Re: SAML2 as idp no longer working after migrating from 6.6.7 to 7.2.6
87 views
Skip to first unread message
Raph
Sep 26, 2025, 12:09:29 PM (7 days ago) Sep 26
to CAS Community, Raph
Just when I post this, a colleague found that if he added https:// to his remote entity ID, it matches one of our others service on the callback and passes in regex.
I did not find added restrictions in SAML2 service matching in the patch notes, was there something related to that ?
I did not find added restrictions in SAML2 service matching in the patch notes, was there something related to that ?
Le vendredi 26 septembre 2025 à 11:35:00 UTC-4, Raph a écrit :
Migrated from 6.6.7 to 7.2.6, other services seem to work fine but SAML (with CAS as IdP) gives us an "Application not authorized to use CAS" error.
The url now has an RSID in it
If I remove the RSID from the URL, it shows me the login page, but then I get a 404 upon login. Assuming rsid is the authnContext attributed mentionned in 7.2 release's notes:Apereo CAS 7.2 – Release Announcement | Apereo Foundation
What we tried so far:
- Modifying existing service and creating a new one to match callback URL, without success.
- Regenerating every key and metadataI imagine the solution is simple, but I am a bit out of my ballpark here, I appreciate any help! I'll pay you a drink or donate to your favorite charity if you point me in the right direction
Following, my SAML services (I also have other services), my idp-metadata, the metadata of the remote server/service and a snippet of the logs of me trying to access that remote service:My original SAML service file :
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "unitaire-ext.linux.dpo.fprod",
"name" : "SAMLServiceExt",
"id" : 10000004,
"evaluationOrder" : 10,
"metadataLocation" : "https://unitaire-ext.linux.dpo.fprod/mellon/metadata",
"signAssertions" : "true",
"multifactorPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-simple" ] ],
"bypassEnabled" : "true"
}
}
My current SAML service file:
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : ".*unitaire-ext\\.linux\\.dpo\\.fprod.*",
"matchingStrategy": {
"@class": "org.apereo.cas.services.PartialRegexRegisteredServiceMatchingStrategy"
} "name" : "SAMLServiceExt",
"id" : 10000004,
"evaluationOrder" : 10,
"metadataLocation" : "https://unitaire-ext.linux.dpo.fprod/mellon/metadata",
"signAssertions" : "true",
"attributeReleasePolicy": {
"@class": "org.apereo.cas.support.saml.services.AuthnRequestRequesterIdAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn", "entityID" ] ]
"requesterIdPattern" : ".*"
}
/* "multifactorPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-simple" ] ],
"bypassEnabled" : "true"
}*/
}
My new Callback service I tried to implement :{
"@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "^https://cas-dev-ext\\.linux\\.dpo\\.fprod:8443/cas/idp/profile/SAML2/Callback\\?srid=.*&entityId=unitaire-ext\\.linux\\.dpo\\.fprod$",
"matchingStrategy": {
"@class": "org.apereo.cas.services.PartialRegexRegisteredServiceMatchingStrategy"
},
"name": "SAML Callback Matcher",
"id": 10000005,
"evaluationOrder": 5,
"metadataLocation": "https://unitaire-ext.linux.dpo.fprod/mellon/metadata",
"signAssertions": true
}My idp-metadata (keys changed)<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xml="http://www.w3.org/XML/1998/namespace"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
entityID="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp">
<IDPSSODescriptor errorURL="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/error"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol
urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
<Extensions>
<shibmd:Scope regexp="false">example.org</shibmd:Scope>
<!--
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:DisplayName xml:lang="en">CAS</mdui:DisplayName>
<mdui:Description xml:lang="en">Apereo CAS</mdui:Description>
<mdui:InformationURL xml:lang="en">https://apereo.org/projects/cas</mdui:InformationURL>
<mdui:PrivacyStatementURL xml:lang="en">https://apereo.org/projects/cas</mdui:PrivacyStatementURL>
<mdui:Logo height="60" width="1119" xml:lang="en">https://apereo.github.io/cas/images/cas_logo.png</mdui:Logo>
</mdui:UIInfo>
-->
</Extensions>
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate> [REDACTED CERT] </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate> [REDACTED CERT] </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<!--
<ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
-->
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/POST/SLO"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SLO" />
