Hi Ray, the first declaration of serviceId was "https://localhost:7777/saml/login"; as you suggested but the error was the same.
The file SAML2_client5-109005.xml contains the demo app metadata and is imported by the service's JSON with declaration "metadataLocation": "/home/user/Documents/eclipse-workspace/DEV_CERTIFICATE_UTIL/SAML2_client5-109005.xml" Thanks Il giorno venerdì 17 maggio 2019 21:33:50 UTC+2, rbon ha scritto: > > Nicola, > > I assume you have imported SP metadata. > Perhaps you have to name your service registry entry "serviceId" : " > https://localhost:7777/saml/login"; to match the entityId. > > Ray > > On Fri, 2019-05-17 at 01:55 -0700, Nicola Boldrin wrote: > > Hi all, > I'm trying to configure CAS 3.5.8 to be SAML2 IdP; I'm trying to do an SSO > login with a Spring sample app too ( > https://github.com/spring-projects/spring-security-saml). > When the sample app send auth request, CAS says "Application Not > Authorized to Use CAS". > > Below the log's messages > > INFO [org.apereo.cas.support.saml.web.idp.profile.sso.request. > DefaultSSOSamlHttpRequestExtractor] Received SAML profile request [ > /cas-jpa/idp/profile/SAML2/POST/SSO] > DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request. > DefaultSSOSamlHttpRequestExtractor] Locating SAML object from message > context... > DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request. > DefaultSSOSamlHttpRequestExtractor] Decoded SAML object [{urn:oasis:names: > tc:SAML:2.0:protocol}AuthnRequest] from http request > INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > Audit trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: [issuer=https: > //localhost:7777/saml/login,binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] > ACTION: SAML2_REQUEST_CREATED > APPLICATION: CAS > WHEN: Thu May 16 17:27:10 CEST 2019 > CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 > SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 > ============================================================= > > > > > DEBUG [org.apereo.cas.support.saml.web.idp.profile. > AbstractSamlProfileHandlerController] Located issuer > [https://localhost:7777/saml/login] > from authentication request > DEBUG [org.apereo.cas.support.saml.web.idp.profile. > AbstractSamlProfileHandlerController] Checking service access in CAS > service registry for [https://localhost:7777/saml/login] > ERROR [org.apereo.cas.support.saml.web.idp.profile. > AbstractSamlProfileHandlerController] CAS has found a match for service [ > https://localhost:7777/saml/login] in registry but the match is not > defined as a SAML service > WARN [org.springframework.web.servlet.mvc.method.annotation. > ExceptionHandlerExceptionResolver] Resolved [org.apereo.cas.services. > UnauthorizedServiceException: screen.service.error.message] to > ModelAndView: reference to view with name 'casServiceErrorView'; model is > {rootCauseException=org.apereo.cas.services.UnauthorizedServiceException: > } > INFO [org.apereo.cas.support.oauth.services. > OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', > this.callbackUrl=' > https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize' > DEBUG [org.apereo.cas.support.oauth.services. > OAuth20AuthenticationServiceSelectionStrategy] Authentication request is > not identified as an OAuth request > INFO [org.apereo.cas.support.oauth.services. > OAuth20AuthenticationServiceSelectionStrategy] service='null', svc='null', > this.callbackUrl=' > https://localhost:6443/cas-jpa/oauth2.0/callbackAuthorize' > DEBUG [org.apereo.cas.support.oauth.services. > OAuth20AuthenticationServiceSelectionStrategy] Authentication request is > not identified as an OAuth request > > > > Below my configuration > > # === SAML 2 Idp > > > cas.authn.samlIdp.entityId=https://localhost:6443/cas-jpa/idp > cas.authn.samlIdp.metadata.location=file:${etc.cas.dir}saml > cas.authn.samlIdp.attributeQueryProfileEnabled=true > > > > Thanks > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e1438cb-cfce-48cc-8cf1-e3e93e403610%40apereo.org.
