Issue with SAML login in CAS 7.2.4
38 views
Skip to first unread message
Prakash Thapa
Sep 11, 2025, 9:02:33 AM (yesterday) Sep 11
to CAS Community
I am trying to integrate the delegated authentication via external Identity provider using SAML.
I am able to get the SAML login buttons on the login page. On clicking the button, I am redirected to the external IDP and receiving the SAML Response but the login is not successful. One strange thing is that my request is not reaching DelegatedClientAuthenticationAction class.
My config in application.yml file is:
I am able to get the SAML login buttons on the login page. On clicking the button, I am redirected to the external IDP and receiving the SAML Response but the login is not successful. One strange thing is that my request is not reaching DelegatedClientAuthenticationAction class.
My config in application.yml file is:
authn:
pac4j:
saml[0]:
client-name: testOkta
keystore-password: pac4j-demo-passwd
private-key-password: pac4j-demo-passwd
service-provider-entity-id: https://login.testqc.cas.com
keystore-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-samlKeystore.jks
metadata:
identity-provider-metadata-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-idp-metadata.xml
service-provider:
file-system:
location: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-sp-metadata.xml
saml[1]:
client-name: testOktaEncrypted
keystore-password: pac4j-demo-passwd
private-key-password: pac4j-demo-passwd
service-provider-entity-id: https://login.testqc.cas.com
keystore-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-samlKeystore.jks
metadata:
identity-provider-metadata-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-idp-metadata.xml
service-provider:
file-system:
location: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-sp-metadata.xml
pac4j:
saml[0]:
client-name: testOkta
keystore-password: pac4j-demo-passwd
private-key-password: pac4j-demo-passwd
service-provider-entity-id: https://login.testqc.cas.com
keystore-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-samlKeystore.jks
metadata:
identity-provider-metadata-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-idp-metadata.xml
service-provider:
file-system:
location: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-sp-metadata.xml
saml[1]:
client-name: testOktaEncrypted
keystore-password: pac4j-demo-passwd
private-key-password: pac4j-demo-passwd
service-provider-entity-id: https://login.testqc.cas.com
keystore-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-samlKeystore.jks
metadata:
identity-provider-metadata-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-idp-metadata.xml
service-provider:
file-system:
location: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-sp-metadata.xml
Ray Bon
Sep 11, 2025, 2:32:01 PM (yesterday) Sep 11
to cas-...@apereo.org
Prakash,
There should be logs identifying where / what the problem is.
You can turn up logging for pac4j to see how it is handling the response.
Also use a tool like SAML-tracer to make sure the response from external IdP is correct.
Do you have the session-replication cookie encryption and signing keys set?
https://apereo.github.io/cas/7.2.x/integration/Delegate-Authentication.html
Ray
From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Prakash Thapa <thapaprak...@gmail.com>
Sent: September 11, 2025 04:21
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Issue with SAML login in CAS 7.2.4
Sent: September 11, 2025 04:21
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Issue with SAML login in CAS 7.2.4
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd5bfde-59ae-476d-9b7c-218e7eabf825n%40apereo.org.
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd5bfde-59ae-476d-9b7c-218e7eabf825n%40apereo.org.
Reply all
Reply to author
Forward
0 new messages