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/SOAP/ECP"/>
</IDPSSODescriptor>
<!--
<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions>
<shibmd:Scope regexp="false">example.org</shibmd:Scope>
</Extensions>
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>${context.SigningKey}</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML1/SOAP/AttributeQuery"/>
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/SOAP/AttributeQuery"/>
</AttributeAuthorityDescriptor>
-->
<!--
<Organization>
<OrganizationName xml:lang="en">Institution Name</OrganizationName>
<OrganizationDisplayName xml:lang="en">Institution DisplayName</OrganizationDisplayName>
<OrganizationURL xml:lang="en">URL</OrganizationURL>
</Organization>
<ContactPerson contactType="administrative">
<GivenName>John Smith</GivenName>
<EmailAddress>jsm...@example.org</EmailAddress>
</ContactPerson>
<ContactPerson contactType="technical">
<GivenName>John Smith</GivenName>
<EmailAddress>jsm...@example.org</EmailAddress>
</ContactPerson>
<ContactPerson contactType="support">
<GivenName>IT Services Support</GivenName>
<EmailAddress>sup...@example.org</EmailAddress>
</ContactPerson>
-->
</EntityDescriptor>
Remote server's metadata :<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
entityID="unitaire-ext.linux.dpo.fprod"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor
AuthnRequestsSigned="true"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>[REDACTED CERT]</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate> [REDACTED CERT]</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://unitaire-ext.linux.dpo.fprod/mellon/logout" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://unitaire-ext.linux.dpo.fprod/mellon/logout" />
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</NameIDFormat>
<AssertionConsumerService
index="0"
isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://unitaire-ext.linux.dpo.fprod/mellon/postResponse" />
<AssertionConsumerService
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://unitaire-ext.linux.dpo.fprod/mellon/artifactResponse" />
<AssertionConsumerService
index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="https://unitaire-ext.linux.dpo.fprod/mellon/paosResponse" />
</SPSSODescriptor>
</EntityDescriptor>Logs of accessing the url that normally redirects us to the login page :
2025-09-26 10:50:32,547 DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor] - <Decoded SAML object [{urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest] from http request>
2025-09-26 10:50:32,547 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located issuer [unitaire-ext.linux.dpo.fprod] from authentication request>
2025-09-26 10:50:32,552 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Checking service access in CAS service registry for [AbstractWebApplicationService(id=unitaire-ext.linux.dpo.fprod, originalUrl=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=null, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-sec-purpose=[prefetch;prerender], jakarta.servlet.http.HttpServletRequest.header-purpose=[prefetch], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=EA4C136FD641FC6D5B68774C50C0B1F7; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, SigAlg=[http://www.w3.org/2001/04/xmldsig-more#rsa-sha256], SAMLRequest=[hZJBi9swEIX/itHdUdZJ3EYkgaxdQ2DbLkm3h16KkMesQJZUzShN/30lh223ULInwdN7zHxP2qAcjRf7SM/2CD8iIBWX0VgU08WWxWCFk6hRWDkCClLitP/4IKrZXPjgyCln2KvI7YREhEDaWVYc2i37Xi+rru66bt2tmkVTf2jau3dNXd+33b5dt/cLVnyFgMm/ZSmeQogRDhZJWkrSvFqV83VZ1V/ulmI1F4vqGyvaxKCtpCn1TORRcK4klj2cS7jQzGgbL7Peu9mQCHrxfrlcZAPXvedJGbQBnleu+BF6HUARP50+s6JxFiEPvoWoriahYgjpLPXojVaaWNG5oGBqessGaRAyz2OqRJ/hj7J/aSgPiyOEE4SzVvB0fPhLE60mmRb7Hw4fwRhnuXdIR0Cf12G7TX4bMdUXdrfiG/7aubl+j0+J8tA+ugTyK2OM8o0SsqL7cpisIlr0oPSgoU+AabufTQBJCZpCBMZ316H/fsPdbw==], RelayState=[https://unitaire-ext.linux.dpo.fprod/analytics/], Signature=[ZsZvn8cIeW7n8U/ZvKcxHkEXjPffaojmFv8KAPceXRQxdP0Q4LeEE3BhzoJZx4dN+gOIjtwuaQrd++xLZRjum+oSiPWlK6wriwtTf/+SFQzAr0roGfVh3lCMXmIzRZJ/yfRr4Kpa5P1CQY9EwgNzDUQxd/ImcsLS1ZWVCXHwmr9xjyn4cXhiMzbjoCrzf2f6slYatsxKsgAbUFESoWQ27BC4J9DO38UIA7LXm8DInAdGNqhpKY2HPveZIw+vyLFxBP1Zbi+ClS1RM1PACsjgVrhM20Wx1AoZvbTh7nknRRs6ZtiltSh2iy2sdO6SSFTrHvAf3W1FF2gs4zsozYYygA==], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestId=[3d], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, entityId=[unitaire-ext.linux.dpo.fprod], cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[EA4C136FD641FC6D5B68774C50C0B1F7], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}})]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located SAML service in the registry as [.