samlValidate failing due to NullPointerException

327 views
Skip to first unread message

Dickison, Lynn E

unread,
Jul 26, 2018, 2:41:29 PM7/26/18
to cas-...@apereo.org

Greetings.  I’m working with CAS 5.3.1-SNAPSHOT, and trying to get SAML 1.1 service validation to work so that I can return attributes to services.  When the service does a samlValidate to validate the service ticket and retrieve the attributes in SAML 1.1 format, CAS throws an error.  The message says RegisteredServiceResponseHeadersEnforcementFilter is blocking this request, which was caused by a NullPointerException.

 

I’ve been struggling with this for the past few days, but I haven’t been able to figure it out yet.  I have turned on DEBUG logging, which shows me that the attributes are being retrieved from the LDAP source, but the log doesn’t give me a clue (at least not that I have been able to decipher) about why samlValidate is failing.

 

If anyone can give me a clue how to solve this issue, I would greatly appreciate it.

 

 

Here are the dependencies I’ve added to the pom.xml file:

 

            <dependencies>

                <dependency>

                    <groupId>org.apereo.cas</groupId>

                    <artifactId>cas-server-webapp${app.server}</artifactId>

                    <version>${cas.version}</version>

                    <type>war</type>

                    <scope>runtime</scope>

                </dependency>

                <!--

                ...Additional dependencies may be placed here...

                -->

                <dependency>

                    <groupId>org.apereo.cas</groupId>

                    <artifactId>cas-server-support-ldap</artifactId>

                    <version>${cas.version}</version>

                </dependency>

                <dependency>

                    <groupId>org.apereo.cas</groupId>

                    <artifactId>cas-server-support-json-service-registry</artifactId>

                    <version>${cas.version}</version>

                </dependency>

                <!-- Add support for SAML 1.1 (/samlValidate) - LED -->

                <dependency>

                    <groupId>org.apereo.cas</groupId>

                    <artifactId>cas-server-support-saml</artifactId>

                    <version>${cas.version}</version>

                </dependency>

                <!-- Needed for org.apereo.cas.rest.factory.ServiceTicketResourceEntityResponseFactory -->

                <dependency>

                    <groupId>org.apereo.cas</groupId>

                    <artifactId>cas-server-support-rest</artifactId>

                    <version>${cas.version}</version>

                    <scope>runtime</scope>

                </dependency>

            </dependencies>

 

 

Here is what is in my cas.properties file:

 

cas.server.name: https://xxxxxxxx.xxxxxxxxxxxxx.xxx:8443

cas.server.prefix: https://xxxxxxxx.xxxxxxxxxxxxx.xxx:8443/cas

 

cas.adminPagesSecurity.ip=127\.0\.0\.1

 

logging.config: file:/etc/cas/config/log4j2.xml

 

# LDAP connection info for authentication

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl= ldap://xxxxxxxxx.xxxxxxx.xxx:3268

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0]. baseDn=dc=XXXXXXX,dc=XXX

cas.authn.ldap[0].searchFilter=sAMAccountName={user}

cas.authn.ldap[0].bindDn= cn=XXXxxxx,ou=XxX,ou=XXXXXXX,ou=XXXXXX,dc=XXX,dc=XXXXXXX,dc=XXX

cas.authn.ldap[0].bindCredential={cipher}fvAAETwcJ8WuLsLvCxzschMoP2rCIb1m1NIgUe5cinuarm5GSztFqQ==

 

# Attribute repository settings

cas.authn.attributeRepository.expirationTime=30

cas.authn.attributeRepository.expirationTimeUnit=MINUTES

cas.authn.attributeRepository.maximumCacheSize=10000

cas.authn.attributeRepository.merger=ADD

 

# LDAP connection info for attribute repository

cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://xxxxxxxxx.xxxxxxx.xxx:3268

cas.authn.attributeRepository.ldap[0].useSsl=false

cas.authn.attributeRepository.ldap[0].baseDn=dc=XXXXXXX,dc=XXX

cas.authn.attributeRepository.ldap[0].searchFilter=sAMAccountName={user}

cas.authn.attributeRepository.ldap[0].bindDn=cn=XXXxxxx,ou=XxX,ou=XXXXXXX,ou=XXXXXX,dc=XXX,dc=XXXXXXX,dc=XXX

cas.authn.attributeRepository.ldap[0].bindCredential={cipher}fvAAETwcJ8WuLsLvCxzschMoP2rCIb1m1NIgUe5cinuarm5GSztFqQ==

 

cas.authn.attributeRepository.ldap[0].attributes.displayName=name

cas.authn.attributeRepository.ldap[0].attributes.givenName=first_name

cas.authn.attributeRepository.ldap[0].attributes.sn=last_name

cas.authn.attributeRepository.ldap[0].attributes.cn=cn

cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=bearpass_Login

cas.authn.attributeRepository.ldap[0].attributes.mailNickname=bearpass_EmailID

cas.authn.attributeRepository.ldap[0].attributes.mail=EmailAddress

cas.authn.attributeRepository.ldap[0].attributes.userPrincipalName=userPrincipalName

cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute1=campus

cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute2=primary_role

cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute9=UDC_IDENTIFIER

cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute12=isGuest

cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute13=isStaff

cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute14=isFaculty

cas.authn.attributeRepository.ldap[0].attributes.extensionAttribute15=isStudent

 

cas.serviceRegistry.json.location=file:/etc/cas/services

cas.serviceRegistry.managementType=DEFAULT

 

 

 

The service is defined like this:

 

{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https?://xxxxxxxx.xxxxxxxxxxxxx.xxx/.*",

