CAS 5.3.3 - SAML 1.1 - Custom Saml 1.1 client not able to retrieve the assertion.
93 views
Skip to first unread message
Curtis Ruck
Sep 10, 2018, 12:08:14āÆPM9/10/18
to CAS Community
So lets see if I can keep this simple.
I have a mostly working CAS 5.3.3 Server with SAML 1.1 working to the java-cas-client.Ā We have a vendor developed CAS Client for the CAS SAML 1.1 protocol, that worked with CAS 3.3, 3.5, and 3.6.Ā Now on CAS 5.3.3, it's getting a samllp:RequestDenied samllp:Response.
Based on reviewing the code, it appears it's failing at DefaultCentralAuthenticationService.java:301.Ā Do i need to create a SamlRegisteredService service definition for SAML 1.1 instead of using RegexRegisteredService?Ā Based on the error, I expected to see service as part of the validation request to /samlValidate, but it's not part of the SAML 1.1 specification that I can find.
The received response:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
Ā Ā <SOAP-ENV:Body>
Ā Ā Ā Ā <saml1p:Response
Ā Ā Ā Ā Ā Ā InResponseTo="250c222f-6306-402c-ba3a-42f432137730"
Ā Ā Ā Ā Ā Ā IssueInstant="2018-09-10T15:36:21.756Z" MajorVersion="1"
Ā Ā Ā Ā Ā Ā MinorVersion="1"
Ā Ā Ā Ā Ā Ā ResponseID="_ae589fdf84c6c72755cd450949f3b3c7" xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
Ā Ā Ā Ā Ā Ā <saml1p:Status>
Ā Ā Ā Ā Ā Ā Ā Ā <saml1p:StatusCode Value="saml1p:RequestDenied"/>
Ā Ā Ā Ā Ā Ā Ā Ā <saml1p:StatusMessage>Ticket 'ST-104183-xxxxxxxxxxxxx-cas' does not match supplied service. The original service was 'https://example.com/foo/bar' and the supplied service was 'null'.</saml1p:StatusMessage>
Ā Ā Ā Ā Ā Ā </saml1p:Status>
Ā Ā Ā Ā </saml1p:Response>
Ā Ā </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Curtis Ruck
Sep 10, 2018, 12:29:39āÆPM9/10/18
to CAS Community
This has me completely confused.Ā I'm trying to nail down a stack trace, for some reason its not logging stack traces after the log file rolls over; and this particular client is dumb, and just keeps trying infinitely without any backoff algorithm when failures repeatedly occur.Ā It appears that whatever AbstractWebApplicationService is (i assume its supposed to be SamlService, but SamlService doesn't have a @ToString.
2018-09-10 16:15:42,078 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Attempting to decode service ticket [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core] to verify authenticity>
2018-09-10 16:15:42,078 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core] to [0bd4f9b562afbac412fec0a0979cdcb519d80b103cacaf3f38c56cae2003831efdad21bdf44a966760f069fac71c876027f528be0bae8a293fb2d0d0a83daa1b]>
2018-09-10 16:15:42,079 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to decode [EncodedTicket(id=0bd4f9b562afbac412fec0a0979cdcb519d80b103cacaf3f38c56cae2003831efdad21bdf44a966760f069fac71c876027f528be0bae8a293fb2d0d0a83daa1b)]>
2018-09-10 16:15:42,079 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket to [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core]>
2018-09-10 16:15:42,080 ERROR [org.apereo.cas.authentication.principal.Service] - <null>
java.lang.NullPointerException: null
2018-09-10 16:15:42,080 ERROR [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core] with service [https://example.com/foo/bar] does not match supplied service [AbstractWebApplicationService(id=null, originalUrl=null, artifactId=ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core, principal=null, source=TARGET, loggedOutAlready=false, format=XML, attributes={})]>
2018-09-10 16:15:42,080 DEBUG [org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy] - <Ticket usage count [1] is greater than or equal to [1]. Ticket has expired>
2018-09-10 16:15:42,081 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core] to [0bd4f9b562afbac412fec0a0979cdcb519d80b103cacaf3f38c56cae2003831efdad21bdf44a966760f069fac71c876027f528be0bae8a293fb2d0d0a83daa1b]>