*unitaire-ext\.linux\.dpo\.fprod.*] with the metadata location of [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Fetching SAML2 metadata adaptor for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,553 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Validating signature for [org.opensaml.saml.saml2.core.impl.AuthnRequestImpl]>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Validating request signature for [unitaire-ext.linux.dpo.fprod]...>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Building security parameters context for signature validation of [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Resolving signing credentials for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Signature validation blocked algorithms: [[http://www.w3.org/2001/04/xmldsig-more#md5, http://www.w3.org/2001/04/xmldsig-more#rsa-md5, http://www.w3.org/2001/04/xmldsig-more#hmac-md5]]>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Signature validation allowed algorithms: [[]]>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Initializing [SAML2HTTPRedirectDeflateSignatureSecurityHandler] to execute signature validation for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,560 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Invoking [SAML2HTTPRedirectDeflateSignatureSecurityHandler] to handle signature validation for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,561 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Successfully validated request signature for [org.opensaml.saml.saml2.core.impl.IssuerImpl@a73a1dd].>
2025-09-26 10:50:32,561 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located issuer [unitaire-ext.linux.dpo.fprod] from authentication context>
2025-09-26 10:50:32,562 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Checking service access in CAS service registry for [AbstractWebApplicationService(id=unitaire-ext.linux.dpo.fprod, originalUrl=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=null, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-sec-purpose=[prefetch;prerender], jakarta.servlet.http.HttpServletRequest.header-purpose=[prefetch], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=EA4C136FD641FC6D5B68774C50C0B1F7; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, SigAlg=[http://www.w3.org/2001/04/xmldsig-more#rsa-sha256], SAMLRequest=[hZJBi9swEIX/itHdUdZJ3EYkgaxdQ2DbLkm3h16KkMesQJZUzShN/30lh223ULInwdN7zHxP2qAcjRf7SM/2CD8iIBWX0VgU08WWxWCFk6hRWDkCClLitP/4IKrZXPjgyCln2KvI7YREhEDaWVYc2i37Xi+rru66bt2tmkVTf2jau3dNXd+33b5dt/cLVnyFgMm/ZSmeQogRDhZJWkrSvFqV83VZ1V/ulmI1F4vqGyvaxKCtpCn1TORRcK4klj2cS7jQzGgbL7Peu9mQCHrxfrlcZAPXvedJGbQBnleu+BF6HUARP50+s6JxFiEPvoWoriahYgjpLPXojVaaWNG5oGBqessGaRAyz2OqRJ/hj7J/aSgPiyOEE4SzVvB0fPhLE60mmRb7Hw4fwRhnuXdIR0Cf12G7TX4bMdUXdrfiG/7aubl+j0+J8tA+ugTyK2OM8o0SsqL7cpisIlr0oPSgoU+AabufTQBJCZpCBMZ316H/fsPdbw==], RelayState=[https://unitaire-ext.linux.dpo.fprod/analytics/], Signature=[ZsZvn8cIeW7n8U/ZvKcxHkEXjPffaojmFv8KAPceXRQxdP0Q4LeEE3BhzoJZx4dN+gOIjtwuaQrd++xLZRjum+oSiPWlK6wriwtTf/+SFQzAr0roGfVh3lCMXmIzRZJ/yfRr4Kpa5P1CQY9EwgNzDUQxd/ImcsLS1ZWVCXHwmr9xjyn4cXhiMzbjoCrzf2f6slYatsxKsgAbUFESoWQ27BC4J9DO38UIA7LXm8DInAdGNqhpKY2HPveZIw+vyLFxBP1Zbi+ClS1RM1PACsjgVrhM20Wx1AoZvbTh7nknRRs6ZtiltSh2iy2sdO6SSFTrHvAf3W1FF2gs4zsozYYygA==], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestId=[3d], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, entityId=[unitaire-ext.linux.dpo.fprod], cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[EA4C136FD641FC6D5B68774C50C0B1F7], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}})]>
2025-09-26 10:50:32,562 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located SAML service in the registry as [.*unitaire-ext\.linux\.dpo\.fprod.*] with the metadata location of [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located SAML metadata for [.*unitaire-ext\.linux\.dpo\.fprod.*]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Determined authentication request binding is [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], issued by [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Checking metadata for [unitaire-ext.linux.dpo.fprod] to see if binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] is supported>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] is supported by [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:32,566 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://unitaire-ext.linux.dpo.fprod/mellon/postResponse] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request>
