There is one more service called SAML2CallbackProfile wich was suggested in
a tutorial:
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_saml_update-the-service-registry.html#create-a-service-definition-for-the-idp-endpoint
{
/*
* The CAS SAML IdP creates this endpoint as part of its initialization
* process at server startup time. If the service registry doesn't already
* contain an entry whose serviceId matches the endpoint, CAS will create
* a new service definition and save it to the registry. If the CAS server
* doesn't have write access to the registry, then the save will fail and
* the server will not start.
*
* To avoid that situation, and to make it clear that this endpoint is a
* "desired" service, it is defined explicitly here.
*/
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://<CAS-URL>/cas/idp/profile/SAML2/Callback.+"
,
"name" : "SAML Authentication Request",
"id" : 1558621367337136,
"evaluationOrder" : 100
}
But I am not sure if this is needed - but CAS loads it successfully on boot.
Is there any other simplistic service I could try to see if CAS loads
anything correct?
On Thursday, June 6, 2019 at 4:21:04 PM UTC+2, Matthew Uribe wrote:
>
> OK. So if root is running CAS, and root owns the json file, then that part
> should be fine. Do you have any other services registered that CAS is
> reading correctly?
>
> On Thursday, June 6, 2019 at 7:54:52 AM UTC-6, Fabian Schipp wrote:
>>
>> I am running the .war overlay. therefore I have no tomcat user.
>> But I checked the file, it's owned by the root user.
>> I then checked the process running the war file environment in the jdk
>> folder - it is also the root user.
>>
>> Am Donnerstag, 6. Juni 2019 15:37:05 UTC+2 schrieb Matthew Uribe:
>>>
>>> Is the devConfluence-1558621301329267.json file readable for whatever
>>> user/service is running CAS? When I forget to change ownership of my json
>>> files to the tomcat user, I run into the same issue.
>>>
>>>
>>> On Thursday, June 6, 2019 at 7:06:50 AM UTC-6, Fabian Schipp wrote:
>>>>
>>>> Hi everyone,
>>>>
>>>> I am currently trying to connect Confluence as SAML SP with a CAS 6
>>>> instance.
>>>> CAS Server on its own is running fine. I added a SAML service I created
>>>> using the docs chapter on SAML services:
>>>>
>>>> https://apereo.github.io/cas/6.0.x/installation/Configuring-SAML2-Authentication.html#saml-services
>>>>
>>>> My SAML service:
>>>> {
>>>> "@class" :
>>>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>>> "serviceId" : "https://<CONFLUENCE_DOMAIN>/
>>>> plugins/servlet/samlsso",
>>>> "name" : "dev Confluence Application",
>>>> "id" : 1558621301329267,
>>>> "metadataLocation" :
>>>> "https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso/metadata",
>>>> "evaluationOrder" : 10
>>>> }
>>>>
>>>> But CAS does load the service but it looks like it is malformed in some
>>>> way.
>>>>
>>>> I checked some things that might have gone wrong:
>>>> - the metadata-URL does link to the correct metadata of the SP
>>>> - the serviceId matches the corresponding URL from the confluence system
>>>> - the id field matches the name of the service-filename (it is called
>>>> devConfluence-1558621301329267.json)
>>>>
>>>> The output I get is this:
>>>> 2019-06-06 14:56:58,002 DEBUG
>>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>>>
>>>> - <Located issuer [https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso]
>>>> from authentication request>
>>>>
>>>> 2019-06-06 14:56:58,004 DEBUG
>>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>>>
>>>> - <Checking service access in CAS service registry for
>>>> [AbstractWebApplicationService(id=https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso,
>>>>
>>>> originalUrl=https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso,
>>>> artifactId=null, principal=null, source=null, loggedOutAlready=false,
>>>> format=XML, attributes={})]>
>>>>
>>>> 2019-06-06 14:56:58,024 WARN
>>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>>>
>>>> - <[https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso] is not found in
>>>> the registry or service access is denied. Ensure service is registered in
>>>> service registry>
>>>>
>>>> So there is another service registry I have to register my service in?
>>>> Are there any more fields that are mandatory to include in the service?
>>>> If so I can't find the correct pafe on the docs that says so.
>>>>
>>>> I am realy lost on this one. Any help is appreciated.
>>>>
>>>> Thank you very much.
>>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8dd6b366-77b8-4d1e-9bec-4a97063efcdc%40apereo.org.
