6.4.0 - SAML2 SP weird/broken Integration

[Jérôme Rautureau]

Hi,

I have issues when i want to integrate SAMLService for certain SP (2 for now) on 6.4.0 branch (witch was working on 6.2.8 branch).

Here the log WARN/ERROR of CAS for these services.

2021-09-29 11:25:50,231 DEBUG [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] - <Attempting to validate signature using key from supplied credential>
2021-09-29 11:25:50,231 DEBUG [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] - <Accessing XMLSignature object>
2021-09-29 11:25:50,231 DEBUG [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] - <Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>
2021-09-29 11:25:50,231 DEBUG [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] - <Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'>
2021-09-29 11:25:50,236 DEBUG [org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl] - <Signature validated with key from supplied credential>
2021-09-29 11:25:50,236 INFO [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator] - <Successfully validated the request signature.>
2021-09-29 11:25:51,337 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Locating assertion consumer service url for binding [null] and index [0]>
2021-09-29 11:25:51,337 WARN [org.apereo.cas.support.saml.SamlIdPUtils] - <Unable to locate acs url in for entity [https://preprod-talents.elsatis.fr] and binding [null] with index [0]>
2021-09-29 11:25:51,337 DEBUG [org.opensaml.saml.metadata.support.SAML2MetadataSupport] - <Selecting default IndexedEndpoint>
2021-09-29 11:25:51,337 DEBUG [org.opensaml.saml.metadata.support.SAML2MetadataSupport] - <IndexedEndpoint list was null or empty, returning null>
2021-09-29 11:25:51,341 ERROR [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <Endpoint for null is not available or does not define a binding for null>
org.apereo.cas.support.saml.SamlException: Endpoint for null is not available or does not define a binding for null
        at org.apereo.cas.support.saml.SamlIdPUtils.determineEndpointForRequest(SamlIdPUtils.java:160) ~[cas-server-support-saml-idp-core-6.4.0.jar!/:6.4.0]

Certains services are ok but for 2 others, AuthRequest is broken (it was working on 6.2.8 version).

here in the mail the metadata of the broken integration (i don't know what is missing...)

It seems that "var acsUrl = authnRequest.getAssertionConsumerServiceURL();" of https://github.com/apereo/cas/blob/a2a50a0fc99c89dc8de59ccd3e2b3f50add3def9/support/cas-server-support-saml-idp-core/src/main/java/org/apereo/cas/support/saml/SamlIdPUtils.java#L319 gives null, don't know if it's normal or not...

Thanks for your help

PS : i have tried a lot of version of the sp metadata without no success

--

Jérôme Rautureau (https://github.com/le-zell)

[Jérôme Rautureau]

Hi Everybody,

Juste tried the last 6.4.1 CAS Version and the broken SP works again :)

If you intend to use SAML2 just pass the 6.4.0 version to avoid any issue on SP integrations.

Bye

--

Jérôme Rautureau