Hi all - We are working on integrating a service (dmp.cdlib.org) in our CAS 5.2.x environment, but are having trouble accommodating a specific requirement, specifically setting the Destination in the SAML response.
In order to validate our configuration, the vendor offers a test Shibboleth SP instance at https://dmptool.org/cgi-bin/PrintShibInfo.pl. Upon logging into the service, we are receiving the following error: opensaml::BindingException The system encountered an error at Wed Aug 21 04:40:17 2019 To report this problem, please contact the site administrator at [email protected]. Please include the following message in any email: opensaml::BindingException at (https://uc3-dmpx2-prd-2c.cdlib.org/Shibboleth.sso/SAML2/POST) SAML message delivered with POST to incorrect server URL. The issue appears to be the SAML Response Destination is incorrect: *Here is an example of the SAML Request:* <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://dmptool.org/Shibboleth.sso/SAML2/POST"; Destination="https://<CAS URL>.edu/cas/idp/profile/SAML2/Redirect/SSO" ID="_16cb2cd64c7aab9b86d5766ec9a86cf9" IssueInstant="2019-08-20T18:19:10Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://dmp.cdlib.org</saml:Issuer> <samlp:NameIDPolicy AllowCreate="1" /> </samlp:AuthnRequest> *Here is a snipped of the SAML Response:* <saml2p:Response *Destination="https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST"* ID="_1919448364467476034" InResponseTo="_16cb2cd64c7aab9b86d5766ec9a86cf9" IssueInstant="2019-08-20T18:19:10.862Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > The item in red above is incorrect, the Destination should be https:// dmptool.org/Shibboleth.sso/SAML2/POST. Is there a way in CAS to specify the Destination redirect? This is possible to do natively in Shibboleth IdP, however we run all of our InCommon SAML configuration (this is an InCommon Federated service) through CAS. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c56fd3d2-72fe-4ac6-9aad-d45f1db09541%40apereo.org.
