I've already activated all logger to debug level and in my log I can see my service definition :
[org.apereo.cas.services. AbstractServicesManager] - <Adding registered service [ http://saml.localhost/demo1/metadata.php] with name [saml] and internal identifier [2000]> Is this mean my service is loaded and accepted ? Le mardi 5 mai 2020 17:20:05 UTC+2, rbon a écrit : > > Marc, > > This looks like the service is not being read/loaded. > Check which services are loaded. > <!-- INFO Loaded [#] service(s) from [???ServiceRegistryDAO] > DEBUG Adding registered service [service URL] --> > <AsyncLogger > name="org.apereo.cas.services.AbstractServicesManager" level="debug" /> > > Ray > > On Tue, 2020-05-05 at 04:27 -0700, Matthieu Marc wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > Hello, > > I am using CAS 6.1.6 and I am trying to configure CAS as SAML2 IDP. > > I included compile > "org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}" in > build.gradle. > > I am able to retrieve metadata information : > https://cas.localhost/cas/idp/metadata > > To test, I installed php-saml demo1 script from > https://developers.onelogin.com/saml/php. Client URL is > http://saml.localhost/demo1/ > > My client settings are : > $settingsInfo = array ( > 'sp' => array ( > 'entityId' => $spBaseUrl.'/demo1/metadata.php', > 'assertionConsumerService' => array ( > 'url' => $spBaseUrl.'/demo1/index.php?acs', > ), > 'singleLogoutService' => array ( > 'url' => $spBaseUrl.'/demo1/index.php?sls', > ), > 'NameIDFormat' => > 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', > ), > 'idp' => array ( > 'entityId' => 'https://cas.example.org/idp', > 'singleSignOnService' => array ( > 'url' => ' > https://cas.localhost/cas/idp/profile/SAML2/Redirect/SSO', > ), > 'singleLogoutService' => array ( > 'url' => ' > https://cas.localhost/cas/idp/profile/SAML2/POST/SLO', > ), > 'x509cert' => 'MIIDF...==', > ), > ); > > When trying to login, I get an error on CAS : service is not authorized. > > I installed service registry as json file : > > { > "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", > "serviceId" : "http://saml.localhost/demo1/metadata.php";, > "name" : "saml", > "id" : 2000, > "evaluationOrder" : 10, > "metadataLocation" : "http://saml.localhost/demo1/metadata.php";, > "accessStrategy" : { > "@class" : > "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", > "enabled" : true, > "ssoEnabled" : true > } > } > > In CAS log, I can see : > > [org.apereo.cas.services.AbstractServicesManager] - <Adding registered > service [http://saml.localhost/demo1/metadata.php] with name [saml] and > internal identifier [2000]> > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] > > - <Checking service access in CAS service registry for > [AbstractWebApplicationService(id=http://saml.localhost/demo1/metadata.php, > originalUrl=http://saml.localhost/demo1/metadata.php, artifactId=null, > principal=null, source=null, loggedOutAlready=false, format=XML, > attributes={})]> > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] > > - <[http://saml.localhost/demo1/metadata.php] is not found in the > registry or service access is denied. Ensure service is registered in > service registry> > > Where is my error ? I tried to configure serviceId with regex, without > success. > > Can someone help ? Thanks > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/418a4a5b-b8d5-4ca7-b423-eddfe2ce0c16%40apereo.org.
