Dear Abdelrahman,
Below you can find the configuration and ther service json.
Thanks for your support
cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
cas.authn.wsfedIdp.idp.realmName=CAS
cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
cas.authn.wsfedIdp.sts.encryptTokens=false
cas.authn.wsfedIdp.sts.signingKeystoreFile=file:/etc/cas/config/signing.jks
cas.authn.wsfedIdp.sts.signingKeystorePassword=changeit
cas.authn.wsfedIdp.sts.encryptionKeystoreFile=file
:/etc/cas/config/encryption.jks
cas.authn.wsfedIdp.sts.encryptionKeystorePassword=changeit
cas.authn.wsfedIdp.sts.realm.keystoreFile=file:/etc/cas/config/realmcas.jks
cas.authn.wsfedIdp.sts.realm.keystorePassword=changeit
cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
cas.authn.wsfedIdp.sts.realm.keyPassword=changeit
cas.authn.wsfedIdp.sts.realm.issuer=CAS
cas.authn.wsfedIdp.sts.crypto.signing.key=xxxxxx
cas.authn.wsfedIdp.sts.crypto.signing.keySize=xxx
cas.authn.wsfedIdp.sts.crypto.encryption.key=xxxxxx
cas.authn.wsfedIdp.sts.crypto.encryption.keySize=xxx
cas.authn.wsfedIdp.sts.crypto.enabled=true
{
"@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
"serviceId" : "https://devsp.xxx.xxx.xxx/.*";,
"realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
"name" : "Simple WS fed test application",
"id" : 101,
"evaluationOrder" : 2,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled":true,
"caseInsensitive":true
}
}
On Tuesday, November 12, 2019 at 11:40:40 AM UTC+3, Abdelrahman Halawa
wrote:
>
> Hi Mohammed,
>
> Could you share your WS-Fed configuration with the CAS and JSON file of
> the service as well may I help you.
>
>
>
>
> On Tue, Nov 12, 2019 at 7:39 AM mohamed gamal <[email protected]
> <javascript:>> wrote:
>
>> Hello Steve,
>> Thanks for your support.
>> but now I am getting this error
>> DEBUG [org.apereo.cas.support.realm.UriRealmParser] - <URI realm parsed:
>> [CAS]>
>> │
>> │2019-11-11 13:22:51,868 WARN
>> [org.apache.cxf.sts.token.provider.SAMLTokenProvider] - <>
>>
>> │
>> │java.lang.ClassCastException: class java.lang.String cannot be cast to
>> class java.net.URI (java.lang.String and java.net.URI are in module
>> java.base of loader 'bootstrap') │
>> │ at
>> org.apereo.cas.support.claims.CustomNamespaceWSFederationClaimsClaimsHandler$CustomNamespaceWSFederationClaimsList.contains(CustomNamespaceWSFederationClaimsClaimsHandler.java:58)
>>
>> ~[cas-server-suppor│
>> │ at
>> org.apache.cxf.sts.claims.ClaimsManager.filterHandlerClaims(ClaimsManager.java:286)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.claims.ClaimsManager.handleClaims(ClaimsManager.java:191)
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:149)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:110)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.claims.ClaimsUtils.processClaims(ClaimsUtils.java:57)
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider.getStatement(ClaimsAttributeStatementProvider.java:38)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createCallbackHandler(SAMLTokenProvider.java:336)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:307)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:121)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:172)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:85)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[?:?]
>> │
>> │ at
>> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>
>> ~[?:?]
>> │
>> │ at
>> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>> ~[?:?]
>> │
>> │ at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>
>> │
>> │ at
>> org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(SecurityTokenServiceProvider.java:244)
>>
>> ~[cxf-rt-ws-security-3.3.2.jar!/:3.3.2]
>>
>>
>> and this
>>
>> at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
>>
>> ~[tomcat-coyote-9.0.20.jar!/:9.0.20]
>> │
>> │ at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1839)
>>
>> ~[tomcat-coyote-9.0.20.jar!/:9.0.20]
>> │
>> │ at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>>
>> ~[tomcat-coyote-9.0.20.jar!/:9.0.20]
>> │
>> │ at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>>
>> ~[?:?]
