We were able to get this working by forcing the ACS binding provided by Concur Solutions to SAML2.0 instead of SAML1.1 as provided in the vendor supplied documentation
Example: <EntityDescriptor entityID="https://---BASE-URL---"; xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://---BASE-URL---/SAMLRedirector/ClientSAMLLogin.aspx"/> </SPSSODescriptor> </EntityDescriptor> On Monday, August 19, 2019 at 11:07:01 PM UTC, Josh wrote: > > Were you able to find a solution to this? We're running into the same > issue with Concur Solutions on CAS v5.2.4. > > On Thursday, April 18, 2019 at 3:40:02 PM UTC, JC wrote: >> >> We are trying to setup CAS 5.2.6 for use with Concur Solutions as the SP. >> Per their tech support, they only support IdP initiated SSO and not SP >> initiated. I see that the 5.3.x branch of CAS has support for Concur, but I >> do not see anything really different in the service record that it creates >> in my test environment than the service record I created for 5.2. Just in >> case I did move it to our 5.2 test to see if it made a difference, but it >> did not. >> >> I have also played around with using the /cas/idp/Unsolicited/SSO >> endpoint in a URL ( >> https://cas.example.com/cas/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fwww.concursolutions.com&shire=https%3A%2F%2Fwww.concursolutions.com%2FSAMLRedirector%2FClientSAMLLogin.aspx), >> >> which logs me into CAS and returns the SAML2 callback URL with the >> following error >> >> java.lang.IllegalArgumentException: Requested binding [{}] is not supported >> by entity id https://www.concursolutions.com >> >> >> Has anyone gotten this working for Concur? I'm not hugely familiar with >> the ins-and-outs of CAS (or SAML), and do not know what binding it is >> referring to, or even if CAS is throwing the error or if it is a response >> from Concur. Any help would be appreciated. Thanks, >> >> >> James >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/325b3fa9-b2d2-4a0e-87eb-bc3ccaa89abf%40apereo.org.
