That is likely the issue. We are on the latest 6.3.x branch. Will mark it as a known bug to be resolved when we get our version to 6.5. Thank you.
From: obe...@fsu.edu <obe...@fsu.edu> Sent: Monday, June 27, 2022 3:47 PM To: CAS Community <cas-user@apereo.org> Cc: King, Robert <r...@mun.ca> Subject: [EXTERNAL SENDER] Re: SAML federation and service entries Hi Robert, There used to be a bug in CAS where a wildcard SAML service would catch undefined CAS services. That issue should have been fixed in releases 6.4.0 and up. What version of CAS are you using? Thanks Olivier B. ITS Middleware Florida State University On Friday, June 24, 2022 at 12:51:49 PM UTC-4 ro...@mun.ca<mailto:ro...@mun.ca> wrote: I am attempting to integrate a SAML federation into our CAS instance. I seem to be stuck on service entry defeind access. It seems that to allow SAML federation I have to configure a wildcard for entityId/serviceId. I was assuming that saml service entries would require both a positive metadata match and entityId match. Seems that by entering the SAML service entry the wildcard match also applies to CAS services. example SAML service entry { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "^https://.*$";, "name" : "Federation Test", "id" : 10000003, "evaluationOrder" : 10, "metadataLocation" : "https://url/to/metadata.xml"; } After entering the above service entry, any request to “/cas/login?service=anything” will match. Makes sense if only serviceId is used for the match. But I figured, incorrectly, that metadata was also involved. Am I missing something, or do I have to iteratively add every possible entity id into the regex for serviceId. That seems unmaintainable at scale. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e87b4c31696e4a7c94ce63441408f3a2%40mun.ca.
