Hello, I am using CAS 6.1.6 and I am trying to configure CAS as SAML2 IDP.
I included compile "org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}" in build.gradle. I am able to retrieve metadata information : https://cas.localhost/cas/idp/metadata To test, I installed php-saml demo1 script from https://developers.onelogin.com/saml/php. Client URL is http://saml.localhost/demo1/ My client settings are : $settingsInfo = array ( 'sp' => array ( 'entityId' => $spBaseUrl.'/demo1/metadata.php', 'assertionConsumerService' => array ( 'url' => $spBaseUrl.'/demo1/index.php?acs', ), 'singleLogoutService' => array ( 'url' => $spBaseUrl.'/demo1/index.php?sls', ), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', ), 'idp' => array ( 'entityId' => 'https://cas.example.org/idp', 'singleSignOnService' => array ( 'url' => 'https://cas.localhost/cas/idp/profile/SAML2/Redirect/SSO', ), 'singleLogoutService' => array ( 'url' => 'https://cas.localhost/cas/idp/profile/SAML2/POST/SLO', ), 'x509cert' => 'MIIDF...==', ), ); When trying to login, I get an error on CAS : service is not authorized. I installed service registry as json file : { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "http://saml.localhost/demo1/metadata.php", "name" : "saml", "id" : 2000, "evaluationOrder" : 10, "metadataLocation" : "http://saml.localhost/demo1/metadata.php", "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true } } In CAS log, I can see : [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [http://saml.localhost/demo1/metadata.php] with name [saml] and internal identifier [2000]> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Checking service access in CAS service registry for [AbstractWebApplicationService(id=http://saml.localhost/demo1/metadata.php, originalUrl=http://saml.localhost/demo1/metadata.php, artifactId=null, principal=null, source=null, loggedOutAlready=false, format=XML, attributes={})]> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <[http://saml.localhost/demo1/metadata.php] is not found in the registry or service access is denied. Ensure service is registered in service registry> Where is my error ? I tried to configure serviceId with regex, without success. Can someone help ? Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/997ffe9d-db34-4a50-9619-608563115bf6%40apereo.org.