Hi, Is there any update on this issue?
Thanks in advance. On Tuesday, 4 September 2018 18:34:10 UTC+5:30, sarika deshmukh wrote: > > Hi Ganesh, > > Sorry for the late reply. > I have checked logs as well, it seems like CAS is not connecting with OKTA > at the time of logout. > > log details: > 2018-09-04 17:29:21,173 DEBUG > [org.apereo.cas.support.saml.services.SamlIdPSingleLogoutServiceLogoutUrlBuilder] > > - <Service [AbstractRegisteredService(serviceId=^https://.*, name=HTTPS, > theme=null, informationUrl=null, privacyUrl=null, responseType=null, > id=10000001, description=This service definition authorizes all application > urls that support HTTPS and IMAPS protocols., > expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, > > notifyWhenDeleted=false, expirationDate=null), > proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, > evaluationOrder=10000, > usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, > > logoutType=BACK_CHANNEL, requiredHandlers=[], > attributeReleasePolicy=ReturnAllowedAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, > > principalAttributesRepository=DefaultPrincipalAttributesRepository(), > consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, > excludedAttributes=null, includeOnlyAttributes=null), > authorizedToReleaseCredentialPassword=false, > authorizedToReleaseProxyGrantingTicket=false, > excludeDefaultAttributes=false, > authorizedToReleaseAuthenticationAttributes=true, > principalIdAttribute=null), allowedAttributes=[]), > multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], > > failureMode=NOT_SET, principalAttributeNameTrigger=null, > principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, > logoutUrl=https://localhost:8443/cas/logout, > accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, > enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, > delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[SAML2Client]), > > requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, > caseInsensitive=false), publicKey=null, properties={}, contacts=[])] is not > a SAML service, or its logout url could not be determined> > 2018-09-04 17:29:21,173 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder] - > <Logout request will be sent to [https://localhost:8443/cas/logout] for > service [AbstractWebApplicationService(id= > https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl= > https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, > [email protected], source=service, loggedOutAlready=false, > format=XML, attributes={})]> > 2018-09-04 17:29:21,174 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Prepared logout url [[https://localhost:8443/cas/logout]] for service > [AbstractWebApplicationService(id= > https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl= > https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, > [email protected], source=service, loggedOutAlready=false, > format=XML, attributes={})]> > 2018-09-04 17:29:21,174 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Creating logout request for [AbstractWebApplicationService(id= > https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl= > https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, > [email protected], source=service, loggedOutAlready=false, > format=XML, attributes={})] and ticket id > [ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12]> > 2018-09-04 17:29:21,401 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout > request > [DefaultLogoutRequest(ticketId=ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12, > service=AbstractWebApplicationService(id= > https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl= > https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, > [email protected], source=service, loggedOutAlready=false, > format=XML, attributes={}), status=NOT_ATTEMPTED, logoutUrl= > https://localhost:8443/cas/logout)] created for > [AbstractWebApplicationService(id= > https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl= > https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, > [email protected], source=service, loggedOutAlready=false, > format=XML, attributes={})] and ticket id > [ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12]> > 2018-09-04 17:29:21,401 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout > type registered for [AbstractWebApplicationService(id= > https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl= > https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, > [email protected], source=service, loggedOutAlready=false, > format=XML, attributes={})] is [BACK_CHANNEL]> > 2018-09-04 17:29:21,402 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Creating back-channel logout request based on > [DefaultLogoutRequest(ticketId=ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12, > service=AbstractWebApplicationService(id= > https://localhost:8443/vcm/j_spring_cas_security_check, originalUrl= > https://localhost:8443/vcm/j_spring_cas_security_check, artifactId=null, > [email protected], source=service, loggedOutAlready=false, > format=XML, attributes={}), status=NOT_ATTEMPTED, logoutUrl= > https://localhost:8443/cas/logout)]> > 2018-09-04 17:29:21,478 DEBUG > [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated > logout message: [<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-1-Zkra8FA-8YIF7kVhWkRWyAWy" Version="2.0" > IssueInstant="2018-09-04T17:29:21Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12</samlp:SessionIndex></samlp:LogoutRequest>]> > 2018-09-04 17:29:21,478 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Preparing logout request for [ > https://localhost:8443/vcm/j_spring_cas_security_check] to [ > https://localhost:8443/cas/logout]> > 2018-09-04 17:29:21,485 DEBUG > [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - > <Prepared logout message to send is [HttpMessage(url= > https://localhost:8443/cas/logout, > message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-1-Zkra8FA-8YIF7kVhWkRWyAWy%22+Version%3D%222.0%22+IssueInstant%3D%222018-09-04T17%3A29%3A21Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-1-SDZwYUPRAVYcRYqnvtBi0D-XrIQSCS-S12%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E, > > responseCode=0, asynchronous=true, > contentType=application/x-www-form-urlencoded)]. Sending...> > 2018-09-04 17:29:21,532 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] > - <Created HTTP post message payload [POST > https://localhost:8443/cas/logout HTTP/1.1]> > 2018-09-04 17:29:21,558 INFO [org.apereo.cas.logout.DefaultLogoutManager] > - <[1] logout requests were processed> > > > I have gone through the CAS codebase, as per my understanding, CAS is not > getting some SAML metadata for a given SP for logout. > I have added "SamlRegisteredService" service registry for the same but no > luck. > > service registry: > > { > "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", > "serviceId" : "urn:herb:saml:pac4j.org", > "name" : "SAMLService", > "id" : 10000003, > "evaluationOrder" : 10, > "metadataLocation" : " > https://myoktaClient.com/app/exkfsyqtvxlhZ2i9f0h7/sso/saml/metadata"; > } > > Also, I have added logoutType and logoutUrl in HTTPSandIMAPS-10000001.json > registry file as below, > > "logoutType": "BACK_CHANNEL", > "logoutUrl":"https://localhost:8443/cas/logout";, > > > Is there anything missing? > > Thanks, > Sarika D. > > > On Monday, 2 October 2017 12:49:48 UTC+5:30, Антон Шихмат wrote: >> >> Hello everyone, >> >> I'm trying to integrate CAS SAML 2 delegated auth with OKTA using this >> tutorial https://apereo.github.io/2017/03/22/cas51-delauthn-tutorial/ >> CAS properties file should contain such values: keystore path (that >> contains OKTA signing certificate), keystore password and private key >> password. >> OKTA provides signing certificate, so I can create a keystore using it. >> But OKTA does not provide private key for this certificate (or at least I >> cannot find it). I cannot left this value empty, because I will receive an >> exception during CAS startup. >> Can anyone help me, how can I configure OKTA integration without private >> key or where I can find it? >> >> Thanks >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6ddbe837-cac5-4001-854d-b5bc6f2ff610%40apereo.org.
