Hello,
I am using CAS 6.1.6 and I am trying to configure CAS as SAML2 IDP.
I included compile
"org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}" in
build.gradle.
I am able to retrieve metadata information :
https://cas.localhost/cas/idp/metadata
To test, I installed php-saml demo1 script from
https://developers.onelogin.com/saml/php. Client URL is
http://saml.localhost/demo1/
My client settings are :
$settingsInfo = array (
'sp' => array (
'entityId' => $spBaseUrl.'/demo1/metadata.php',
'assertionConsumerService' => array (
'url' => $spBaseUrl.'/demo1/index.php?acs',
),
'singleLogoutService' => array (
'url' => $spBaseUrl.'/demo1/index.php?sls',
),
'NameIDFormat' =>
'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
),
'idp' => array (
'entityId' => 'https://cas.example.org/idp',
'singleSignOnService' => array (
'url' =>
'https://cas.localhost/cas/idp/profile/SAML2/Redirect/SSO',
),
'singleLogoutService' => array (
'url' =>
'https://cas.localhost/cas/idp/profile/SAML2/POST/SLO',
),
'x509cert' => 'MIIDF...==',
),
);
When trying to login, I get an error on CAS : service is not authorized.
I installed service registry as json file :
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "http://saml.localhost/demo1/metadata.php";,
"name" : "saml",
"id" : 2000,
"evaluationOrder" : 10,
"metadataLocation" : "http://saml.localhost/demo1/metadata.php";,
"accessStrategy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}
In CAS log, I can see :
[org.apereo.cas.services.AbstractServicesManager] - <Adding registered
service [http://saml.localhost/demo1/metadata.php] with name [saml] and
internal identifier [2000]>
[org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
- <Checking service access in CAS service registry for
[AbstractWebApplicationService(id=http://saml.localhost/demo1/metadata.php,
originalUrl=http://saml.localhost/demo1/metadata.php, artifactId=null,
principal=null, source=null, loggedOutAlready=false, format=XML,
attributes={})]>
[org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
- <[http://saml.localhost/demo1/metadata.php] is not found in the registry
or service access is denied. Ensure service is registered in service
registry>
Where is my error ? I tried to configure serviceId with regex, without
success.
Can someone help ? Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/997ffe9d-db34-4a50-9619-608563115bf6%40apereo.org.
