simplesamlphp sp integreate with apereo cas idp

cheekian yap

unread,

Dec 21, 2020, 8:49:44 PM12/21/20

to CAS Community

Hi,

Cas version 6.2.6

I got this error message when being redirected from sp site to cas:

WARN [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <[http://xx.xx.xx.xx] is not found in the registry or service access is denied. Ensure service is registered in service registry>

Below is my cas configuration:

cas.service-registry.json.location=classpath:/services

cas.authn.saml-idp.entity-id=https://xx.xx.xx.xx:8443/cas/idp/metadata

cas.authn.saml-idp.metadata.location=file:/etc/cas/saml

inside classpath:/services:

{

"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",

"serviceId" : "http://xx.xx.xx.xx",

"name" : "SAMLService",

"id" : 2,

"description" : "xxxx",

"metadataLocation" : "http://xx.xx.xx.xx/simplesaml/module.php/saml/sp/metadata.php/default-sp"

}

Why I was denied access when I have registered my service?

cheekian yap

unread,

Dec 21, 2020, 10:20:51 PM12/21/20

to CAS Community, cheekian yap

I managed to get my saml sp registered on service registry. The scenario is:

Originally I have 2 json file in my classpath:/services. One of the them is saml sp. Somehow when I removed the other one, saml sp was able to be registered.

So my question become how to add 2 services simultaneously to service registry?

cheekian yap 在 2020年12月22日星期二上午9:49:44 [UTC+8] 的信中寫道：

cheekian yap

unread,

Dec 21, 2020, 10:29:08 PM12/21/20

to CAS Community, cheekian yap

I think i have figure out the problem.

the other service json file is too generic:

{

"@class" : "org.apereo.cas.services.RegexRegisteredService",

"serviceId" : ".*",

"name" : "booking",

"id" : 1

}

This will override saml sp json file.

cheekian yap 在 2020年12月22日星期二上午11:20:51 [UTC+8] 的信中寫道：

Ray Bon

unread,

Jan 4, 2021, 7:26:47 PM1/4/21

to cas-...@apereo.org, yap.s...@gmail.com

The serviceId must be unique and can be a regular expression for similar services / uri paths.

'.*' will match anything you send to cas.

Try something like:

'https?://xx.xx.xx.xx/.*'

or better:

'https?://xx\.xx\.xx\.xx/.*'

Ray

On Mon, 2020-12-21 at 19:29 -0800, cheekian yap wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

--

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

Reply all

Reply to author

Forward