[cas-user] Shibboleth integration and MDUI
0 views
Skip to first unread message
Kapetanakis Giannis
Jan 14, 2022, 5:30:46 AM1/14/22
to CAS Community
Hi,
I've configured CAS to be SSO for Shibboleth IdP (External). This works fine.
I'm trying to display SAML MDUI (logo) but it cannot detect the entityId so nothing happens.
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] - <No entity id found for parameter [entityId]>
implementation "org.apereo.cas:cas-server-support-saml-mdui:${project.'cas.version'}" in build.gradle
cas.saml-metadata-ui.resources=file:///etc/cas/config/idp-metadata/sp.xml
Log says:
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Loading [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Evaluating metadata resource [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Locating metadata resource from input stream.>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Parsing [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Initializing metadata resolver for [URL [file:/etc/cas/config/idp-metadata/sp.xml]]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Collected metadata from [1] resolvers(s). Initializing aggregate resolver...>
INFO [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Metadata aggregate initialized successfully.>
However when I'm redirected to CAS, to login to this SP (via shibboleth)
with URL:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
I get in logs:
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] - <No entity id found for parameter [entityId]>
Service registry lists the SP's entityId as serviceId:
--- !<org.apereo.cas.services.RegexRegisteredService>
serviceId: "https://www.example.com/sp"
...
logo: "https://www.example.com/images/logo-idp.png"
...
In advance the metadata loaded also have mdui relevant info:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis
:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https:
//www.example.com/sp">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn
:oasis:names:tc:SAML:1.1:protocol">
<md:Extensions>
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:Logo width="208" height="96" xml:lang="en">https://www.example.com/images/logo-idp.png</mdui:Logo>
</mdui:UIInfo>
What am I missing here?
Thanks,
Giannis
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a179985a-95c5-70b9-3f7a-4583a21d6fac%40edu.physics.uoc.gr.
I've configured CAS to be SSO for Shibboleth IdP (External). This works fine.
I'm trying to display SAML MDUI (logo) but it cannot detect the entityId so nothing happens.
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] - <No entity id found for parameter [entityId]>
implementation "org.apereo.cas:cas-server-support-saml-mdui:${project.'cas.version'}" in build.gradle
cas.saml-metadata-ui.resources=file:///etc/cas/config/idp-metadata/sp.xml
Log says:
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Loading [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Evaluating metadata resource [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Locating metadata resource from input stream.>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Parsing [sp.xml]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Initializing metadata resolver for [URL [file:/etc/cas/config/idp-metadata/sp.xml]]>
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Collected metadata from [1] resolvers(s). Initializing aggregate resolver...>
INFO [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] - <Metadata aggregate initialized successfully.>
However when I'm redirected to CAS, to login to this SP (via shibboleth)
with URL:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
I get in logs:
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] - <No entity id found for parameter [entityId]>
Service registry lists the SP's entityId as serviceId:
--- !<org.apereo.cas.services.RegexRegisteredService>
serviceId: "https://www.example.com/sp"
...
logo: "https://www.example.com/images/logo-idp.png"
...
In advance the metadata loaded also have mdui relevant info:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis
:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https:
//www.example.com/sp">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn
:oasis:names:tc:SAML:1.1:protocol">
<md:Extensions>
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:Logo width="208" height="96" xml:lang="en">https://www.example.com/images/logo-idp.png</mdui:Logo>
</mdui:UIInfo>
What am I missing here?
Thanks,
Giannis
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a179985a-95c5-70b9-3f7a-4583a21d6fac%40edu.physics.uoc.gr.
Kapetanakis Giannis
Jan 16, 2022, 7:52:45 AM1/16/22
to cas-...@apereo.org
I found the problem.
URL comes like:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
If I replace entityId%3D -> entityId= then it works
CAS does not decode %3D which is for = sign, thus leaving the attribute
empty.
<Launching new execution of flow 'login' with input map['service' ->
'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
- <Starting in
org.springframework.webflow.mvc.servlet.MvcExternalContext@4c2a6e41 with
input map['service' -> 'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cfded964-4f43-7ce0-7b0c-936b4b2c05cb%40edu.physics.uoc.gr.
URL comes like:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
If I replace entityId%3D -> entityId= then it works
CAS does not decode %3D which is for = sign, thus leaving the attribute
empty.
<Launching new execution of flow 'login' with input map['service' ->
'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
- <Starting in
org.springframework.webflow.mvc.servlet.MvcExternalContext@4c2a6e41 with
input map['service' -> 'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
- <No entity id found for parameter [entityId]>
G
Reply all
Reply to author
Forward
0 new messages