Hi, I have issues when i want to integrate SAMLService for certain SP (2 for now) on 6.4.0 branch (witch was working on 6.2.8 branch).
Here the log WARN/ERROR of CAS for these services. 2021-09-29 11:25:50,231 DEBUG > [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] > - <Attempting to validate signature using key from supplied credential> > 2021-09-29 11:25:50,231 DEBUG > [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] > - <Accessing XMLSignature object> > 2021-09-29 11:25:50,231 DEBUG > [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] > - <Validating signature with signature algorithm URI: > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> > 2021-09-29 11:25:50,231 DEBUG > [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] > - <Validation credential key algorithm 'RSA', key instance class > 'sun.security.rsa.RSAPublicKeyImpl'> > 2021-09-29 11:25:50,236 DEBUG > [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] > - <Signature validated with key from supplied credential> > 2021-09-29 11:25:50,236 INFO > [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] > - <Successfully validated the request signature.> > 2021-09-29 11:25:51,337 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - > <Locating assertion consumer service url for binding [null] and index [0]> > 2021-09-29 11:25:51,337 WARN [org.apereo.cas.support.saml.SamlIdPUtils] - > <Unable to locate acs url in for entity [ > https://preprod-talents.elsatis.fr] and binding [null] with index [0]> > 2021-09-29 11:25:51,337 DEBUG > [org.opensaml.saml.metadata.support.SAML2MetadataSupport] - <Selecting > default IndexedEndpoint> > 2021-09-29 11:25:51,337 DEBUG > [org.opensaml.saml.metadata.support.SAML2MetadataSupport] - > <IndexedEndpoint list was null or empty, returning null> > 2021-09-29 11:25:51,341 ERROR > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] > - <Endpoint for null is not available or does not define a binding for null> > org.apereo.cas.support.saml.SamlException: Endpoint for null is not > available or does not define a binding for null > at > org.apereo.cas.support.saml.SamlIdPUtils.determineEndpointForRequest(SamlIdPUtils.java:160) > ~[cas-server-support-saml-idp-core-6.4.0.jar!/:6.4.0] > Certains services are ok but for 2 others, AuthRequest is broken (it was working on 6.2.8 version). here in the mail the metadata of the broken integration (i don't know what is missing...) It seems that "var acsUrl = authnRequest.getAssertionConsumerServiceURL();" of https://github.com/apereo/cas/blob/a2a50a0fc99c89dc8de59ccd3e2b3f50add3def9/support/cas-server-support-saml-idp-core/src/main/java/org/apereo/cas/support/saml/SamlIdPUtils.java#L319 gives null, don't know if it's normal or not... Thanks for your help PS : i have tried a lot of version of the sp metadata without no success -- Jérôme Rautureau (https://github.com/le-zell) -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BM02Yvtk4cuc8AM_OxF6HLkXMDPhWXOjY59-V%2B9G%2BnMfdMB0Q%40mail.gmail.com.