>> │
>> │ at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>>
>> ~[?:?]
>> │
>> │ at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>
>> ~[tomcat-embed-core-9.0.20.jar!/:9.0.20]
>> │
>> │ at java.lang.Thread.run(Thread.java:834) [?:?]
>>
>> │
>> │2019-11-11 13:22:51,868 WARN
>> [org.apache.cxf.sts.operation.TokenIssueOperation] - <>
>>
>> │
>> │org.apache.cxf.ws.security.sts.provider.STSException: The specified
>> request failed
>> │
>> │ at
>> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:181)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:172)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at
>> org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:85)
>>
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>> │
>> │ at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[?:?]
>> │
>> │ at
>> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>
>> ~[?:?]
>> │
>> │ at
>> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>> ~[?:?]
>> │
>> │ at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>
>> │
>> │ at
>> org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(SecurityTokenServiceProvider.java:244)
>>
>> ~[cxf-rt-ws-security-3.3.2.jar!/:3.3.2]
>> │
>> │ at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[?:?]
>> │
>> │ at
>> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>
>> ~[?:?]
>> │
>> │
>>
>>
>> On Monday, November 11, 2019 at 3:39:57 AM UTC+3, Steve Cheung wrote:
>>>
>>> Hi mohamed,
>>>
>>> Please try this whether can help to solve your problem.
>>>
>>> 1. Enable the service registry module in CAS
>>> /etc/cas/config/cas.properties
>>> cas.serviceRegistry.initFromJson=false
>>> cas.serviceRegistry.json.location:file:/etc/cas/services
>>>
>>> 2. Place the enabled services file under /etc/cas/services
>>>
>>> File name: HTTPSandIMAPS-10000001.json
>>>
>>> Json content sample which only allows https and imaps call:
>>> {
>>> "@class": "org.apereo.cas.services.RegexRegisteredService",
>>> "serviceId": "^(https|imaps)://.*",
>>> "name": "HTTPS and IMAPS",
>>> "id": 10000001,
>>> "description": "This service definition authorizes all application
>>> urls that support HTTPS and IMAPS protocols.",
>>> "evaluationOrder": 10000
>>> }
>>>
>>>
>>> Regards, Steve
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Sun, Nov 10, 2019 at 2:36 AM mohamed gamal <[email protected]>
>>> wrote:
>>>
>>>> Hello everyone,
>>>> I am trying to integrate cas with a share point application using
>>>> WS-FED I added the service file and the application connects normally to
>>>> cas. the app redirects the user to cas for authentication, the user is
>>>> authenticated by cas and I can see in logs that the user is authenticated
>>>> and everything looks fine. But after the authentication the user is shown
>>>> a
>>>> message "Application Not Authorized to Use CAS". I am using the git
>>>> service
>>>> registry could this be the problem ? any idea how to solve this ?
>>>> kindest regards.
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b7414a7-b714-400d-a1ea-16ee001b7f56%40apereo.org
>>>>
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b7414a7-b714-400d-a1ea-16ee001b7f56%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/baa7c049-66d7-4266-845d-6812e6c81782%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/baa7c049-66d7-4266-845d-6812e6c81782%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>
> --
> Best regards,
> ------------------------------------
>
>
>
> *Abdelrahman Halawa*
> Teacher Assistant, Computer and Systems Department, Al-Azhar University
> +2 01008131693 | [email protected] <javascript:> | Skype:
> abdelrahmanhalawa <https://mail.google.com/mail/u/0/#> | Maadi, Cairo,
> Egypt
> <http://eg.linkedin.com/pub/abdelrahman-halawa/2b/689/886>
> <http://twitter.com/Abdelrahman_S_H>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5cb531b7-fb8e-4da3-b7d7-f64f605bff45%40apereo.org.