2025-09-26 10:50:32,567 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Determined SAML2 endpoint for authentication request as [https://unitaire-ext.linux.dpo.fprod/mellon/postResponse]>
2025-09-26 10:50:32,567 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************>
2025-09-26 10:50:32,597 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <Logging [org.opensaml.saml.saml2.core.impl.AuthnRequestImpl]
[<?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="https://unitaire-ext.linux.dpo.fprod/mellon/postResponse" Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit" Destination="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SSO" ForceAuthn="false" ID="_642F6FFF9F5C3C6ECD17C66BDFAD9DB3" IsPassive="false" IssueInstant="2025-09-26T14:50:32Z" Version="2.0">
<saml:Issuer>unitaire-ext.linux.dpo.fprod</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"/>
</samlp:AuthnRequest>
]
>
2025-09-26 10:50:32,597 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************>
2025-09-26 10:50:32,600 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Created service url [https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_642F6FFF9F5C3C6ECD17C66BDFAD9DB3&entityId=un...]>
2025-09-26 10:50:32,601 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Redirecting SAML authentication request to [https://cas-dev-ext.linux.dpo.fprod:8443/cas/login?service=https%3A%2F%2Fcas-dev-ext.linux.dpo.fprod%3A8443%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3Fsrid%3D_642F6FFF9F5C3C6ECD17C66BDFAD9DB3%26entityId%3Dunitaire-ext.linux.dpo.fprod&RelayState=https%253A%252F%252Funitaire-ext.linux.dpo.fprod%252Fanalytics%252F]>
2025-09-26 10:50:32,601 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Redirecting SAML authN request to [https://cas-dev-ext.linux.dpo.fprod:8443/cas/login?service=https%3A%2F%2Fcas-dev-ext.linux.dpo.fprod%3A8443%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3Fsrid%3D_642F6FFF9F5C3C6ECD17C66BDFAD9DB3%26entityId%3Dunitaire-ext.linux.dpo.fprod&RelayState=https%253A%252F%252Funitaire-ext.linux.dpo.fprod%252Fanalytics%252F]>
2025-09-26 10:50:32,642 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer] - <Service is not registered in the service registry.Service is [Optional[AbstractWebApplicationService(id=https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_642F6FFF9F5C3C6ECD17C66BDFAD9DB3&entityId=unitaire-ext.linux.dpo.fprod, originalUrl=https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_642F6FFF9F5C3C6ECD17C66BDFAD9DB3&entityId=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=service, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-sec-purpose=[prefetch;prerender], jakarta.servlet.http.HttpServletRequest.header-purpose=[prefetch], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=2E8A02B8D7565026ED09459821F73260; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, RelayState=[https%3A%2F%2Funitaire-ext.linux.dpo.fprod%2Fanalytics%2F], service=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_642F6FFF9F5C3C6ECD17C66BDFAD9DB3&entityId=unitaire-ext.linux.dpo.fprod], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/login], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/login], jakarta.servlet.http.HttpServletRequest.requestId=[3e], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[2E8A02B8D7565026ED09459821F73260], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}})]] and registered service is [Optional.empty]>
2025-09-26 10:50:32,643 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2025-09-26T14:50:32.643075810
WHO: audit:unknown
WHAT: {result=Service Access Denied, service=unitaire-ext.linux.dpo.fprod}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.34.124.224
SERVER_IP: 10.34.116.120
=============================================================
>
2025-09-26 10:50:32,643 WARN [org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter] - <Service [AbstractWebApplicationService(id=unitaire-ext.linux.dpo.fprod, originalUrl=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=service, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-sec-purpose=[prefetch;prerender], jakarta.servlet.http.HttpServletRequest.header-purpose=[prefetch], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=2E8A02B8D7565026ED09459821F73260; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, RelayState=[https%3A%2F%2Funitaire-ext.linux.dpo.fprod%2Fanalytics%2F], service=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_642F6FFF9F5C3C6ECD17C66BDFAD9DB3&entityId=unitaire-ext.linux.dpo.fprod], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/login], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/login], jakarta.servlet.http.HttpServletRequest.requestId=[3e], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[2E8A02B8D7565026ED09459821F73260], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, org.apereo.cas.authentication.principal.Service=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_642F6FFF9F5C3C6ECD17C66BDFAD9DB3&entityId=unitaire-ext.linux.dpo.fprod]})] is not authorized>
