SAML2 Auth flow broken using CAS 6.1.0-RC6

341 views
Skip to first unread message

M. Daley

unread,
Oct 17, 2019, 8:03:17 AM10/17/19
to CAS Community
When running a fresh install of CAS 6.1.0-RC6 I receive the following error after authentication using SAML2.  

2019-10-16 16:22:46,244 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas] threw exception [Request processing failed; nested exception is org.opensaml.messaging.encoder.MessageEncodingException: Error creating output document] with root cause>
org.apache.velocity.exception.ResourceNotFoundException: Unable to find resource '/templates/saml2-post-binding.vm'
        at org.apache.velocity.runtime.resource.ResourceManagerImpl.loadResource(ResourceManagerImpl.java:474) ~[velocity-1.7.jar!/:1.7]
        at org.apache.velocity.runtime.resource.ResourceManagerImpl.getResource(ResourceManagerImpl.java:352) ~[velocity-1.7.jar!/:1.7]
        at org.apache.velocity.runtime.RuntimeInstance.getTemplate(RuntimeInstance.java:1533) ~[velocity-1.7.jar!/:1.7]
        at org.apache.velocity.app.VelocityEngine.mergeTemplate(VelocityEngine.java:343) ~[velocity-1.7.jar!/:1.7]
        at org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder.postEncode(HTTPPostEncoder.java:172) ~[opensaml-saml-impl-3.4.5.jar!/:?]
        at org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder.doEncode(HTTPPostEncoder.java:146) ~[opensaml-saml-impl-3.4.5.jar!/:?]
        at org.opensaml.messaging.encoder.AbstractMessageEncoder.encode(AbstractMessageEncoder.java:53) ~[opensaml-messaging-api-3.4.5.jar!/:?]
        at org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder.encode(BaseHttpServletResponseXMLMessageEncoder.java:50) ~[opensaml-messaging-api-3.4.5.jar!/:?]
        at org.apereo.cas.support.saml.web.idp.profile.builders.enc.encoder.BaseHttpServletAwareSamlObjectEncoder.finalizeEncode(BaseHttpServletAwareSamlObjectEncoder.java:102) ~[cas-server-support-saml-idp-web-6.1.0-RC6.jar!/:6.1.0-RC6]
        at org.apereo.cas.support.saml.web.idp.profile.builders.enc.encoder.BaseHttpServletAwareSamlObjectEncoder.encode(BaseHttpServletAwareSamlObjectEncoder.java:63) ~[cas-server-support-saml-idp-web-6.1.0-RC6.jar!/:6.1.0-RC6]
        at org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder.encode(SamlProfileSaml2ResponseBuilder.java:130) ~[cas-server-support-saml-idp-web-6.1.0-RC6.jar!/:6.1.0-RC6]

Depends added:
    compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-yaml-service-registry:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-hazelcast-ticket-registry:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-bootadmin-client:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-ws-sts:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-ws-idp:${project.'cas.version'}"
    compile "org.apereo.cas:cas-server-support-ws-idp-api:${project.'cas.version'}"


Thanks, 
M. Daley

mohamed gamal

unread,
Oct 17, 2019, 1:08:26 PM10/17/19
to cas-...@apereo.org
The same error also exists in rc5, rc4 is working fine.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/14ef277f-1c34-45a6-a118-77df891694f0%40apereo.org.

Linx Hacks

unread,
Jan 2, 2020, 6:36:46 PM1/2/20
to CAS Community
Yes, thank you for the update. After spending 2 days, I stumbled on this and then tried RC4 and it worked as expected.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

Colin Wilkinson

unread,
Jun 22, 2020, 1:04:54 AM6/22/20
to CAS Community
Guys,
 
In CAS 6.1.0-RC5 CoreSamlConfiguration.java was updated to take into account the use of Apache Velocity 2.x, see Pull request 4187.

The problem is that there are some modules that are importing Apache Velocity 1.7, once apache velocity 1.7 is imported it causes problems as in apache velocity 2.0 some of the key properties where renamed.

I know of the following three that are causing the problem, there maybe more.
  1. cas-server-support-pac4j-webflow
  2. cas-server-support-saml-idp
  3. cas-server-support-saml
The work around to the issue is to add "exclude(group: 'org.apache.velocity', module: 'velocity')" to any module causing the problem.

To the people of CAS, you look to have a dependency issue "Apache Velocity 1.7" is being imported by some modules.

Regards,
Colin
Reply all
Reply to author
Forward
0 new messages