Papeace,
If you haven't already, I'd recommend installing a web-browser plugin
called "SAMLTracer". It'll decode SAML requests and responses which you can
use to troubleshoot the authentication process.
I'm not sure if this is an copy-paste issue or some sort of encoding
problem, but your requiredNameIdFormat has an "@6bb1a595" at the end. I'm
not sure that is a valid nameID format.
Typically, I obtain the nameID format from the SP metadata. I'll copy the
string directly from the SP's metadata and paste it into the json file.
Then, if necessary, I'll map it to another attribute with something like
this:
"requiredNameIdFormat":
"urn:oasis:names:tc:SAML:1.1:nameid-format:persistent",
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "myPersistentIDAttribute",
}
On Saturday, October 26, 2024 at 2:44:29 PM UTC-4 Papeace Ndiaye wrote:
> I am configuring CAS SAML2 to authenticate my applications like Moodle,
> WAYF, Shibboleth, etc., but the issue is that I can obtain the metadata,
> yet I still encounter authorization errors.
> cas.server.name=https://cas.exemple.com
> cas.server.prefix=${cas.server.name}/cas
> logging.config=file:/etc/cas/config/log4j2.xml
> cas.authn.attributeRepository.ldap[0].attributes.mail=mail
> cas.authn.attributeRepository.ldap[0].attributes.sn=sn
> cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
> cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://10.10.10.10
> cas.authn.ldap[0].baseDn=dc=exemple,dc=com
> cas.authn.ldap[0].searchFilter=uid={user}
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=admin,dc=exemple,dc=com
> cas.authn.ldap[0].bindCredential=password
> cas.authn.ldap[0].principalAttributeId=uid
>
> cas.authn.ldap[0].principalAttributeList=sn,givenName,mail,eduPersonPrimaryAffiliation,displayName
> cas.service-registry.core.init-from-json=false
> cas.service-registry.json.location=file:/etc/cas/services
> #################### SAML2 ##############################
>
> cas.authn.saml-idp.core.entity-id=https://cas.exemple.com/cas/idp
> cas.authn.saml-idp.metadata.file-system.location=file:/etc/cas/saml/
> cas.server.scope=exemple.com
> cas.authn.saml-idp.metadata.file-system.sign-metadata=false
> cas.authn.saml-idp.metadata.core.cache-expiration=PT5M
>
> my service saml-1001.json
> {
> @class: org.apereo.cas.support.saml.services.SamlRegisteredService
> serviceId: https://moodle.exemple.com
> name: sml
> id: 1001
> evaluationOrder: 3
> attributeReleasePolicy:
> {
> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
> excludeDefaultAttributes: true
> }
> metadataLocation:
> https://moodle.unchk.sn/auth/mo_saml/index.php?option=mosaml_metadata
> requiredNameIdFormat:
> org.opensaml.saml.saml2.metadata.impl.NameIDFormatImpl@6bb1a595
> signAssertions: TRUE
> signingCredentialType: BASIC
> }
> @ray
> @jeremy
> please can you help me
>
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/24516061-9801-4682-819f-6ec332479c40n%40apereo.org.