2025-09-26 10:50:40,590 DEBUG [org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor] - <Decoded SAML object [{urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest] from http request>
2025-09-26 10:50:40,590 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located issuer [unitaire-ext.linux.dpo.fprod] from authentication request>
2025-09-26 10:50:40,591 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Checking service access in CAS service registry for [AbstractWebApplicationService(id=unitaire-ext.linux.dpo.fprod, originalUrl=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=null, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=2E8A02B8D7565026ED09459821F73260; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, SigAlg=[http://www.w3.org/2001/04/xmldsig-more#rsa-sha256], SAMLRequest=[hZLdayMhFMX/lcH3iVMzSRNJAmk+INDtlmS7D/tSxLlDBEetV7Ppf786oV+wpE/C9RzO/R2doei048sYjmYPLxEwFOdOG+T9xZxEb7gVqJAb0QHyIPlh+eOes0HFnbfBSqvJJ8t1h0AEH5Q1pNit5+R5wqZsuR2v7u4mo7oebrajzXSzYqy+qTfD2yEjxW/wmPRzkuzJhBhhZzAIE9KoYqOympZs/Oum5qOK19UfUqwTgzIi9K5jCA45pVJg2cCphHMYaGXiedA4O2gTQcMnKTkLqGocTZNWaaB5ZUb30CgPMtDD4ScpVtYg5OBriPIi4jJ6n85SdU4rqQIpttZL6Juek1ZohMzzmCpRJ3ifLN8aymGxA38Af1ISnvb3HzTRqCDSYv/DoR1obQ11FsMe0OV1yGKW34b39fnFNfuMflbOLt/jIVHu1o82gbxmjE58U0KeqKZseymPBh1I1SpoEmDa7u/KgwgJOvgIhC4uoV+/4eIf], RelayState=[https://unitaire-ext.linux.dpo.fprod/analytics/], Signature=[GdMz1w3v4ey6t4wJuT5fgbruMH4q40GrhdKjZayG05RQgvW8W48fxKDkX3T3KrVbAWflQ8xZ97GEIrWUk5eDNVKCmsDr1y7/+bmQzwRfKpgTK7GguWNVu0rqCXqIR5DrwRQ5Cl4g10GJYJ4nigiK8TPq4AsQUv3n/4l70msTvwGq4IfM9YvJ8HxxU8SyB6gn1Gi+9xOMPjAzpxA1XTVcGWb6qth+vS57puvZ0O576z0XjIq2LGCMtsTYFpryy5qyYEx49HxSrQdRDyuz/Uj7+ZXJ+c4+X8NmgUQ1sGmursx0yo+bOqN5olk5+DwksllReODYTFwuf0gzrg8HWR4nqw==], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestId=[3f], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, entityId=[unitaire-ext.linux.dpo.fprod], cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[2E8A02B8D7565026ED09459821F73260], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}})]>
2025-09-26 10:50:40,591 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:40,592 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:40,592 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:40,595 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located SAML service in the registry as [.*unitaire-ext\.linux\.dpo\.fprod.*] with the metadata location of [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Fetching SAML2 metadata adaptor for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,596 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:40,604 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Validating signature for [org.opensaml.saml.saml2.core.impl.AuthnRequestImpl]>
2025-09-26 10:50:40,604 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Validating request signature for [unitaire-ext.linux.dpo.fprod]...>
2025-09-26 10:50:40,605 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Building security parameters context for signature validation of [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,605 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Resolving signing credentials for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,605 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Signature validation blocked algorithms: [[http://www.w3.org/2001/04/xmldsig-more#md5, http://www.w3.org/2001/04/xmldsig-more#rsa-md5, http://www.w3.org/2001/04/xmldsig-more#hmac-md5]]>
2025-09-26 10:50:40,605 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Signature validation allowed algorithms: [[]]>
2025-09-26 10:50:40,606 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Initializing [SAML2HTTPRedirectDeflateSignatureSecurityHandler] to execute signature validation for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,606 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Invoking [SAML2HTTPRedirectDeflateSignatureSecurityHandler] to handle signature validation for [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,607 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Successfully validated request signature for [org.opensaml.saml.saml2.core.impl.IssuerImpl@22da358a].>
