Cas 5.3.3 / Login with exception

[Oussama Benjemaa]

Hi  All , 

I configured CAS Apereo 5.3.3 with a web application , and tried to login.

In login , process , i get the saml2 response with the good attribute i configured , but , i got an exception as following : 

2018-10-09 08:25:29,503 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner] - <Signature signing reference digest methods: [[http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512, http://www.w3.org/2000/09/xmldsig#sha1]]>

2018-10-09 08:25:29,522 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner] - <Locating signature signing key file from [file [/etc/cas/saml/idp-signing.key]]>

2018-10-09 08:25:29,523 DEBUG [org.apereo.cas.util.crypto.PrivateKeyFactoryBean] - <Attempting to read as PEM [file [/etc/cas/saml/idp-signing.key]]>

2018-10-09 08:25:29,839 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner] - <Signature signing credentials configured with [0] credentials>

2018-10-09 08:25:29,855 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner] - <Resolving signature signing parameters for [SPSSODescriptor]>

2018-10-09 08:25:29,858 WARN [org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver] - <Validation failure: Unable to resolve signing credential>

2018-10-09 08:25:29,858 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: audit:unknown

WHAT: java.lang.NullPointerException

ACTION: SAML2_RESPONSE_FAILED

APPLICATION: CAS

WHEN: Tue Oct 09 08:25:29 EDT 2018

CLIENT IP ADDRESS: 172.16.16.58

SERVER IP ADDRESS: 172.16.16.63

=============================================================

>

2018-10-09 08:25:29,864 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch>

java.lang.NullPointerException: null

        at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner.buildSignatureSigningParameters(SamlIdPObjectSigner.java:233) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

        at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner.prepareSecurityParametersContext(SamlIdPObjectSigner.java:185) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

        at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner.encode(SamlIdPObjectSigner.java:121) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]

        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]

        at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.19.RELEASE.jar!/:4.3.19.RELEASE]

        at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar!/:4.3.19.RELEASE]

        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671) ~[spring-aop-4.3.19.RELEASE.jar!/:4.3.19.RELEASE]

        at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner$$EnhancerBySpringCGLIB$$41f95fb1.encode(<generated>) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

        at org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder.buildResponse(SamlProfileSaml2ResponseBuilder.java:112) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

        at org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder.buildResponse(SamlProfileSaml2ResponseBuilder.java:48) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

        at org.apereo.cas.support.saml.web.idp.profile.builders.response.BaseSamlProfileSamlResponseBuilder.build(BaseSamlProfileSamlResponseBuilder.java:87) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

        at org.apereo.cas.support.saml.web.idp.profile.builders.response.BaseSamlProfileSamlResponseBuilder$$FastClassBySpringCGLIB$$f1322d9c.invoke(<generated>) ~[cas-server-support-saml-idp-web-5.3.3.jar!/:5.3.3]

is it an issue of missing key / certificate  in keystore ?

[Robert]

Hi, after updating my certificates, I'm getting the same error. Only thing that changed, is the private key length (new one has 4096). Could that be a problem?

[Christian Poirier]

Did you find a solution to your problem because I have the same and I don't know why it does that? I have the same configuration on another servers and it works well.