Clarification attempting to follow https://fawnoos.com/2019/01/18/cas61-saml2-idp-incommon/+
Now have 3 SPs working using the incommon metadata all with the same metadataLocation, those 3 are working fine (Equivalent to the Almond and Coco in the example) but when attempting to add the "All Others" section getting an error that the metadata can't be parsed. Is there an issue with memory or something similar? On Friday, February 2, 2024 at 1:42:16 PM UTC-5 atilling wrote: > Trying to add a service provider from incommon, have one service provider > working getting an error when trying to access a second one: > > 2024-02-02 11:49:20,456 INFO > [org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver] > > - <Metadata file designated for service [PeopleAdmin] already exists at > path > [/etc/cas/saml/idp/metadata-backups/382b60a9f8c9677793e7711043ee8d9805fe2572.xml].> > > 2024-02-02 11:49:23,410 INFO > [org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.BaseSamlRegisteredServiceMetadataResolver] > > - <Metadata signature location is undefined for [ > https://md.incommon.org/InCommon/InCommon-metadata.xml]; metadata > signature validation will not be invoked> > > 2024-02-02 11:49:42,961 INFO > [org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.BaseSamlRegisteredServiceMetadataResolver] > > - <Initialized metadata resolver from [ > https://md.incommon.org/InCommon/InCommon-metadata.xml]> > > 2024-02-02 11:49:43,080 WARN > [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] > > - <SAML metadata resolver > [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver] obtained > from the cache is unable to produce/resolve valid metadata from [ > https://md.incommon.org/InCommon/InCommon-metadata.xml]. Metadata > resolver cache entry with key > [ec3dbe763cb47bb5fb789f5daa2842e8fb8c7a8d76ae088017c5c20b2cdfe23d0406b562f2b6af931fbe2e4dce97fd1f7e2edf784be65dcc4c652eab1b37d147] > > has been invalidated. Retry attempt: [2]> > > *2024-02-02 11:49:43,080 ERROR > [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] > > - <Unable to locate a valid SAML metadata resolver for > https://md.incommon.org/InCommon/InCommon-metadata.xml > <https://md.incommon.org/InCommon/InCommon-metadata.xml> to locate > [EntityRoleCriterion > [role={urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor], > EntityIdCriterion [id=https://pa4078.peopleadmin.com/shibboleth > <https://pa4078.peopleadmin.com/shibboleth>]]* > > * > SamlRegisteredServiceDefaultCachingMetadataResolver.java:lambda$resolve$1:94* > > * RetryTemplate.java:doExecute:329* > > * RetryTemplate.java:execute:209* > > *>* > > 2024-02-02 11:49:43,080 WARN > [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] > > - <No metadata could be found for [ > https://pa4078.peopleadmin.com/shibboleth]> > > 2024-02-02 11:49:43,080 WARN [org.apereo.cas.util.function.FunctionUtils] > - <Cannot find metadata linked to > https://pa4078.peopleadmin.com/shibboleth > > > AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:493 > > > AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:311 > > > AbstractSamlIdPProfileHandlerController.java:lambda$handleSsoPostProfileRequest$4:648 > > > > > *2024-02-02 11:49:43,081 ERROR [org.apereo.cas.web.support.WebUtils] - > <Cannot find metadata linked to https://pa4078.peopleadmin.com/shibboleth > <https://pa4078.peopleadmin.com/shibboleth>* > > * > AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:493* > > * > AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:311* > > * > AbstractSamlIdPProfileHandlerController.java:lambda$handleSsoPostProfileRequest$4:648* > > *>* > > > Also have the entry in cas.properties for: > > cas.saml-sp.in-common.metadata= > https://md.incommon.org/InCommon/InCommon-metadata.xml > > service json looks like this > > { > @class: org.apereo.cas.support.saml.services.SamlRegisteredService > serviceId: https://pa4078.peopleadmin.com/shibboleth > name: PeopleAdmin > id: 1706734145472 > description: InCommon SAML SP Integration for PeopleAdmin > evaluationOrder: 2147483642 <(214)%20748-3642> > usernameAttributeProvider: > { > @class: > org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider > usernameAttribute: eduPersonPrincipalName > } > attributeReleasePolicy: > { > @class: org.apereo.cas.services.ChainingAttributeReleasePolicy > policies: > [ > java.util.ArrayList > [ > { > @class: > org.apereo.cas.services.ReturnMappedAttributeReleasePolicy > allowedAttributes: > { > @class: java.util.TreeMap > displayName: > [ > java.util.ArrayList > [ > urn:oid:2.16.840.1.113730.3.1.241 > ] > ] > eduPersonPrimaryAffiliation: > [ > java.util.ArrayList > [ > urn:oid:1.3.6.1.4.1.5923.1.1.1.5 > ] > ] > eduPersonPrincipalName: > [ > java.util.ArrayList > [ > urn:oid:1.3.6.1.4.1.5923.1.1.1.6 > emailaddress > ] > ] > givenName: > [ > java.util.ArrayList > [ > givenname > ] > ] > sn: > [ > java.util.ArrayList > [ > surname > ] > ] > } > } > ] > ] > mergingPolicy: REPLACE > principalAttributesRepository: > { > @class: > org.apereo.cas.authentication.principal.ChainingPrincipalAttributesRepository > } > consentPolicy: > { > @class: > org.apereo.cas.services.consent.ChainingRegisteredServiceConsentPolicy > } > authorizedToReleaseAuthenticationAttributes: true > } > metadataLocation: https://md.incommon.org/InCommon/InCommon-metadata.xml > metadataCriteriaDirection: INCLUDE > metadataCriteriaPattern: https://authproxy.conity.com/saml2 > signingCredentialType: BASIC > } > > > cas.saml-sp.in-common.metadata= > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2895d0b6-5669-4705-84d7-f54339b6eec7n%40apereo.org.