2025-09-26 10:50:40,607 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located issuer [unitaire-ext.linux.dpo.fprod] from authentication context>
2025-09-26 10:50:40,608 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Checking service access in CAS service registry for [AbstractWebApplicationService(id=unitaire-ext.linux.dpo.fprod, originalUrl=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=null, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=2E8A02B8D7565026ED09459821F73260; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, SigAlg=[http://www.w3.org/2001/04/xmldsig-more#rsa-sha256], SAMLRequest=[hZLdayMhFMX/lcH3iVMzSRNJAmk+INDtlmS7D/tSxLlDBEetV7Ppf786oV+wpE/C9RzO/R2doei048sYjmYPLxEwFOdOG+T9xZxEb7gVqJAb0QHyIPlh+eOes0HFnbfBSqvJJ8t1h0AEH5Q1pNit5+R5wqZsuR2v7u4mo7oebrajzXSzYqy+qTfD2yEjxW/wmPRzkuzJhBhhZzAIE9KoYqOympZs/Oum5qOK19UfUqwTgzIi9K5jCA45pVJg2cCphHMYaGXiedA4O2gTQcMnKTkLqGocTZNWaaB5ZUb30CgPMtDD4ScpVtYg5OBriPIi4jJ6n85SdU4rqQIpttZL6Juek1ZohMzzmCpRJ3ifLN8aymGxA38Af1ISnvb3HzTRqCDSYv/DoR1obQ11FsMe0OV1yGKW34b39fnFNfuMflbOLt/jIVHu1o82gbxmjE58U0KeqKZseymPBh1I1SpoEmDa7u/KgwgJOvgIhC4uoV+/4eIf], RelayState=[https://unitaire-ext.linux.dpo.fprod/analytics/], Signature=[GdMz1w3v4ey6t4wJuT5fgbruMH4q40GrhdKjZayG05RQgvW8W48fxKDkX3T3KrVbAWflQ8xZ97GEIrWUk5eDNVKCmsDr1y7/+bmQzwRfKpgTK7GguWNVu0rqCXqIR5DrwRQ5Cl4g10GJYJ4nigiK8TPq4AsQUv3n/4l70msTvwGq4IfM9YvJ8HxxU8SyB6gn1Gi+9xOMPjAzpxA1XTVcGWb6qth+vS57puvZ0O576z0XjIq2LGCMtsTYFpryy5qyYEx49HxSrQdRDyuz/Uj7+ZXJ+c4+X8NmgUQ1sGmursx0yo+bOqN5olk5+DwksllReODYTFwuf0gzrg8HWR4nqw==], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/idp/profile/SAML2/Redirect/SSO], jakarta.servlet.http.HttpServletRequest.requestId=[3f], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, entityId=[unitaire-ext.linux.dpo.fprod], cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[2E8A02B8D7565026ED09459821F73260], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}})]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located SAML service in the registry as [.*unitaire-ext\.linux\.dpo\.fprod.*] with the metadata location of [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Located SAML metadata for [.*unitaire-ext\.linux\.dpo\.fprod.*]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Locating metadata for entityID [unitaire-ext.linux.dpo.fprod] by attempting to run through the metadata chain...>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Resolving metadata for [SAMLServiceExt] at [https://unitaire-ext.linux.dpo.fprod/mellon/metadata]>
2025-09-26 10:50:40,609 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver] - <Locating cached metadata resolver using key [c3d27136a886e5658205d65b884a398833ededbdc7750d3dd10fcfcea0271cd24e97d6c0f765b529f0a9e03ade122b8cd441d9c3ad0b754a8a15e83f6cf50d91] for service [SAMLServiceExt]. Attempt [0]>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Resolved metadata chain from [https://unitaire-ext.linux.dpo.fprod/mellon/metadata] using [org.opensaml.saml.metadata.resolver.ChainingMetadataResolver]. Filtering the chain by entity ID [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor] - <Located SP SSODescriptor in metadata for [unitaire-ext.linux.dpo.fprod]. Metadata is valid until [forever]>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Determined authentication request binding is [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST], issued by [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Checking metadata for [unitaire-ext.linux.dpo.fprod] to see if binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] is supported>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] is supported by [unitaire-ext.linux.dpo.fprod]>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://unitaire-ext.linux.dpo.fprod/mellon/postResponse] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Determined SAML2 endpoint for authentication request as [https://unitaire-ext.linux.dpo.fprod/mellon/postResponse]>
2025-09-26 10:50:40,610 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************>
2025-09-26 10:50:40,646 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <Logging [org.opensaml.saml.saml2.core.impl.AuthnRequestImpl]
[<?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="https://unitaire-ext.linux.dpo.fprod/mellon/postResponse" Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit" Destination="https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Redirect/SSO" ForceAuthn="false" ID="_8292AF6CBB85443EF5E9EC22414E3732" IsPassive="false" IssueInstant="2025-09-26T14:50:40Z" Version="2.0">
