CAS 5.3.2 - Delegate auth to SAML2 IdP issue - No client found for name: SAML2Client

[Nebil Mabrouk]

Hello,

I followed the tutorial (https://apereo.github.io/2017/03/22/cas51-delauthn-tutorial/) to delegate CAS authentication to an external SAML2 IdP. 

It works well with CAS 5.2.x, but when I upgraded to CAS 5.3..2, I have the following errors:

==> In the browser I see:

Application Not Authorized to Use CAS

The application you attempted to authenticate to is not authorized to use CAS. This usually indicates that the application is not registered with CAS, or its authorization policy defined in its registration record prevents it from leveraging CAS functionality, or it's malformed and unrecognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS.

==> in the logs: 

ERROR [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <No client found for name: SAML2Client>

org.pac4j.core.exception.TechnicalException: No client found for name: SAML2Client

at org.pac4j.core.client.Clients.findClient(Clients.java:128) ~[pac4j-core-3.0.1.jar!/:?]

I added the following dependency in build.gradle 

compile "org.apereo.cas:cas-server-support-pac4j-webflow:${project.'cas.version'}"

Here are the properties I use:

cas.authn.pac4j.saml[0].keystorePassword=zzz
cas.authn.pac4j.saml[0].privateKeyPassword=zzz
cas.authn.pac4j.saml[0].serviceProviderEntityId=urn:mace:saml:pac4j.org
cas.authn.pac4j.saml[0].serviceProviderMetadataPath=<absolute-path>/sp-metadata.xml
cas.authn.pac4j.saml[0].keystorePath=<absolute-path>/keystore
cas.authn.pac4j.saml[0].identityProviderMetadataPath=https://xxxxx.oktapreview.com/app/xxxxxx/sso/saml/metadata

I also added the following service declaration 

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https://localhost:8446/iam-client-2(\\z|/.*)",
  "name" : "CAS Client 2",
  "id" : 3,
  "description" : "CAS java webapp client",
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
    "allowedAttributes" : {
      "@class" : "java.util.TreeMap",
      "Group" : "role",
      "FirstName" : "FirstName",
      "LastName" : "LastName",
      "Email" : "Email"
    }
  }
}

Have I missed something? please help

[Misagh Moayyed]

cas.authn.pac4j.saml[0].clientName=SAML2Client

--Misagh

---

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/914dc1d1-a924-46cd-96bc-7556040abda8%40apereo.org.

[Nebil Mabrouk]

Thank you Misagh, it works.

But this property does not exist in CAS documentation (https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#saml2).

Nebil

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/914dc1d1-a924-46cd-96bc-7556040abda8%40apereo.org.

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/308092497.6622737.1533154966534.JavaMail.zimbra%40unicon.net.

[Steve Hespelt]

IMHO, Nebil has a fair point. The pac4j.saml[0].clientName property is in the 5.2.x doc (line 27 of the SAML section under the Pac4j delegated authn section) but not the 5.3.x. Being paranoid & cynical, I have to wonder, if the documentation for 1 property has been removed, what are the odds it's the only piece of regressed documentation?  I have to jump back into CAS 5.3 soon, I need to invest the time into determining how to find all the config properties in the source code, because of my cynicism.

I give thanks each day for the excellent project & user community feedback, postings. helps us all, I suspect.

Hopefully, my cynicism will improved over the remainder of today...

-Steve

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/914dc1d1-a924-46cd-96bc-7556040abda8%40apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/308092497.6622737.1533154966534.JavaMail.zimbra%40unicon.net.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAKnBmdxvQKNFd0PmrnNN2NWWHpWTrLR3TZ9-XX_X8yj80QjdBQ%40mail.gmail.com.