: 129.1.77.5 443 - [29/Aug/2017:16:15:21 -0400] "GET /cas/login?service=https%3A%2F%2Fssotest.bgsu.edu%2Fidp%2FAuthn%2FExtCas%3Fconversation%3De12s1&entityId=https%3A%2F%2Fwww.okta.com%2Fsaml2%2Fservice-provider%2FXXXXXXXXXXXXXXXXXXXX HTTP/1.1" 200 16933 5 HTTP/1.1 ... But, the CAS log shows the Service with the conversation parameter on the service URL, but not the EntityID: 2017-08-29 16:15:21,382 WARN [http-bio-8080-exec-163] [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: Unauthorized Service Access. Service [https://ssotest.bgsu.edu/idp/Authn/ExtCas?conversation=e12s1] is not found in service registry. I thought maybe the logger was just not showing the whole service, but I found that I can define the ServiceID up to the conversation= parameter and it matches; but if I include "&entityId=" it failes to match, so it clearly is not there when it evaluates the service.
Why is it not getting the whole service parm that is passed to it? On the IDP side for the shibcas config I do have "shibcas.entityIdLocation = embed" Thanks. Ted Fisher Bowling Green State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR05MB29443D4C122C040699518F4DC09F0%40MWHPR05MB2944.namprd05.prod.outlook.com.