2018-09-10 16:15:42,081 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to decode [EncodedTicket(id=0bd4f9b562afbac412fec0a0979cdcb519d80b103cacaf3f38c56cae2003831efdad21bdf44a966760f069fac71c876027f528be0bae8a293fb2d0d0a83daa1b)]>
2018-09-10 16:15:42,082 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket to [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core]>
2018-09-10 16:15:42,082 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core] from the registry.>
2018-09-10 16:15:42,082 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core] to [0bd4f9b562afbac412fec0a0979cdcb519d80b103cacaf3f38c56cae2003831efdad21bdf44a966760f069fac71c876027f528be0bae8a293fb2d0d0a83daa1b]>
2018-09-10 16:15:42,083 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Mon Sep 10 16:15:42 UTC 2018
CLIENT IP ADDRESS: 10.36.1.165
SERVER IP ADDRESS: 10.0.1.84
=============================================================
>
2018-09-10 16:15:42,097 DEBUG [org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder] - <Beginning encode of message of type: org.opensaml.saml.saml1.core.impl.ResponseImpl>
2018-09-10 16:15:42,097 DEBUG [org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder] - <Marshalling message>
2018-09-10 16:15:42,097 DEBUG [PROTOCOL_MESSAGE] - <
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
Ā Ā <SOAP-ENV:Body>
Ā Ā Ā Ā <saml1p:Response
Ā Ā Ā Ā Ā Ā InResponseTo="e128f0d9-2537-4c2d-a4b6-44d9d85ce4a8"
Ā Ā Ā Ā Ā Ā IssueInstant="2018-09-10T16:15:37.091Z" MajorVersion="1"
Ā Ā Ā Ā Ā Ā MinorVersion="1"
Ā Ā Ā Ā Ā Ā ResponseID="_897701d43abd89b7a8d1d6198f32862d" xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
Ā Ā Ā Ā Ā Ā <saml1p:Status>
Ā Ā Ā Ā Ā Ā Ā Ā <saml1p:StatusCode Value="saml1p:RequestDenied"/>
Ā Ā Ā Ā Ā Ā Ā Ā <saml1p:StatusMessage>Ticket 'ST-4920--b-TI-JNe91v7ZP1P49EEXhndtwv325-core' does not match supplied service. The original service was 'https://example.com/foo/bar' and the supplied service was 'null'.</saml1p:StatusMessage>
Curtis Ruck
Sep 10, 2018, 12:47:39āÆPM9/10/18
to CAS Community
| java.lang.NullPointerException: null | |
| at java.net.URLDecoder.decode(URLDecoder.java:136) ~[?:1.8.0_181] | |
| at org.apereo.cas.authentication.principal.Service.matches(Service.java:37) ~[cas-server-core-api-authentication-5.3.3.jar!/:5.3.3] | |
| at org.apereo.cas.ticket.ServiceTicketImpl.isValidFor(ServiceTicketImpl.java:100) ~[cas-server-core-tickets-api-5.3.3.jar!/:5.3.3] | |
| at org.apereo.cas.DefaultCentralAuthenticationService.validateServiceTicket(DefaultCentralAuthenticationService.java:298) ~[cas-server-core-5.3.3.jar!/:5.3.3] | |
| at org.apereo.cas.DefaultCentralAuthenticationService$$FastClassBySpringCGLIB$$b02e48f2.invoke(<generated>) ~[cas-server-core-5.3.3.jar!/:5.3.3] | |
| at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:84) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135) ~[inspektr-audit-1.8.3.GA.jar!/:1.8.3.GA] | |
| at sun.reflect.GeneratedMethodAccessor186.invoke(Unknown Source) ~[?:?] | |
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] | |
| at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] | |
| at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:627) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:616) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) ~[spring-tx-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) ~[spring-tx-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) ~[spring-tx-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45) ~[metrics-spring-3.1.3.jar!/:?] | |
| at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32) ~[metrics-spring-3.1.3.jar!/:?] | |
| at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) ~[metrics-spring-3.1.3.jar!/:?] | |
| at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48) ~[metrics-spring-3.1.3.jar!/:?] | |
| at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34) ~[metrics-spring-3.1.3.jar!/:?] | |
| at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) ~[metrics-spring-3.1.3.jar!/:?] | |
