Are you behind a proxy server? I've had a similar issue due to our Nginx proxy blocking the request.
Thanks, Mike From: "Michael Daley" <[email protected]> To: "CAS Community" <[email protected]> Sent: Thursday, April 2, 2020 11:43:47 AM Subject: [cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request Hi, A vendor (gartner) performing an sp-initiated SSO to our HTTP-POST binding in unable to complete the authentication webflow. The url that CAS send's the user to on the login page is over 3900 characters long, and appears to cause a browser error. We get 400 - Bad Request when clicking on "sign in". I've used the saml-sp-integration to configure this. cas.samlSp.gartner.name=Gartner cas.samlSp.gartner.metadata=/etc/cas/services/sp-metadata/gartner.xml cas.samlSp.gartner.description=Gartner Integration cas.samlSp.gartner.nameIdAttribute=email cas.samlSp.gartner.attributes=givenName,sn,email cas.samlSp.gartner.entityIds=http://www.gartner.com cas.samlSp.gartner.signResponses=true cas.samlSp.gartner.signAssertions=true There are no errors in the cas log. Running CAS 6.1.5. Also tested against 6.2.0-RC3 Attaching the only logs i could find that could be relevent. I've stripped out some of the base64 encoded SAMLRequest. DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Created service url [https://idp_hostname/cas/idp/profile/SAML2/Callback?entityId=http%3A%2F%2Fwww.gartner.com&SAMLRequest=PD94bWwgdmVyc2lv...]> DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Redirecting SAML authN request to [https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3QuY2NyaS5lZHUvY2FzL2lkcC9wcm9maWxlL1NBTUwyL1BPU1QvU1NPIiBJRD0iSGhFMTZsNldLcWxyRjVmcG5ReV9IODdXSzBRIiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDQtMDJUMTI6Mzg6MjYuMjQxWiIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5h{ removed part of the request param } GF5MkdVQWE5UG5mbmw4ClJhb0IwTjZLaE9mdTBqTTJ0djJoT2VaVVNqNTA0blo2dmJaOXQ3MU5EdGJiNkl2VnZleEgzN0lGVGF3Wk1Cd2hsc3VFWm5SZlFDUGkKbks5dVBWL1pNdFpGTGtYb1l1U3FjV21xTFlrZm1KZTVVQT09CjwvZHM6WDUwOUNlcnRpZmljYXRlPgo8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8%252BCjwvZHM6U2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4%253D%26RelayState%3DOBr0GYRPutE46ryaLYWwapTklrOUUx]> DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Created service url [https://idp_hostname/cas/idp/profile/SAML2/Callback?entityId=http%3A%2F%2Fwww.gartner.com&SAMLRequest=PD94bWwgdmVyc2lv...]> DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Redirecting SAML authN request to [https://idp_hostname/cas/login?service=https%3A%2F%2Fidp_hostname%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dhttp%253A%252F%252Fwww.gartner.com%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3N0c3Rlc3{ removed part of the request param }m5SZlFDUGkKbks5dVBWL1pNdFpGTGtYb1l1U3FjV21xTFlrZm1KZTVVQT09CjwvZHM6WDUwOUNlcnRpZmljYXRlPgo8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8%252BCjwvZHM6U2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4%253D%26RelayState%3DOBr0GYRPutE46ryaLYWwapTklrOUUx]> DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: Thanks for any help. -- - Website: [ https://apereo.github.io/cas | https://apereo.github.io/cas ] - Gitter Chatroom: [ https://gitter.im/apereo/cas | https://gitter.im/apereo/cas ] - List Guidelines: [ https://goo.gl/1VRrw7 | https://goo.gl/1VRrw7 ] - Contributions: [ https://goo.gl/mh7qDG | https://goo.gl/mh7qDG ] --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [ mailto:[email protected] | [email protected] ] . To view this discussion on the web visit [ https://groups.google.com/a/apereo.org/d/msgid/cas-user/65fca71a-4f64-44f8-a2c1-f19b44b0c241%40apereo.org?utm_medium=email&utm_source=footer | https://groups.google.com/a/apereo.org/d/msgid/cas-user/65fca71a-4f64-44f8-a2c1-f19b44b0c241%40apereo.org ] . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/443768275.36721916.1585844646462.JavaMail.zimbra%40scad.edu.
