Shibboleth IdP Web Login Service - Unsupported Request

Nate Klingenstein ndk at sudonym.me
Wed Sep 5 22:12:44 EDT 2018 

Fazla,

I think you're still conflating the two ways that Shibboleth can interact
with CAS.

It can either act as a CAS server(which is the endpoint you're accessing,
and which does not need ShibCas) for CAS client applications using the CAS
protocol

or

it can be a CAS client(ShibCas) of an actual CAS server.  ShibCas then uses
the authentication provided by that CAS protocol transaction to perform a
secondary assertion of user information to another service, typically using
SAML as a protocol.

I think you want Shibboleth to be a CAS client, which means the CAS server
functionality built into Shibboleth is not relevant.  The flow through the
system would typically be:

SAML Service Provider -> Shibboleth SAML login point -> CAS Server ->
Shibboleth ShibCas plugin -> Shibboleth SAML assertion generation -> SAML
service provider

I think you should step back and understand how you want users to flow
through the system you're building.  There needs to be a clear vector that
is followed.

I'm not quite sure what else to write, I'm afraid.

I hope this helps,
Nate.

On Thu, Sep 6, 2018 at 1:11 AM, fazla <fazlarabby043264 at gmail.com> wrote:

> We are trying to delegate the shibboleth IdP authentication to CAS. The
> ShibCas plugin is already added and then the service was also added in the
> cas-protocol.xml. I have attached relying-party.xml
> <http://shibboleth.1660669.n2.nabble.com/file/t398743/relying-party.xml>
>  ,
> cas-protocol.xml
> <http://shibboleth.1660669.n2.nabble.com/file/t398743/cas-protocol.xml>
> and  general-authn.xml
> <http://shibboleth.1660669.n2.nabble.com/file/t398743/general-authn.xml>
>  .
>
> Now if we try
> https://localhost:8443/idp/profile/cas/login?service=
> https://myservice.example.edu
> instead of redirecting us to cas we are getting this error on the browser.
>
> Web Login Service - Unsupported Request
> The application you have accessed is not registered for use with this
> service.
>
>
> This is the logs.
>
>
>
>
>
>
> --
> Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-
> f1660767.html
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180906/3e9cd298/attachment.html>

More information about the users mailing list