Can you try this with 5.3.12? On Thursday, September 5, 2019 at 6:46:44 PM UTC+4:30, Josh G wrote: > > Apologies for the bump - just wanted to see if anyone else has run into > this before? > > On Wednesday, August 21, 2019 at 11:44:03 AM UTC, Josh G wrote: >> >> Hi all - >> >> We are working on integrating a service (dmp.cdlib.org) in our CAS 5.2.x >> environment, but are having trouble accommodating a specific requirement, >> specifically setting the Destination in the SAML response. >> >> In order to validate our configuration, the vendor offers a test >> Shibboleth SP instance at https://dmptool.org/cgi-bin/PrintShibInfo.pl. >> >> Upon logging into the service, we are receiving the following error: >> >> opensaml::BindingException >> >> The system encountered an error at Wed Aug 21 04:40:17 2019 >> >> To report this problem, please contact the site administrator at >> u...@ucop.edu. >> >> Please include the following message in any email: >> >> opensaml::BindingException at ( >> https://uc3-dmpx2-prd-2c.cdlib.org/Shibboleth.sso/SAML2/POST) >> >> SAML message delivered with POST to incorrect server URL. >> >> The issue appears to be the SAML Response Destination is incorrect: >> >> >> *Here is an example of the SAML Request:* >> >> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> AssertionConsumerServiceURL=" >> https://dmptool.org/Shibboleth.sso/SAML2/POST" >> Destination="https://<CAS >> URL>.edu/cas/idp/profile/SAML2/Redirect/SSO" >> ID="_16cb2cd64c7aab9b86d5766ec9a86cf9" >> IssueInstant="2019-08-20T18:19:10Z" >> >> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >> Version="2.0" >> > >> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> >> https://dmp.cdlib.org</saml:Issuer> >> <samlp:NameIDPolicy AllowCreate="1" /> >> </samlp:AuthnRequest> >> >> *Here is a snipped of the SAML Response:* >> >> <saml2p:Response >> *Destination="https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST >> <https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST>"* >> ID="_1919448364467476034" >> InResponseTo="_16cb2cd64c7aab9b86d5766ec9a86cf9" >> IssueInstant="2019-08-20T18:19:10.862Z" >> Version="2.0" >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >> > >> >> >> >> The item in red above is incorrect, the Destination should be https:// >> dmptool.org/Shibboleth.sso/SAML2/POST. >> >> Is there a way in CAS to specify the Destination redirect? >> >> This is possible to do natively in Shibboleth IdP, however we run all of >> our InCommon SAML configuration (this is an InCommon Federated service) >> through CAS. >> >
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1458c7b4-4725-452d-b847-c60f7bb95413%40apereo.org.