Greetings. I’m working with CAS 5.3.1-SNAPSHOT, and trying to get SAML 1.1 service validation to work so that I can return attributes to services. When the service does a samlValidate to validate the service ticket and retrieve the attributes in SAML 1.1 format, CAS throws an error. The message says RegisteredServiceResponseHeadersEnforcementFilter is blocking this request, which was caused by a NullPointerException.
I’ve been struggling with this for the past few days, but I haven’t been able to figure it out yet. I have turned on DEBUG logging, which shows me that the attributes are being retrieved from the LDAP source, but the log doesn’t give me a clue (at least not that I have been able to decipher) about why samlValidate is failing.
If anyone can give me a clue how to solve this issue, I would greatly appreciate it.
Here are the dependencies I’ve added to the pom.xml file:
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<!--
...Additional dependencies may be placed here...
-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
<!-- Add support for SAML 1.1 (/samlValidate) - LED -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml</artifactId>
<version>${cas.version}</version>
</dependency>
<!-- Needed for org.apereo.cas.rest.factory.ServiceTicketResourceEntityResponseFactory -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-rest</artifactId>
<version>${cas.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
Here is what is in my cas.properties file:
cas.server.name: https://xxxxxxxx.xxxxxxxxxxxxx.xxx:8443
cas.server.prefix: https://xxxxxxxx.xxxxxxxxxxxxx.xxx:8443/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config: file:/etc/cas/config/log4j2.xml
# LDAP connection info for authentication
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl= ldap://xxxxxxxxx.xxxxxxx.xxx:3268
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0]. baseDn=dc=XXXXXXX,dc=XXX
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].bindDn= cn=XXXxxxx,ou=XxX,ou=XXXXXXX,ou=XXXXXX,dc=XXX,dc=XXXXXXX,dc=XXX
cas.authn.ldap[0].bindCredential={cipher}fvAAETwcJ8WuLsLvCxzschMoP2rCIb1m1NIgUe5cinuarm5GSztFqQ==
# Attribute repository settings
cas.authn.attributeRepository.expirationTime=30
cas.authn.attributeRepository.expirationTimeUnit=MINUTES
cas.authn.attributeRepository.maximumCacheSize=10000
cas.authn.attributeRepository.merger=ADD
# LDAP connection info for attribute repository
cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://xxxxxxxxx.xxxxxxx.xxx:3268
cas.authn.attributeRepository.ldap[0].useSsl=false
cas.authn.attributeRepository.ldap[0].baseDn=dc=XXXXXXX,dc=XXX
cas.authn.attributeRepository.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.attributeRepository.ldap[0].bindDn=cn=XXXxxxx,ou=XxX,ou=XXXXXXX,ou=XXXXXX,dc=XXX,dc=XXXXXXX,dc=XXX
cas.authn.attributeRepository.ldap[0].bindCredential={cipher}fvAAETwcJ8WuLsLvCxzschMoP2rCIb1m1NIgUe5cinuarm5GSztFqQ==
cas.authn.attributeRepository.ldap[0].attributes.displayName=name
cas.authn.attributeRepository.ldap[0].attributes.givenName=first_name
cas.authn.attributeRepository.ldap[0].attributes.sn=last_name
cas.authn.attributeRepository.ldap[0].attributes.cn=cn
cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=bearpass_Login
cas.authn.attributeRepository.ldap[0].attributes.mailNickname=bearpass_EmailID
cas.authn.attributeRepository.ldap[0].attributes.mail=EmailAddress
cas.authn.attributeRepository.ldap[0].attributes.userPrincipalName=userPrincipalName
cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute1=campus
cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute2=primary_role
cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute9=UDC_IDENTIFIER
cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute12=isGuest
cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute13=isStaff
cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute14=isFaculty
cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute15=isStudent
cas.serviceRegistry.json.location=file:/etc/cas/services
cas.serviceRegistry.managementType=DEFAULT
The service is defined like this:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https?://xxxxxxxx.xxxxxxxxxxxxx.xxx/.*",
"name" : "Xxxxxxxx",
"id" : 10000003,
"description" : "Xxxxxxxx test server",
"evaluationOrder" : 1
"responseType" : "REDIRECT",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "name", "EmailAddress" ] ]
}
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}
Here is the error message I’m getting:
2018-07-26 13:13:34,396 ERROR [org.apereo.cas.security.ResponseHeadersEnforcementFilter] - <RegisteredServiceResponseHeadersEnforcementFilter is blocking this request. Examine the cause in this stack trace to understand why.>
javax.servlet.ServletException: RegisteredServiceResponseHeadersEnforcementFilter is blocking this request. Examine the cause in this stack trace to understand why.
