Your error is about signing credentials for the IdP. Cas should create metadata and certificates. Perhaps cas is unable to write into the default directory, /etc/cas
If this is a just a POC, you could turn off signing. See service config here, https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html Ray On Thu, 2021-07-22 at 20:47 -0700, cheekian yap wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I'm doing a POC to integrate elastic cloud with apereo using SAML2 protocol. Here is my service registry configuration: { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "^https://yyy.kb.ap-northeast-1.aws.found.io.*";, "name" : "ElasticsearchSAMLService", "id" : 2, "evaluationOrder" : 2, "metadataLocation" : "file:/root/cas-overlay-template/saml-metadata/elasticsearch.xml", "issuerEntityId": "https://cas.sinlead.com/cas/idp"; } I'm able to redirect from kibana to apereo login page. However, after authenticate myself, I got an 500 Internal server error page. Here is the application log: 2021-07-23 11:39:49,831 INFO [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] - <Resolved metadata chain from [file:/root/cas-overlay-template/saml-metadata/elasticsearch.xml]. Filtering the chain by entity ID [https://yyy.kb.ap-northeast-1.aws.found.io:9243/]> 2021-07-23 11:39:49,834 INFO [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] - <Resolved metadata chain from [file:/root/cas-overlay-template/saml-metadata/elasticsearch.xml]. Filtering the chain by entity ID [https://yyy.kb.ap-northeast-1.aws.found.io:9243/]> 2021-07-23 11:39:49,886 ERROR [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner] - <Unable to locate any signing credentials for service [ElasticsearchSAMLService]> 2021-07-23 11:39:49,889 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: Unable to locate signing credentials ACTION: SAML2_RESPONSE_CREATED APPLICATION: CAS WHEN: Fri Jul 23 11:39:49 CST 2021 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 I was wondering what did I do wrong. I pretty sure the file path is correct. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cfa0907cefb07b217b45332bcdfaa677ee4aed15.camel%40uvic.ca.