<saml:Issuer>unitaire-ext.linux.dpo.fprod</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"/>
</samlp:AuthnRequest>
]
>
2025-09-26 10:50:40,646 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************>
2025-09-26 10:50:40,647 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Created service url [https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_8292AF6CBB85443EF5E9EC22414E3732&entityId=un...]>
2025-09-26 10:50:40,647 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Redirecting SAML authentication request to [https://cas-dev-ext.linux.dpo.fprod:8443/cas/login?service=https%3A%2F%2Fcas-dev-ext.linux.dpo.fprod%3A8443%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3Fsrid%3D_8292AF6CBB85443EF5E9EC22414E3732%26entityId%3Dunitaire-ext.linux.dpo.fprod&RelayState=https%253A%252F%252Funitaire-ext.linux.dpo.fprod%252Fanalytics%252F]>
2025-09-26 10:50:40,647 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Redirecting SAML authN request to [https://cas-dev-ext.linux.dpo.fprod:8443/cas/login?service=https%3A%2F%2Fcas-dev-ext.linux.dpo.fprod%3A8443%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3Fsrid%3D_8292AF6CBB85443EF5E9EC22414E3732%26entityId%3Dunitaire-ext.linux.dpo.fprod&RelayState=https%253A%252F%252Funitaire-ext.linux.dpo.fprod%252Fanalytics%252F]>
2025-09-26 10:50:40,682 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer] - <Service is not registered in the service registry.Service is [Optional[AbstractWebApplicationService(id=https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_8292AF6CBB85443EF5E9EC22414E3732&entityId=unitaire-ext.linux.dpo.fprod, originalUrl=https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_8292AF6CBB85443EF5E9EC22414E3732&entityId=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=service, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=2E8A02B8D7565026ED09459821F73260; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, RelayState=[https%3A%2F%2Funitaire-ext.linux.dpo.fprod%2Fanalytics%2F], service=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_8292AF6CBB85443EF5E9EC22414E3732&entityId=unitaire-ext.linux.dpo.fprod], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/login], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/login], jakarta.servlet.http.HttpServletRequest.requestId=[40], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[2E8A02B8D7565026ED09459821F73260], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}})]] and registered service is [Optional.empty]>
2025-09-26 10:50:40,682 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2025-09-26T14:50:40.682833481
WHO: audit:unknown
WHAT: {result=Service Access Denied, service=unitaire-ext.linux.dpo.fprod}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.34.124.224
SERVER_IP: 10.34.116.120
=============================================================
>
2025-09-26 10:50:40,683 WARN [org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter] - <Service [AbstractWebApplicationService(id=unitaire-ext.linux.dpo.fprod, originalUrl=unitaire-ext.linux.dpo.fprod, artifactId=null, principal=null, source=service, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-host=[cas-dev-ext.linux.dpo.fprod:8443], jakarta.servlet.http.HttpServletRequest.header-connection=[keep-alive], jakarta.servlet.http.HttpServletRequest.header-upgrade-insecure-requests=[1], jakarta.servlet.http.HttpServletRequest.header-user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36], jakarta.servlet.http.HttpServletRequest.header-accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-site=[none], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-mode=[navigate], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-user=[?1], jakarta.servlet.http.HttpServletRequest.header-sec-fetch-dest=[document], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua=["Chromium";v="140", "Not=A?Brand";v="24", "Google