Using CAS 5.2.x with Concur Solutions
56 views
Skip to first unread message
JC
Apr 18, 2019, 11:40:02 AM4/18/19
to CAS Community
We are trying to setup CAS 5.2.6 for use with Concur Solutions as the SP. Per their tech support, they only support IdP initiated SSO and not SP initiated. I see that the 5.3.x branch of CAS has support for Concur, but I do not see anything really different in the service record that it creates in my test environment than the service record I created for 5.2. Just in case I did move it to our 5.2 test to see if it made a difference, but it did not.
I have also played around with using the /cas/idp/Unsolicited/SSO endpoint in a URL (https://cas.example.com/cas/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fwww.concursolutions.com&shire=https%3A%2F%2Fwww.concursolutions.com%2FSAMLRedirector%2FClientSAMLLogin.aspx), which logs me into CAS and returns the SAML2 callback URL with the following error
java.lang.IllegalArgumentException: Requested binding [{}] is not supported by entity id https://www.concursolutions.comHas anyone gotten this working for Concur? I'm not hugely familiar with the ins-and-outs of CAS (or SAML), and do not know what binding it is referring to, or even if CAS is throwing the error or if it is a response from Concur. Any help would be appreciated. Thanks,
James
Josh
Aug 19, 2019, 7:07:01 PM8/19/19
to CAS Community
Were you able to find a solution to this? We're running into the same issue with Concur Solutions on CAS v5.2.4.
Josh G
Aug 20, 2019, 1:18:03 PM8/20/19
to CAS Community
We were able to get this working by forcing the ACS binding provided by Concur Solutions to SAML2.0 instead of SAML1.1 as provided in the vendor supplied documentation
Example:
<EntityDescriptor entityID="https://---BASE-URL---" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://---BASE-URL---/SAMLRedirector/ClientSAMLLogin.aspx"/>
</SPSSODescriptor>
</EntityDescriptor>
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://---BASE-URL---/SAMLRedirector/ClientSAMLLogin.aspx"/>
</SPSSODescriptor>
</EntityDescriptor>
Reply all
Reply to author
Forward
0 new messages