Hello all,Has anyone successfully managed to configure CAS as the SSO for fb's workplace sp (https://www.workplace.com/resources/tech/authentication/sso) ?
I have been at it for days but I always end up with the following error message:
"SSO Not AuthenticatedThe SAML Response was invalid. Please check that all fields are correct and try again"
The steps I have followed are:1) Include the implementation "org.apereo.cas:cas-server-support-saml-idp dependency in my build.gradle 2) Allow cas to autogenerate the idp-metadata xml along with the signing and encryption crts.
3) fill the workplace's saml configuration field with these values: * Saml url: https://mycas:8443/idp/profile/SAML2/Redirect/SSO <https://sso-dev.gunet.gr:8443/idp/profile/SAML2/Redirect/SSO> * Saml issuer: https://mycas:8443/idp/ <https://sso-dev.gunet.gr:8443/idp/profile/SAML2/Redirect/SSO> * Saml certificate: the idp-signing.crt produced by CAS4) Take workplace's provided audience url, recipient url and ACS url and generate the below sp metadata xml file:
<?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"entityID="https://www.workplace.com/company/****** <https://www.workplace.com/company/******>"> <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://******.workplace.com/work/saml.php <https://*****.workplace.com/work/saml.php>" /> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://******.workplace.com/work/saml.php <https://*****.workplace.com/work/saml.php>" index="1" /> </md:SPSSODescriptor> </md:EntityDescriptor> 5) Create the following json service: { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService","serviceId" : "https://www.workplace.com/company/ <https://www.workplace.com/company/1241795230014721>******",
"name" : "saml-test-service", "id" : 10000003, "evaluationOrder" : 10, "metadataLocation" : "file://etc/cas/saml/fb-sp-metadata.xml","requiredNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "mail" } } 6) Tapping the Test sso button on workplace's side.The authentication proceeds without a problem from CAS but fails with the message I provided at the start of the email on workplace's side.
Any help from anyone who has come across this behavior in the past would be great!
Best regards, Fotis -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG--- You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e7bdbdf1-8b85-c45a-cc0e-2a07f140ca5d%40uoa.gr.
