CAS 7 error when getting SAML service metadata
59 views
Skip to first unread message
Ocean Liu
Mar 29, 2024, 11:35:07 PM3/29/24
to CAS Community
Hi all,
We encountered an issue where users were encountering the "Application Not Authorized to Use CAS" error when attempting to log in.
Upon investigation, we found that CAS was encountering difficulties retrieving metadata. Here are the relevant log entries:
2024-03-29 09:46:31,272 ERROR [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Cannot invoke "org.apereo.cas.support.saml.services.idp.metadata.cache.CachedMetadataResolverResult.getMetadataResolver()" because the return value of "org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver.resolve(org.apereo.cas.support.saml.services.SamlRegisteredService, net.shibboleth.shared.resolver.CriteriaSet)" is null
SamlRegisteredServiceMetadataAdaptor.java:get:98
SamlRegisteredServiceMetadataAdaptor.java:lambda$get$0:70
Optional.java:map:260
>
2024-03-29 09:46:31,272 WARN [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <No metadata could be found for [https://service-provider.com]>
2024-03-29 09:46:31,272 WARN [org.apereo.cas.util.function.FunctionUtils] - <Cannot find metadata linked to https://service-provider.com
UnauthorizedServiceException.java:denied:60
AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:382
AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:245
>
2024-03-29 09:46:31,272 ERROR [org.apereo.cas.web.support.WebUtils] - <Cannot find metadata linked to https://service-provider.com
UnauthorizedServiceException.java:denied:60
AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:382
AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:245
>
Here is what we have observed:
1. The error occurred within a 5-minute window and has not recurred since.
2. Multiple services were affected during this time, with some metadata files saved locally and others accessed via URLs.
3. Only SAML protocol services were affected; CAS protocol services remained unaffected.
1. The error occurred within a 5-minute window and has not recurred since.
2. Multiple services were affected during this time, with some metadata files saved locally and others accessed via URLs.
3. Only SAML protocol services were affected; CAS protocol services remained unaffected.
Have you experienced similar issue or having an insight about why it happened?
Thank you,
Ocean
Reply all
Reply to author
Forward
0 new messages