Hi all, I'm trying to configure CAS 3.5.8 to be SAML2 IdP; I'm trying to do an SSO login with a Spring sample app too ( https://github.com/spring-projects/spring-security-saml). When the sample app send auth request, CAS says "Application Not Authorized to Use CAS".
Below the log's messages
INFO [org.apereo.cas.support.saml.web.idp.profile.sso.request.
DefaultSSOSamlHttpRequestExtractor] Received SAML profile request [/cas-jpa/
idp/profile/SAML2/POST/SSO]
DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
DefaultSSOSamlHttpRequestExtractor] Locating SAML object from message
context...
DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.
DefaultSSOSamlHttpRequestExtractor] Decoded SAML object [{urn:oasis:names:tc
:SAML:2.0:protocol}AuthnRequest] from http request
INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [issuer=https:
//localhost:7777/saml/login,binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]
ACTION: SAML2_REQUEST_CREATED
APPLICATION: CAS
WHEN: Thu May 16 17:27:10 CEST 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=============================================================
DEBUG [org.apereo.cas.support.saml.web.idp.profile.
AbstractSamlProfileHandlerController] Located issuer
[https://localhost:7777/saml/login]
from authentication request
DEBUG [org.apereo.cas.support.saml.web.idp.profile.
AbstractSamlProfileHandlerController] Checking service access in CAS
service registry for [https://localhost:7777/saml/login]
ERROR [org.apereo.cas.support.saml.web.idp.profile.
AbstractSamlProfileHandlerController] CAS has found a match for service [
https://localhost:7777/saml/login] in registry but the match is not defined
as a SAML service
WARN [org.springframework.web.servlet.mvc.method.annotation.
ExceptionHandlerExceptionResolver] Resolved [org.apereo.cas.services.
UnauthorizedServiceException: screen.service.error.message] to ModelAndView:
reference to view with name 'casServiceErrorView'; model is {
rootCauseException=org.apereo.cas.services.UnauthorizedServiceException: }
INFO [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null',
this.callbackUrl='https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
DEBUG [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] Authentication request is not
identified as an OAuth request
INFO [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null',
this.callbackUrl='https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize'
DEBUG [org.apereo.cas.support.oauth.services.
OAuth20AuthenticationServiceSelectionStrategy] Authentication request is not
identified as an OAuth request
Below my configuration
# === SAML 2 Idp
cas.authn.samlIdp.entityId=https://localhost:6443/cas-jpa/idp
cas.authn.samlIdp.metadata.location=file:${etc.cas.dir}saml
cas.authn.samlIdp.attributeQueryProfileEnabled=true
Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ded45e8-7b70-42f6-b3d3-c9a55bbdd22c%40apereo.org.
CASSAML2CallbackProfile-999020.json
Description: application/json
idp-metadata.xml
Description: XML document
SAML2_client5-109005.json
Description: application/json
SAML2_client5-109005.xml
Description: XML document
