[cas-user] CAS 6.1.6 and SAML service registry

Tue, 05 May 2020 04:27:35 -0700 

Hello,

I am using CAS 6.1.6 and I am trying to configure CAS as SAML2 IDP.

I included compile 
"org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}"  in 
build.gradle.

I am able to retrieve metadata information : 
https://cas.localhost/cas/idp/metadata

To test, I installed php-saml demo1 script from 
https://developers.onelogin.com/saml/php. Client URL is 
http://saml.localhost/demo1/

My client settings are :
 $settingsInfo = array (
        'sp' => array (
            'entityId' => $spBaseUrl.'/demo1/metadata.php',
            'assertionConsumerService' => array (
                'url' => $spBaseUrl.'/demo1/index.php?acs',
            ),
            'singleLogoutService' => array (
                'url' => $spBaseUrl.'/demo1/index.php?sls',
            ),
            'NameIDFormat' => 
'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        ),
        'idp' => array (
            'entityId' => 'https://cas.example.org/idp',
            'singleSignOnService' => array (
                'url' => 
'https://cas.localhost/cas/idp/profile/SAML2/Redirect/SSO',
            ),
            'singleLogoutService' => array (
                'url' => 
'https://cas.localhost/cas/idp/profile/SAML2/POST/SLO',
            ),
            'x509cert' => 'MIIDF...==',
        ),
    );

When trying to login, I get an error on CAS : service is not authorized.

I installed service registry as json file :

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" : "http://saml.localhost/demo1/metadata.php";,
  "name" : "saml",
  "id" : 2000,
  "evaluationOrder" : 10,
  "metadataLocation" : "http://saml.localhost/demo1/metadata.php";,
  "accessStrategy" : {
    "@class" : 
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "enabled" : true,
    "ssoEnabled" : true
  }
}

In CAS log, I can see :

[org.apereo.cas.services.AbstractServicesManager] - <Adding registered 
service [http://saml.localhost/demo1/metadata.php] with name [saml] and 
internal identifier [2000]>
[org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
 
- <Checking service access in CAS service registry for 
[AbstractWebApplicationService(id=http://saml.localhost/demo1/metadata.php, 
originalUrl=http://saml.localhost/demo1/metadata.php, artifactId=null, 
principal=null, source=null, loggedOutAlready=false, format=XML, 
attributes={})]>
[org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
 
- <[http://saml.localhost/demo1/metadata.php] is not found in the registry 
or service access is denied. Ensure service is registered in service 
registry>

Where is my error ? I tried to configure serviceId with regex, without 
success.

Can someone help ? Thanks


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/997ffe9d-db34-4a50-9619-608563115bf6%40apereo.org.

Reply via email to