I will agree with Robert. The space is being sent to cas. Use samltracer (or built in chrome dev tools) to see the request.
Ray On Mon, 2021-07-05 at 13:01 +0000, King, Robert wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Just a guess, but the serviced with the errant space likely comes from the SP. For example… · hitting the login url - /cas/login?service=defnotaservice Will result in the following WARN error message: WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Unauthorized Service Access. Service [defnotaservice] is not found in service registry.> Where defnotaservice is defined by the request to the cas login endpoint. I am assuming it is likely the same the SAML IdP endpoint. From: [email protected] <[email protected]> On Behalf Of Jason B. Rappaport Sent: Friday, July 2, 2021 5:09 PM To: [email protected] Subject: [EXTERNAL SMIME] [cas-user] CAS as a SAML IDP adds a space within the entity ID when checking the service registry I am trying to figure out why CAS, acting as a SAML IDP is adding a space in the middle of an SP entity ID when doing a service registry evaluation. We have configured our CAS sever to act as a SAML IDP. For an SP that is trying to authenticate against CAS, we are seeing an application is not registered error. When I look at the SAML tracer I see: <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://myEntityIDOfMySP</saml2:Issuer<https://myEntityIDOfMySP%3c/saml2:Issuer>> Within the metadata file for the SP, the entity ID is the same as above. Within CAS, I see this: Jul 2 11:14:43 CASSERVERHostName user [https: //myEntityIDOfMySP] is not found in the registry or service access is denied. Ensure service is registered in service registry Notice the space between https: and //. I have no idea where this is coming from. When I check the service registry entry, I don’t see this either: "serviceId" : " https://myEntityIDOfMySP<https://myEntityIDOfMySP%3c>" Has anyone seen this before? Thanks, Jay ________________________________ Jason Rappaport (he/him) Identity and Access Management Analyst Office of Information Technology Email: [email protected]<mailto:[email protected]> Office: 609-258-8464 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR04MB5156D96D43780CE0F82F8063CC1F9%40BL0PR04MB5156.namprd04.prod.outlook.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR04MB5156D96D43780CE0F82F8063CC1F9%40BL0PR04MB5156.namprd04.prod.outlook.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aec3bc6aa80cf42c31eded4ed607466d6c2bdcf4.camel%40uvic.ca.
