CAS 6.3 samlValidate?

[Baron Fujimoto]

Is there something that needs to be done for CAS 6.3 to enable samlValidate?

I've been wrestling with this upgrade from 5.0.x, and it seems like the clients we used with this older version calling samlValidate on service tickets are failing with 6.3. It looks like the clients aren't getting any response to samlValidate, and I think our Tomcat access logs also suggest it's not there? (404 responses?)

=====

10.0.0.100 - - [22/Jun/2021:09:56:11 -1000] "POST /cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fcasdemo%2Flogin%2Fcas&renew=true HTTP/1.1" 302 - "https://cas.example.edu.edu/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fcasdemo%2Flogin%2Fcas&renew=true" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15" 47 "10.0.0.200"

10.0.0.100 - - [22/Jun/2021:09:56:12 -1000] "POST /cas/samlValidate?TARGET=http%3A%2F%2Flocalhost%3A8080%2Fcasdemo%2Flogin%2Fcas HTTP/1.1" 404 11316 "-" "Java/10.0.2" 64 "10.0.0.200"

10.0.0.100 - - [22/Jun/2021:09:56:12 -1000] "POST /cas/samlValidate?TARGET=http%3A%2F%2Flocalhost%3A8080%2Fcasdemo%2Ferror HTTP/1.1" 404 11316 "-" "Java/10.0.2" 6 "10.0.0.200"

=====

The only references to samlValidate I've been able to find in the CAS wiki is in the protocol. I think it's included in the core CAS 3.0 protocol, and I didn't see anything mentioning build dependencies or cas.properties?

--

Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

[King, Robert]

https://apereo.github.io/cas/6.3.x/protocol/SAML-Protocol.html#saml-11

 

Have you added the dependency for “cas-server-support-saml” to your build?

 

That will enable the endpoint samlValidate.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0_76kOS0AQ3PCho7d9%2BWTaS-bOkSud9pQakWT7G%3DLDQw%40mail.gmail.com.

[Baron Fujimoto]

Ah, that was it. Thank you very much!

FWIW, if you use "samlValidate" as the search term in the CAS wiki, it only shows results under <https://apereo.github.io/cas/6.3.x/protocol/CAS-Protocol-Specification.html#42-samlvalidate-cas-30> and searching within that page for the string "samlValidate" doesn't reveal the necessary reference you provided. I see now that if you use the keyword "saml"as a search term in the wiki, one of the results (the last one) is for the SAML Protocol page you provided. Maybe it's just me, but this failure to include the SAML Protocol page in the set of search results for samlValidate (despite the term being present on that page) stumped me. As mentioned previously samlValidate is discussed as part of the CAS 3.0 Protocol specification, where it is under the optional section, but no hints there that an additional dependency is required to enable it.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eb6a2f30be674fcba33c4146bef880d3%40mun.ca.