| at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46) ~[metrics-spring-3.1.3.jar!/:?] | |
| at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32) ~[metrics-spring-3.1.3.jar!/:?] | |
| at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) ~[metrics-spring-3.1.3.jar!/:?] | |
| at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671) ~[spring-aop-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apereo.cas.DefaultCentralAuthenticationService$$EnhancerBySpringCGLIB$$fbbc2dab.validateServiceTicket(<generated>) ~[cas-server-core-5.3.3.jar!/:5.3.3] | |
| at org.apereo.cas.web.AbstractServiceValidateController.validateServiceTicket(AbstractServiceValidateController.java:263) ~[cas-server-support-validation-5.3.3.jar!/:5.3.3] | |
| at org.apereo.cas.web.AbstractServiceValidateController.handleTicketValidation(AbstractServiceValidateController.java:233) ~[cas-server-support-validation-5.3.3.jar!/:5.3.3] | |
| at org.apereo.cas.web.AbstractServiceValidateController.handleRequestInternal(AbstractServiceValidateController.java:185) ~[cas-server-support-validation-5.3.3.jar!/:5.3.3] | |
| at org.apereo.cas.support.saml.web.SamlValidateController.handleRequestInternal(SamlValidateController.java:63) ~[cas-server-support-saml-5.3.3.jar!/:5.3.3] | |
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] | |
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] | |
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] | |
| at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] | |
| at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) ~[tomcat-servlet-api-8.5.32.jar!/:?] | |
| at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[tomcat-servlet-api-8.5.32.jar!/:?] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-embed-websocket-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:30) ~[cas-server-core-web-api-5.3.3.jar!/:5.3.3] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) ~[cas-server-security-filter-2.0.10.2.jar!/:2.0.10.2] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:237) ~[cas-server-security-filter-2.0.10.2.jar!/:2.0.10.2] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94) ~[cas-server-security-filter-2.0.10.2.jar!/:2.0.10.2] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) ~[spring-boot-actuator-1.5.14.RELEASE.jar!/:1.5.14.RELEASE] | |
| at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91) ~[cas-server-core-logging-5.3.3.jar!/:5.3.3] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) ~[spring-boot-actuator-1.5.14.RELEASE.jar!/:1.5.14.RELEASE] | |
| at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.3.GA.jar!/:1.8.3.GA] | |
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:685) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_181] | |
| at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_181] | |
| at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32] | |
| at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] |
Curtis Ruck
Sep 10, 2018, 1:21:45āÆPM9/10/18
to CAS Community
Following the logic back with TRACE logging on, it appears inside DefaultArgumentExtractor.javaĀ its generating 2 of 3 different service objects.
SamlService with id=null (what i'm seeing in the logs that later NPE's in URLDecoder.decode).
SimpleWebApplicationServiceImpl with id=https://example.com/foo/bar not seeing these anywhere
and its logging "No service could be extracted based on the given request." this causes it to return null, which makes service=null in AbstractServiceValidateController.handleRequestInternal, which i'm not seeing i don't believe.
These all 3 appear to be getting logged, as if there are multiple ServiceFactories registered.
Curtis Ruck
Sep 10, 2018, 4:00:13āÆPM9/10/18
to CAS Community
I believe all of the above is due to a missing TARGET query parameter.
I really wish we had better parameter validation and logging for things like this.
Reply all
Reply to author
Forward
0 new messages