Issue with Safari bowser running on IOS 18.00 and CAS 7.1.0 with Duo

316 views
Skip to first unread message

Robin Joseph

unread,
Sep 17, 2024, 6:01:59 PM9/17/24
to CAS Community
I am having issue with CAS using Safari since updating My IPhone to IOS 18. Getting CAS is unable to process this request 500:internal server error, this happens after the duo prompt to enter the code, see the error below

     
2024-09-17 13:40:15,186 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.actions.storage.ReadBrowserStorageAction@299a84aa in state 'verifyBrowserStorageRead' of flow 'login' -- action execution attributes were 'map[[empty]]']> 

Patryk Sondej

unread,
Sep 18, 2024, 5:21:12 AM9/18/24
to CAS Community, Robin Joseph
I have same problem (but without Duo). It happens randomly after refresing /login page 1000 times. 

java.lang.RuntimeException: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.ServiceAuthorizationCheckAction@49252d5f in state 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes were 'map[[empty]]'

Caused by: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.ServiceAuthorizationCheckAction@49252d5f in state 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes were 'map[[empty]]'

Caused by: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.ServiceAuthorizationCheckAction@49252d5f in state 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes were 'map[[empty]]'

Caused by: org.springframework.beans.NotReadablePropertyException: Invalid property 'clientId' of bean class [org.apereo.cas.services.CasRegisteredService]: Bean property 'clientId' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?

Robin Joseph

unread,
Sep 19, 2024, 3:56:45 PM9/19/24
to CAS Community, Patryk Sondej, Robin Joseph
It is happening to me on the first try,  it is also happening to others on the first try with IOS 8.0 and Safari.  

Jonathon Taylor

unread,
Oct 11, 2024, 11:37:19 AM10/11/24
to cas-...@apereo.org, Patryk Sondej, Robin Joseph
Hi Robin and Patryk,

Have you noticed any improvement with either CAS 7.1.1 or IOS 18.0.1?

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4615c05e-f137-41e4-8781-a0f2ecb6a932n%40apereo.org.


--
Jonathon Taylor (he/him)
Information Security Office

Jonathon Taylor

unread,
Dec 20, 2024, 11:46:34 AM12/20/24
to cas-...@apereo.org
FYI - This is resolved for us in 7.1.3.

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Patryk Sondej

unread,
Dec 27, 2024, 12:03:07 PM12/27/24
to CAS Community, Jonathon Taylor
Now the issue changed from 500 error to 403 error.
I think the core problem seems to occur during the reload process of the "JsonServiceRegistry". 
When it reloads, it appears to remove all registered services for short time.

After running 1000 requests, randomly I get 403 ("Service Access Denied") error for registered service:
```
2024-12-27 17:35:40,095 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <{
  "who" : "audit:unknown",
  "what" : {
    "result" : "Service Access Granted",
    "service" : "http://example.com/"
  },
  "action" : "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED",
  "when" : "2024-12-27T16:35:40.095331828",
  "clientIpAddress" : "127.0.0.1",
  "serverIpAddress" : "127.0.0.1",
  "geoLocation" : "unknown"
}
2024-12-27 17:35:40,265 INFO [org.apereo.cas.services.mgmt.AbstractServicesManager] - <Loaded [860] service(s) from [JsonServiceRegistry].>
2024-12-27 17:35:40,273 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <{
  "who" : "audit:unknown",
  "what" : {
    "result" : "Service Access Denied",
    "service" : "http://example.com/"
  },
  "action" : "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED",
  "when" : "2024-12-27T16:35:40.273405206",
  "clientIpAddress" : "127.0.0.1",
  "serverIpAddress" : "127.0.0.1",
  "geoLocation" : "unknown"
}
2024-12-27 17:35:45,275 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <{
  "who" : "audit:unknown",
  "what" : {
    "result" : "Service Access Granted",
    "service" : "http://example.com/"
  },
  "action" : "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED",
  "when" : "2024-12-27T16:35:45.274841283",
  "clientIpAddress" : "127.0.0.1",
  "serverIpAddress" : "127.0.0.1",
  "geoLocation" : "unknown"
}
```

Patryk Sondej

unread,
Dec 27, 2024, 10:18:41 PM12/27/24
to CAS Community, Patryk Sondej, Jonathon Taylor
Now I found a workaround:
cas.service-registry.schedule.enabled=false
This resolves the problem. After applying this configuration, the 403 errors no longer occur.

Reply all
Reply to author
Forward
0 new messages