at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:233) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) ~[spring-boot-actuator-1.5.14.RELEASE.jar:1.5.14.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91) ~[cas-server-core-logging-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) ~[spring-boot-actuator-1.5.14.RELEASE.jar:1.5.14.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.3.GA.jar:1.8.3.GA]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.11.0.jar:2.11.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[catalina.jar:8.5.32]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[catalina.jar:8.5.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) ~[catalina.jar:8.5.32]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) ~[catalina.jar:8.5.32]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[catalina.jar:8.5.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[catalina.jar:8.5.32]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) ~[tomcat-coyote.jar:8.5.32]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:8.5.32]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800) ~[tomcat-coyote.jar:8.5.32]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2380) ~[tomcat-coyote.jar:8.5.32]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:8.5.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_161]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_161]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:8.5.32]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: java.lang.NullPointerException
at org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory.createService(SamlServiceFactory.java:65) ~[cas-server-support-saml-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory.createService(SamlServiceFactory.java:27) ~[cas-server-support-saml-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apereo.cas.web.support.DefaultArgumentExtractor.lambda$extractServiceInternal$0(DefaultArgumentExtractor.java:46) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[?:1.8.0_161]
at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1359) ~[?:1.8.0_161]
at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126) ~[?:1.8.0_161]
at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498) ~[?:1.8.0_161]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) ~[?:1.8.0_161]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) ~[?:1.8.0_161]
at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:152) ~[?:1.8.0_161]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_161]
at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:464) ~[?:1.8.0_161]
at org.apereo.cas.web.support.DefaultArgumentExtractor.extractServiceInternal(DefaultArgumentExtractor.java:52) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apereo.cas.web.support.AbstractArgumentExtractor.extractService(AbstractArgumentExtractor.java:34) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter.getRegisteredServiceFromRequest(RegisteredServiceResponseHeadersEnforcementFilter.java:118) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter.shouldHttpHeaderBeInjectedIntoResponse(RegisteredServiceResponseHeadersEnforcementFilter.java:94) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter.decideInsertCacheControlHeader(RegisteredServiceResponseHeadersEnforcementFilter.java:74) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]
at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:225) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]
... 62 more
Lynn Dickison
Senior Enterprise Systems Administrator
Computer Services
Missouri State University
901 S. National Ave.
Springfield, MO 65897
Phone: 417-836-4515 | Fax: 417-836-3192
lynndi...@missouristate.edu |
www.missouristate.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB41919ABB495233A34B413698D92B0%40SN6PR01MB4191.prod.exchangelabs.com.
Hi Dan,
Thanks for the suggestion. I suppose it’s possible that there is a client-side problem, but the client (Apache httpd with mod_auth_cas) does authenticate properly when it’s pointed to our older CAS 3.5.3 server. Do you know of a client-side configuration that would work successfully when using CAS 3.5.3 but not CAS 5.3.1?
Lynn Dickison
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5L7ZHRkdXk-Z_B5FYFW8uEvFu4LGThyEU1AKaSbx3WC0A%40mail.gmail.com.
--
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB41919ABB495233A34B413698D92B0%40SN6PR01MB4191.prod.exchangelabs.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5L7ZHRkdXk-Z_B5FYFW8uEvFu4LGThyEU1AKaSbx3WC0A%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB4191EE098A54A9F55255C880D92A0%40SN6PR01MB4191.prod.exchangelabs.com.
Dan, it looks like you may be right. I see that when mod_auth_cas makes a SAML1.1 request, it doesn’t include the RequestID. The SAML1.1 protocol requires the RequestID to be included, so it looks like mod_auth_cas-1.1 is not usable with CAS 5.x.
https://github.com/apereo/mod_auth_cas/issues/148
Thanks for pointing me in the right direction.
--
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB41919ABB495233A34B413698D92B0%40SN6PR01MB4191.prod.exchangelabs.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5L7ZHRkdXk-Z_B5FYFW8uEvFu4LGThyEU1AKaSbx3WC0A%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB4191EE098A54A9F55255C880D92A0%40SN6PR01MB4191.prod.exchangelabs.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5KEBEYV1oc%3Dd5s-2covHpxWSCTHCvRt03%2BKNfMwZHjx6Q%40mail.gmail.com.
--
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB41919ABB495233A34B413698D92B0%40SN6PR01MB4191.prod.exchangelabs.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5L7ZHRkdXk-Z_B5FYFW8uEvFu4LGThyEU1AKaSbx3WC0A%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB4191EE098A54A9F55255C880D92A0%40SN6PR01MB4191.prod.exchangelabs.com.To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
Dan, it looks like you may be right. I see that when mod_auth_cas makes a SAML1.1 request, it doesn’t include the RequestID. The SAML1.1 protocol requires the RequestID to be included, so it looks like mod_auth_cas-1.1 is not usable with CAS 5.x.
https://github.com/apereo/mod_auth_cas/issues/148
Thanks for pointing me in the right direction.
--
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB41919ABB495233A34B413698D92B0%40SN6PR01MB4191.prod.exchangelabs.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5L7ZHRkdXk-Z_B5FYFW8uEvFu4LGThyEU1AKaSbx3WC0A%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.