SAML2 auth fails because /cas/p3/serviceValidate returns a 403

20 views

Skip to first unread message

Mac Reid

unread,

Sep 1, 2017, 4:28:22 PM9/1/17

to CAS Community

Hello,

I am trying to setup SAML auth on CAS 5.1.3 server using the cas-services-management-overlay. I am trying to authenticate using testshib.org as a Service Provider.

This is using the built-in tomcat container and is running on RHEL 7 behind HAProxy using the non-ssl CAS endpoint.

Logging in to /cas/login works just fine without the SAML portion and I was able to configure the admin pages using CAS as well (that configuration is not present below).

The pom.xml is:

https://gist.github.com/mac-reid/2a8b151cd1caac0be312e8c104153fd2

The cas.properties file (located in /etc/cas/config/cas.properties)

https://gist.github.com/mac-reid/f191f76acc331abd6fa5bfdf9f87e90c

The testshib service registry:

https://gist.github.com/mac-reid/98915fbd2a38a9b061ba452df267aba0

The cas debug log output (org.apereo and org.ldaptive set to debug):

https://gist.github.com/mac-reid/4db25fddf35862f8ff8b82405130f3a6

I've read through a lot of the CAS 5.1.x documentation and I cannot seem to find what is missing. Any pointers or suggestions on how to get SAML2 auth working would be appreciated!

Thanks,

Mac Reid

Reply all

Reply to author

Forward

0 new messages