Chrome";v="140"], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-mobile=[?0], jakarta.servlet.http.HttpServletRequest.header-sec-ch-ua-platform=["Windows"], jakarta.servlet.http.HttpServletRequest.header-accept-encoding=[gzip, deflate, br, zstd], jakarta.servlet.http.HttpServletRequest.header-accept-language=[fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7], jakarta.servlet.http.HttpServletRequest.header-cookie=[TGC=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg; JSESSIONID=2E8A02B8D7565026ED09459821F73260; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=fr; MFATRUSTED=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, RelayState=[https%3A%2F%2Funitaire-ext.linux.dpo.fprod%2Fanalytics%2F], service=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_8292AF6CBB85443EF5E9EC22414E3732&entityId=unitaire-ext.linux.dpo.fprod], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[GET], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/login], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/login], jakarta.servlet.http.HttpServletRequest.requestId=[40], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[sndlcas40.linux.dpo.fprod]}, cookies={jakarta.servlet.http.HttpServletRequest.cookie-TGC=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImQxZTNkZmQzLWI0YmUtNGI1MC04YTdlLTBiZjc5MDM0NGE5YiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJRMEpETFVoVE5URXlJaXdpWTNSNUlqb2lTbGRVSWl3aWRIbHdJam9pU2xkVUlpd2lhMmxrSWpvaU5Ea3pNR0poWlRndE9HWTNOQzAwWm1VNExXRTFNakV0WldGaU5ERTFPRFkwWTJFMEluMC4uRTFGd0F5U196S004NnFGZkdlZjAzUS51VE1qM3BNNkpOeGlpZ05KbFFzNUFQcXltaXNTUElhYnYyRXJwY3F3NXVNLVlpRVJTeURGZmNrMVNqNXpHb3dYcklMNi1uZjRPaTJhLURVYUVkQ081bnNTeE5PSjU5MDRWTlpfVFhJN3pTMW1RUlJjbVhaSFlBbjg5Qm9vbHp2VndsU1ctb3Jwdi1LVFA3cnRqU1RjTGhZWURMUUZXd0M1dm91eWZyMkhfbXhRenJKWGpnSlVmbTZKdl9PXzBJZUpOaVVsenVoZkItU1EwMndrei0yRUhSV1d3eU1EcnpLclNWSll4QldKeEcxWUVBb2NpUkJVblZvRVBBVlJUbjVhTWJoUFhIN3FKbTlXMjJ1cjR6a2dkbzQ5TjZXVEdQa25mdGRLRE8wT3dDVS5wU3U1VExaN21yWklzM2RqTm5MQnVqaHJ4b1kxZXNSeVcyVU9wcm1CMGhN.0ODf9k1_JAedd21nRsU1hSMTBAuWhjiqHpww_ZXHHXxZxa8bKk1A6bsagrQ64pu_vbgdAH-epdUcAn5TiZYzsg], jakarta.servlet.http.HttpServletRequest.cookie-JSESSIONID=[2E8A02B8D7565026ED09459821F73260], jakarta.servlet.http.HttpServletRequest.cookie-org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=[fr], jakarta.servlet.http.HttpServletRequest.cookie-MFATRUSTED=[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjYzNjAzOGRjLWIzNzctNGJmMy1hM2RkLWIwYjIzMWRkMWIwOCJ9.eGZCWGJCWGNhSUNacnRzUWZGWVdyaXAza0JlbjlzWHVzMXhCNExyXzRNRFh3dGRt.rmDQyahGjcaugQS3L0CdaQuNkvsO1XLvm0E2TjUZ9UACSIhrYDuyjr7Snc96VmejgNQrVDYc9MXZ5Ms_rCxvtQ]}, org.apereo.cas.authentication.principal.Service=[https://cas-dev-ext.linux.dpo.fprod:8443/cas/idp/profile/SAML2/Callback?srid=_8292AF6CBB85443EF5E9EC22414E3732&entityId=unitaire-ext.linux.dpo.fprod]})] is not authorized>
Ray Bon
Sep 26, 2025, 5:36:26 PM (7 days ago) Sep 26
to cas-...@apereo.org
Raph,
The entityId must [should] match exactly the serviceId. Not a regex.
Also check saml session cookie encryption / signing properties; key lengths may have changed. [1]
Ray
From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Raph <raph.l...@gmail.com>
Sent: September 26, 2025 08:05
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] SAML2 as idp no longer working after migrating from 6.6.7 to 7.2.6
Sent: September 26, 2025 08:05
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] SAML2 as idp no longer working after migrating from 6.6.7 to 7.2.6
|
You don't often get email from raph.l...@gmail.com.
Learn why this is important
|
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8d6d3a6e-05ff-48bc-8da9-d6bc6b1437e9n%40apereo.org.
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8d6d3a6e-05ff-48bc-8da9-d6bc6b1437e9n%40apereo.org.
Raph
Sep 27, 2025, 10:45:33 PM (5 days ago) Sep 27
to cas-...@apereo.org
The regex used to match our saml service (still does in prod), but in 7.2.6 we needed to add https:// to our server's metadata and cas's identity-id saml service
Ray Bon
Sep 29, 2025, 3:34:38 PM (4 days ago) Sep 29
to cas-...@apereo.org
entityID is just a string of characters [that should be at least globally unique]. The cas serviceId needs to match the entityID in metadata.
The 'callback' URL is the AssertionConsumerService location. The sender (the service provider / relying party) must send it with the authentication request and it must match what is in their metadata.
Use a tool like SAML-tracer to see what is being sent in the authn request.
Other possible issues; SP metadata wants authn request signed, are they?
Has the url to fetch SP metadata changed (and the vendor did not tell you)?
SAML protocol has a lot of checks and balances; any one of them could fail and result in 'unauthorized' message.
Ray
Sent: September 26, 2025 15:00
To: cas-...@apereo.org <cas-...@apereo.org>
Subject: Re: [cas-user] SAML2 as idp no longer working after migrating from 6.6.7 to 7.2.6
To: cas-...@apereo.org <cas-...@apereo.org>
Subject: Re: [cas-user] SAML2 as idp no longer working after migrating from 6.6.7 to 7.2.6
--
- Website:
https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Reply all
Reply to author
Forward
0 new messages