Single Logout SAML 2.0 not working : CAS is unable to process this request: "500:Internal Server Error"
72 views
Skip to first unread message
asep-002
May 12, 2018, 10:44:21 AM5/12/18
to CAS Community
hi. this is my first time deploy SAML 2.0 , i get working with Single Sign On with saml using application simplesamlphp and mod_shib. with guide from new school document.
but when i try to logout , my cas server show this log on front page (attach picture). my cas version is 5.2.1
full log detail (attach log file):
but when i try to logout , my cas server show this log on front page (attach picture). my cas version is 5.2.1
full log detail (attach log file):
2018-05-12 21:02:37,482 INFO [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Received SAML profile request [/cas/idp/profile/SAML2/POST/SLO]>
2018-05-12 21:02:37,483 DEBUG [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController] - <Decoded SAML object [{urn:oasis:names:tc:SAML:2.0:protocol}LogoutRequest] from http request>
2018-05-12 21:02:37,483 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch>
org.opensaml.saml.common.SAMLException: Logout request is not signed but should be.
at org.apereo.cas.support.saml.web.idp.profile.slo.AbstractSamlSLOProfileHandlerController.handleSloProfileRequest(AbstractSamlSLOProfileHandlerController.java:90)
at org.apereo.cas.support.saml.web.idp.profile.slo.SLOSamlPostProfileHandlerController.handleSaml2ProfileSLOPostRequest(SLOSamlPostProfileHandlerController.java:81)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:741)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
my cas. properties configuration:
cas.server.name: https://idp-dev.school.edu
cas.server.prefix: ${cas.server.name}/cas
cas.slo.disabled=false
cas.server.prefix: ${cas.server.name}/cas
cas.slo.disabled=false
cas.authn.samlIdp.scope: school.edu
cas.authn.samlIdp.hostName: idp-dev.school.edu
cas.authn.samlIdp.logout.forceSignedLogoutRequests: true
cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled: false
cas.authn.samlIdp.hostName: idp-dev.school.edu
cas.authn.samlIdp.logout.forceSignedLogoutRequests: true
cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled: false
Has anyone else run into this issue?
thanks.
R4NT45 crew
May 14, 2018, 12:03:35 PM5/14/18
to CAS Community
any advice? im stuck with this issue.
thanksOn Sat, May 12, 2018 at 9:47 PM, asep-002 <ghula...@gmail.com> wrote:
--
forgot my attachment log.
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/30bd5f95-ed59-4d75-af71-fbcdc2a16467%40apereo.org.
Jeremiah Garmatter
Jan 20, 2021, 8:49:56 AM1/20/21
to CAS Community, Asep-Saepulloh
Hello,
I have just received the same error on CAS 6.2.1 from a vendor's SP. This is on SAML2.0-based authentication. Attached is the error.
I'm assuming to fix this, I should either disable whatever configuration requires a signed logout request on my side or get the vendor to sign their request?
Does anyone have advice on the configuration I could change?
On Monday, May 14, 2018 at 12:03:35 PM UTC-4 Asep-Saepulloh wrote:
any advice? im stuck with this issue.thanks
On Sat, May 12, 2018 at 9:47 PM, asep-002 <ghula...@gmail.com> wrote:
forgot my attachment log.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Reply all
Reply to author
Forward
0 new messages