It is finally working after debug Source code, I am so grateful with open
source, here is the key.
thanks Ray!
on CAS side, the generated sp-metadata.xml says:
https://localhost:8443/cas/login?client_name=bootsp2"/>
But, on my client, where I specify
on my client side where it loads IDP xml, what should SSO URL be, when CAS
delegates SAML authN to Okta?
https://localhost:8443/cas/idp/profile/SAML2/POST/SSO"/>
- this results in error on CAS, it tries to load from service registry,
matching SAML Service, which is not the case in delegated
Thanks Ray, making some progress, I now see the SP Meta data and keystore
being generated.
for delegated AuthN, here is the SAML request from my client app, it goes
to CAS, the authN request seems correct.
http://localhost:8081/saml/SSO; Destination=
Yan,
I was browsing the docs and
cas.authn.pac4j.saml[0].serviceProviderMetadataPath
cas.authn.pac4j.saml[0].serviceProviderEntityId
are for cas as a service provider metadata, not the destination application.
https://apereo.github.io/cas/6.6.x/integration/Delegate-Authentication-SAML.html
Ray
i think i am missing something fundamentally, but I do not know what it is.
I first excluded the dependency on cas-server-support-saml-idp because CAS
is delegating authN to Okta, I realize the login page does not even come
up, nothing shows in SAML Tracer. Then, I added this dependency, see
Yan,
Is it possible that the okta-cas config is incorrect and okta is returning an
error response which cas does not understand?
Are you using SAML Tracer to see the exchanges between SPs and IdPs?
If the keystore is not created, you can create it yourself. Or, turn off SAML
encryption between
Hi there,
When CAS is the SAML2 IDP, I am able to run a client app authenticating
successfully. But have trouble when CAS delegates authN to Okta (cas is
set up as a SP in Okta)
Client app runs on localhost:8081, CAS 6.6.x runs on localhost:8443,
delegate to Okta SAML2 IDP.
Here is
