Prakash, There should be logs identifying where / what the problem is.
You can turn up logging for pac4j to see how it is handling the response. Also use a tool like SAML-tracer to make sure the response from external IdP is correct. Do you have the session-replication cookie encryption and signing keys set? https://apereo.github.io/cas/7.2.x/integration/Delegate-Authentication.html Ray ________________________________ From: [email protected] <[email protected]> on behalf of Prakash Thapa <[email protected]> Sent: September 11, 2025 04:21 To: CAS Community <[email protected]> Subject: [cas-user] Issue with SAML login in CAS 7.2.4 I am trying to integrate the delegated authentication via external Identity provider using SAML. I am able to get the SAML login buttons on the login page. On clicking the button, I am redirected to the external IDP and receiving the SAML Response but the login is not successful. One strange thing is that my request is not reaching DelegatedClientAuthenticationAction class. My config in application.yml file is: authn: pac4j: saml[0]: client-name: testOkta keystore-password: pac4j-demo-passwd private-key-password: pac4j-demo-passwd service-provider-entity-id: https://login.testqc.cas.com keystore-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-samlKeystore.jks metadata: identity-provider-metadata-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-idp-metadata.xml service-provider: file-system: location: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOkta-sp-metadata.xml saml[1]: client-name: testOktaEncrypted keystore-password: pac4j-demo-passwd private-key-password: pac4j-demo-passwd service-provider-entity-id: https://login.testqc.cas.com keystore-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-samlKeystore.jks metadata: identity-provider-metadata-path: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-idp-metadata.xml service-provider: file-system: location: file:/Users/prakash.thapa/work/certificates/CAS/saml/testOktaEncrypted-sp-metadata.xml -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd5bfde-59ae-476d-9b7c-218e7eabf825n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd5bfde-59ae-476d-9b7c-218e7eabf825n%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008197877EAB82C2BF1754CACE09A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