<?xml version="1.0" encoding="UTF-8"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://preprod-talents.elsatis.fr";> <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:X509Data> <ds:X509Certificate>MIIDmTCCAoGgAwIBAgIEHV/ITDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJGUjEQMA4GA1UECBMHVW5rbm93bjERMA8GA1UEBxMIRGFyZGlsbHkxFTATBgNVBAoTDEZvZWRlcmlzIFBNRTEQMA4GA1UECxMHVW5rbm93bjEgMB4GA1UEAxMXQWRtaW5pc3RyYXRldXIgRm9lZGVyaXMwHhcNMTkxMDE3MTI1NjQxWhcNMjkxMDE0MTI1NjQxWjB9MQswCQYDVQQGEwJGUjEQMA4GA1UECBMHVW5rbm93bjERMA8GA1UEBxMIRGFyZGlsbHkxFTATBgNVBAoTDEZvZWRlcmlzIFBNRTEQMA4GA1UECxMHVW5rbm93bjEgMB4GA1UEAxMXQWRtaW5pc3RyYXRldXIgRm9lZGVyaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Yp3ixd+Y7CGmeptDyZvhrD7mv3EzHibEh07w1JmXFGoqIFRtghdCHZ55G4QmCi7DlLvNxWY5mNf9BpSeBmU1Ez1g0I4yA8/nA/n3g7noajN3Jdrg/kiSuH4O3zE3oCUA0fscrEOAsFcS+joAdHE+kSiNgD05ZDdfssEw7M5uWaMnvUH96eDp/IowM/7jTE0IkZCbVjzbjHaA//EfjBCyGjZyRzmiVT0T4/bhot0wziPwanJZzvXhpzcmoG+/0rFLyyWb3b6fJ5kM3AeiiJiHTUV41ToX8CRAFb9mvgaCLXwxLW/dDy/nhjy3+uHd/Z+lrJMFkac7unu0U3WG8OR5AgMBAAGjITAfMB0GA1UdDgQWBBQKg5WK+ZJcSBfj7Kbce51MJrJyMDANBgkqhkiG9w0BAQsFAAOCAQEALgvWrMahxbKzJX8V7nF0Sdpfhd5/wirS+3+sV6UJ7VOPbcZn4wUwMltlRAHTL/v41fLR1Nbbhh4p/ht5O20ZgyGToRrU2WXttyXb8mQRVtllsI5ukCgbN838f2yguoK1oYQ9LkTnn9cHvs94bgM3kimEHYr+WFFWLcmeaHrwxy4Tozo/F/i/G5pPeh96HXa7wn2unMTBiUqi3RGh+Jt0icItsVkFMM9Q7TPXQcfbhgyMkSd18FFMtb8TWhKd/Vs4M4yosgzybFMgLBKXpvVhhJNyZEwHQWDwcM3A6hyuTfdjlVjC3iYZ/HCP4azkX03iToTEJu9wAz6RFZ2+NU7xow==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:X509Data> <ds:X509Certificate>MIIDmTCCAoGgAwIBAgIEHV/ITDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJGUjEQMA4GA1UECBMHVW5rbm93bjERMA8GA1UEBxMIRGFyZGlsbHkxFTATBgNVBAoTDEZvZWRlcmlzIFBNRTEQMA4GA1UECxMHVW5rbm93bjEgMB4GA1UEAxMXQWRtaW5pc3RyYXRldXIgRm9lZGVyaXMwHhcNMTkxMDE3MTI1NjQxWhcNMjkxMDE0MTI1NjQxWjB9MQswCQYDVQQGEwJGUjEQMA4GA1UECBMHVW5rbm93bjERMA8GA1UEBxMIRGFyZGlsbHkxFTATBgNVBAoTDEZvZWRlcmlzIFBNRTEQMA4GA1UECxMHVW5rbm93bjEgMB4GA1UEAxMXQWRtaW5pc3RyYXRldXIgRm9lZGVyaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Yp3ixd+Y7CGmeptDyZvhrD7mv3EzHibEh07w1JmXFGoqIFRtghdCHZ55G4QmCi7DlLvNxWY5mNf9BpSeBmU1Ez1g0I4yA8/nA/n3g7noajN3Jdrg/kiSuH4O3zE3oCUA0fscrEOAsFcS+joAdHE+kSiNgD05ZDdfssEw7M5uWaMnvUH96eDp/IowM/7jTE0IkZCbVjzbjHaA//EfjBCyGjZyRzmiVT0T4/bhot0wziPwanJZzvXhpzcmoG+/0rFLyyWb3b6fJ5kM3AeiiJiHTUV41ToX8CRAFb9mvgaCLXwxLW/dDy/nhjy3+uHd/Z+lrJMFkac7unu0U3WG8OR5AgMBAAGjITAfMB0GA1UdDgQWBBQKg5WK+ZJcSBfj7Kbce51MJrJyMDANBgkqhkiG9w0BAQsFAAOCAQEALgvWrMahxbKzJX8V7nF0Sdpfhd5/wirS+3+sV6UJ7VOPbcZn4wUwMltlRAHTL/v41fLR1Nbbhh4p/ht5O20ZgyGToRrU2WXttyXb8mQRVtllsI5ukCgbN838f2yguoK1oYQ9LkTnn9cHvs94bgM3kimEHYr+WFFWLcmeaHrwxy4Tozo/F/i/G5pPeh96HXa7wn2unMTBiUqi3RGh+Jt0icItsVkFMM9Q7TPXQcfbhgyMkSd18FFMtb8TWhKd/Vs4M4yosgzybFMgLBKXpvVhhJNyZEwHQWDwcM3A6hyuTfdjlVjC3iYZ/HCP4azkX03iToTEJu9wAz6RFZ2+NU7xow==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://preprod-talents.elsatis.fr/router/login/loginSaml"; index="0" /> </md:SPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>Administrateur</md:GivenName> <md:EmailAddress>[email protected]</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="support"> <md:GivenName>Support</md:GivenName> <md:EmailAddress>[email protected]</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor>
