[cas-user] Re: SAMLReponse Add new Attributes

Wed, 05 Jun 2019 03:26:26 -0700 

It is my first,
Keycloak provide me 

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID=" 
entity id here">
    <SPSSODescriptor AuthnRequestsSigned="false" 
WantAssertionsSigned="false"
            
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol 
urn:oasis:names:tc:SAML:1.1:protocol 
http://schemas.xmlsoap.org/ws/2003/07/secext";>
        <SingleLogoutService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
Location="http://bla-bla/broker/saml/endpoint"/>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
        </NameIDFormat>
        <AssertionConsumerService
                
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
Location="http://bla-bla/broker/saml/endpoint";
                index="1" isDefault="true" />
    </SPSSODescriptor>
</EntityDescriptor>


what I noticed , I caught exception


WHO: fberdugo
WHAT: 
[issuer=http://localhost:8443/cas/idp,destination=http://bla-bla/broker/saml/endpoint]
ACTION: SAML2_RESPONSE_CREATED
APPLICATION: CAS
WHEN: Wed Jun 05 10:06:03 UTC 2019
CLIENT IP ADDRESS: 192.168.1.3
SERVER IP ADDRESS: 172.21.82.63
=============================================================

>
2019-06-05 10:06:03,986 INFO 
[org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
 
- <Built the SAML response for ['bla bla here']>
2019-06-05 10:06:04,417 INFO 
[org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController]
 
- <Received SAML callback profile request [/cas/idp/profile/SAML2/Callback]>
2019-06-05 10:06:04,472 WARN 
[org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket 
[ST-1-93FkJllO7deg1GefbwSXjeNeQ7w6e26c3311c11] does not exist.>
2019-06-05 10:06:04,475 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-93FkJllO7deg1GefbwSXjeNeQ7w6e26c3311c11
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Wed Jun 05 10:06:04 UTC 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-06-05 10:06:04,504 ERROR 
[org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]]
 
- <Servlet.service() for servlet [dispatcherServlet] in context with path 
[/cas] threw exception [Request processing failed; nested exception is 
org.jasig.cas.client.validation.TicketValidationException: Ticket 
'ST-1-93FkJllO7deg1GefbwSXjeNeQ7w6e26c3311c11' not recognized] with root 
cause>
org.jasig.cas.client.validation.TicketValidationException: Ticket 
'ST-1-93FkJllO7deg1GefbwSXjeNeQ7w6e26c3311c11' not recognized
at 
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:84)
 
~[cas-client-core-3.5.1.jar!/:3.5.1]
at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:198)
 
~[cas-client-core-3.5.1.jar!/:3.5.1]
at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.validateRequestAndBuildCasAssertion(SSOSamlProfileCallbackHandlerController.java:132)
 
~[cas-server-support-saml-idp-web-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]
at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlProfileCallbackHandlerController.java:119)
 
~[cas-server-support-saml-idp-web-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]
at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 
~[?:?]

And do I need to do somehting with idp-metadata.xml , which was generated 
automatically by CAS?


вторник, 4 июня 2019 г., 20:12:16 UTC+3 пользователь Matthew Uribe написал:
>
> Do you have any other SPs working with this CAS instance, or is this your 
> first?
>
>
> On Tuesday, June 4, 2019 at 3:33:55 AM UTC-6, Andrey Seledkov wrote:
>>
>> Nothing helps
>>
>> my property file has next properties
>>
>> cas.authn.samlIdp.entityId=${cas.server.prefix}/idp
>> cas.authn.samlIdp.scope=${SERVER_NAME}
>> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
>> cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
>> cas.authn.samlIdp.attributeQueryProfileEnabled=true
>>
>>
>>
>>
>> вторник, 4 июня 2019 г., 4:20:53 UTC+3 пользователь Andy Ng написал:
>>>
>>> Hi Andrey,
>>>
>>> Can you try ReturnAllAttributeReleasePolicy, see if is the policy that 
>>> have problem, or is the release of attribute not correct.
>>>
>>> https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all
>>>
>>>
>>>
>>> Cheers!
>>> - Andy
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ea5a957e-93cb-43ce-ba54-66037a9324cb%40apereo.org.

Reply via email to