Github SAML Setup

[Joe Bliss]

Hello,

I recently took over managing our CAS configuration and upgraded us to 6.5.8. I'm trying to configure Github SAML. I am running into an error and hope someone can help point me in the right direction.

https://docs.github.com/en/enterprise-cloud@latest/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference

I don't know if I understand what it is looking for with "Issuer".

Sign on URL -
https://sso.davenport.edu/cas/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fgithub.com%2Forgs%2FDU-CoT

Issuer -
https://sso.davenport.edu

Service -
{
    "@class":                "org.apereo.cas.support.saml.services.SamlRegisteredService",
    "serviceId":        "https://github.com/orgs/DU-CoT",
    "name":                    "Github - CoT",
    "id":                        "8014",
    "evaluationOrder":    8014,
    "metadataLocation":    "https://github.com/orgs/DU-CoT/saml/metadata",
    "attributeReleasePolicy": {
        "@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
        "allowedAttributes": {
            "@class": "java.util.TreeMap",
            "mail":    "emails"
        }
    }
}

It's connecting to the correct service file. I'm hesitant to provide the full log because of some of the other information it includes.

[root@server cas]# tail -f cas.log | grep InResponse
2022-08-30 11:02:40,679 DEBUG [org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder] - <No recipient is provided. Skipping InResponseTo>

Thank you,

Joe

[Joe Bliss]

I got this working by switching the sign on URL to POST-SimpleSign. I had tried just POST previously and that didn't work.

The Issuer was correct in my case.

Thanks,

Joe