There is one more service called SAML2CallbackProfile wich was suggested in
a tutorial:
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_saml_update-the-service-registry.html#create-a-service-definition-for-the-idp-endpoint
{
/*
* The CAS SAML IdP creates this endpoint as part of its initialization
* process at server startup time. If the service registry doesn't already
* contain an entry whose serviceId matches the endpoint, CAS will create
* a new service definition and save it to the registry. If the CAS server
* doesn't have write access to the registry, then the save will fail and
* the server will not start.
*
* To avoid that situation, and to make it clear that this endpoint is a
* "desired" service, it is defined explicitly here.
*/
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://<CAS-URL>/cas/idp/profile/SAML2/Callback.+"
,
"name" : "SAML Authentication Request",
"id" : 1558621367337136,
"evaluationOrder" : 100
}
But I am not sure if this is needed - but CAS loads it successfully on boot.
Is there any other simplistic service I could try to see if CAS loads
anything correct?
On Thursday, June 6, 2019 at 4:21:04 PM UTC+2, Matthew Uribe wrote:
>
> OK. So if root is running CAS, and root owns the json file, then that part
> should be fine. Do you have any other services registered that CAS is
> reading correctly?
>
> On Thursday, June 6, 2019 at 7:54:52 AM UTC-6, Fabian Schipp wrote:
>>
>> I am running the .war overlay. therefore I have no tomcat user.
>> But I checked the file, it's owned by the root user.
>> I then checked the process running the war file environment in the jdk
>> folder - it is also the root user.
>>
>> Am Donnerstag, 6. Juni 2019 15:37:05 UTC+2 schrieb Matthew Uribe:
>>>
>>> Is the devConfluence-1558621301329267.json file readable for whatever
>>> user/service is running CAS? When I forget to change ownership of my json
>>> files to the tomcat user, I run into the same issue.
>>>
>>>
>>> On Thursday, June 6, 2019 at 7:06:50 AM UTC-6, Fabian Schipp wrote:
>>>>
>>>> Hi everyone,
>>>>
>>>> I am currently trying to connect Confluence as SAML SP with a CAS 6
>>>> instance.
>>>> CAS Server on its own is running fine. I added a SAML service I created
>>>> using the docs chapter on SAML services:
>>>>
>>>> https://apereo.github.io/cas/6.0.x/installation/Configuring-SAML2-Authentication.html#saml-services
>>>>
>>>> My SAML service:
>>>> {
>>>> "@class" :
>>>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>>> "serviceId" : "https://<CONFLUENCE_DOMAIN>/
>>>> plugins/servlet/samlsso",
>>>> "name" : "dev Confluence Application",
>>>> "id" : 1558621301329267,
>>>> "metadataLocation" :
>>>> "https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso/metadata",
>>>> "evaluationOrder" : 10
>>>> }
>>>>
>>>> But CAS does load the service but it looks like it is malformed in some
>>>> way.
>>>>
>>>> I checked some things that might have gone wrong:
>>>> - the metadata-URL does link to the correct metadata of the SP
>>>> - the serviceId matches the corresponding URL from the confluence system
>>>> - the id field matches the name of the service-filename (it is called
>>>> devConfluence-1558621301329267.json)
>>>>
>>>> The output I get is this:
>>>> 2019-06-06 14:56:58,002 DEBUG
>>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>>>
>>>> - <Located issuer [https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso]
>>>> from authentication request>
>>>>
>>>> 2019-06-06 14:56:58,004 DEBUG
>>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>>>
>>>> - <Checking service access in CAS service registry for
>>>> [AbstractWebApplicationService(id=https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso,
>>>>
>>>> originalUrl=https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso,
>>>> artifactId=null, principal=null, source=null, loggedOutAlready=false,
>>>> format=XML, attributes={})]>
>>>>
>>>> 2019-06-06 14:56:58,024 WARN
>>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>>>
>>>> - <[https://<CONFLUENCE_DOMAIN>/plugins/servlet/samlsso] is not found in
>>>> the registry or service access is denied. Ensure service is registered in
>>>> service registry>
>>>>
>>>> So there is another service registry I have to register my service in?
>>>> Are there any more fields that are mandatory to include in the service?
>>>> If so I can't find the correct pafe on the docs that says so.
>>>>
>>>> I am realy lost on this one. Any help is appreciated.
>>>>
>>>> Thank you very much.
>>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8dd6b366-77b8-4d1e-9bec-4a97063efcdc%40apereo.org.
