SAML 1.1 ticket validation in 5.3.0-R3

36 views

Skip to first unread message

Jared King

unread,

May 9, 2018, 6:17:50 PM5/9/18

to CAS Community

I'm starting to evaluate 5.3.0-R3 and am getting an error when testing SAML 1.1 ticket validation support. This is the response/error message I'm getting from CAS when POSTing to the /samlValidate endpoint:

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope 
 xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
 <SOAP-ENV:Body>
 <saml1p:Response InResponseTo="localhost" IssueInstant="2018-05-09T21:48:08.725Z" MajorVersion="1" MinorVersion="1" ResponseID="_cde23085499ae732f64d4c360b8c2349" 
 xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
 <saml1p:Status>
 <saml1p:StatusCode Value="saml1p:RequestDenied"/>
 <saml1p:StatusMessage>service and ticket parameters are both required</saml1p:StatusMessage>
 </saml1p:Status>
 </saml1p:Response>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Based on the error it sounds like CAS is expecting "service" and "ticket" parameters like you would send to the CAS 2.0 /serviceValidate endpoint, but according to the spec the only parameter used should be "TARGET":

https://github.com/apereo/cas/blob/v5.3.0-RC3/docs/cas-server-documentation/protocol/CAS-Protocol-Specification.md#42-samlvalidate-cas-30

Is this a bug or am I missing some configuration? Thanks for the help.

Jared King

unread,

May 29, 2018, 12:37:25 PM5/29/18

to CAS Community

Tested this again using 5.3.0-RC4 and the problem is resolved.

Reply all

Reply to author

Forward

0 new messages