CAS SAML no signature signing ???

[Tim Tyler]

CAS Experts,

We installed simplesamlphp to test against CAS 5.2  SAML(IdP) using keys generated by cas.

We were able to get each side to recognize each other's metadata and perform the login flow.  However, when we have signed responses enabled, we get a CAS error:  Error: org.opensaml.saml.common.SAMLException: No signature signing parameter is available

 

And when we have signed responses disabled we get an error from the SP side: Caused by: SimpleSAML_Error_Exception: Neither the assertion nor the response was signed.

 

Note: We don’t have encryption enabled in case that matters.    What might we be missing?

 

 

 

Tim Tyler

Network Engineer

Beloit College

 

[michael kromarek]

I had the same error and had to regenerate my idp-metadata.xml after setting the following parameters.

cas.authn.samlIdp.entityId=https://cas.example.org/idp

cas.authn.samlIdp.scope=example.org

cas.authn.samlIdp.attributeQueryProfileEnabled=true

I then had to uncomment the AttributeAuthorityDescriptor section in the metadata xml

--Mike K.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e8ea177a46e48e4127961d1f34578454%40mail.gmail.com.