Juan, In your cas IdP metadata, are your 'SingleSignOnService' Locations https (they should be)?
If so, and this is happening after login to cas... 'Request' is sent by SP (Liferay) to cas, 'Response' is sent by cas to SP. In the request the SP provides a return URL, 'AssertionConsumerServiceURL'; this must match one in the metadata. Make sure Liferay configures all acs URLs to be https. Ray On Thu, 2024-10-17 at 13:06 -0700, Juan Fernando Rivera wrote: Hi, when trying to login a production Liferay portal using CAS as a SAML IdP provider, the portal brings this error message: "ERROR [http-nio-0.0.0.0-9444-exec-3][WebSsoProfileImpl:216] Request was required to be secured but was not org.opensaml.messaging.handler.MessageHandlerException: Request was required to be secured but was not" This happens when CAS sends the petition to the "/acs" endpoint in the Liferay portal. The Liferay configuration has a property called "SSL required" which description is "Requires SAML messages to be exchanged over SSL". Since it's a production environment it must be enabled. In developing environment where is not enabled, the login flow works with no issues. Is there something that must be configured in the CAS server to send the SAML requests as secured? Thanks in advance. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a963882be9dea747d9621e0de8923e382f33acb.camel%40uvic.ca.