  "name" : "Xxxxxxxx",

  "id" : 10000003,

  "description" : "Xxxxxxxx test server",

  "evaluationOrder" : 1

  "responseType" : "REDIRECT",

  "attributeReleasePolicy" : {

    "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",

    "allowedAttributes" : [ "java.util.ArrayList", [ "name", "EmailAddress" ] ]

  }

  "accessStrategy" : {

    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",

    "enabled" : true,

    "ssoEnabled" : true

  }

}

 

 

Here is the error message I’m getting:

 

2018-07-26 13:13:34,396 ERROR [org.apereo.cas.security.ResponseHeadersEnforcementFilter] - <RegisteredServiceResponseHeadersEnforcementFilter is blocking this request. Examine the cause in this stack trace to understand why.>

javax.servlet.ServletException: RegisteredServiceResponseHeadersEnforcementFilter is blocking this request. Examine the cause in this stack trace to understand why.

        at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:233) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) ~[spring-boot-actuator-1.5.14.RELEASE.jar:1.5.14.RELEASE]

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91) ~[cas-server-core-logging-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) ~[spring-boot-actuator-1.5.14.RELEASE.jar:1.5.14.RELEASE]

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]

        at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]

        at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.18.RELEASE.jar:4.3.18.RELEASE]

        at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123) ~[spring-boot-1.5.14.RELEASE.jar:1.5.14.RELEASE]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.3.GA.jar:1.8.3.GA]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.11.0.jar:2.11.0]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[catalina.jar:8.5.32]

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[catalina.jar:8.5.32]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) ~[catalina.jar:8.5.32]

        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) ~[catalina.jar:8.5.32]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[catalina.jar:8.5.32]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[catalina.jar:8.5.32]

        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) ~[tomcat-coyote.jar:8.5.32]

        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:8.5.32]

        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800) ~[tomcat-coyote.jar:8.5.32]

        at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2380) ~[tomcat-coyote.jar:8.5.32]

        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:8.5.32]

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_161]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_161]

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:8.5.32]

        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]

Caused by: java.lang.NullPointerException

        at org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory.createService(SamlServiceFactory.java:65) ~[cas-server-support-saml-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory.createService(SamlServiceFactory.java:27) ~[cas-server-support-saml-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apereo.cas.web.support.DefaultArgumentExtractor.lambda$extractServiceInternal$0(DefaultArgumentExtractor.java:46) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[?:1.8.0_161]

        at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1359) ~[?:1.8.0_161]

        at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126) ~[?:1.8.0_161]

        at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498) ~[?:1.8.0_161]

        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) ~[?:1.8.0_161]

        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) ~[?:1.8.0_161]

        at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:152) ~[?:1.8.0_161]

        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_161]

        at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:464) ~[?:1.8.0_161]

        at org.apereo.cas.web.support.DefaultArgumentExtractor.extractServiceInternal(DefaultArgumentExtractor.java:52) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apereo.cas.web.support.AbstractArgumentExtractor.extractService(AbstractArgumentExtractor.java:34) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter.getRegisteredServiceFromRequest(RegisteredServiceResponseHeadersEnforcementFilter.java:118) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter.shouldHttpHeaderBeInjectedIntoResponse(RegisteredServiceResponseHeadersEnforcementFilter.java:94) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter.decideInsertCacheControlHeader(RegisteredServiceResponseHeadersEnforcementFilter.java:74) ~[cas-server-core-web-api-5.3.1-SNAPSHOT.jar:5.3.1-SNAPSHOT]

        at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:225) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]

        ... 62 more

 

 

Lynn Dickison
Senior Enterprise Systems Administrator
Computer Services

Missouri State University
901 S. National Ave.
Springfield, MO 65897
Phone: 417-836-4515 | Fax: 417-836-3192
lynndi...@missouristate.edu | www.missouristate.edu

Missouri State University: Make Your Missouri Statement

 

Daniel Ellentuck

unread,
Jul 26, 2018, 3:00:33 PM7/26/18
to CAS Users
Hi Lynn,

This kind of NPE can sometimes be a client-side problem.  Ensure that your client is passing the service and ticket to the CAS server in SAML 1.1 format, as request parameters named "TARGET" and "SAMLArt", respectively.  There are different ways of configuring this depending on the client in use. 

Dan Ellentuck
Columbia University I.T.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB41919ABB495233A34B413698D92B0%40SN6PR01MB4191.prod.exchangelabs.com.

Dickison, Lynn E

unread,
Jul 27, 2018, 1:26:30 PM7/27/18
to cas-...@apereo.org

Hi Dan,

 

Thanks for the suggestion.  I suppose it’s possible that there is a client-side problem, but the client (Apache httpd with mod_auth_cas) does authenticate properly when it’s pointed to our older CAS 3.5.3 server.  Do you know of a client-side configuration that would work successfully when using CAS 3.5.3 but not CAS 5.3.1?

 

Lynn Dickison

Daniel Ellentuck

unread,
Jul 27, 2018, 1:42:16 PM7/27/18
to CAS Users
Hi Lynn,

I actually ran into this very problem while testing a Saml 1.1 client that currently runs successfully against CAS 3.5.3, in preparation for a migration to CAS 5.3.x.  In my case, I was able to resolve it by updating not the client configuration but the client itself to the most recent version.  I'd guess there are some differences between versions in the soap message generated by the Saml 1.1 client.

    Dan

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB4191EE098A54A9F55255C880D92A0%40SN6PR01MB4191.prod.exchangelabs.com.

Dickison, Lynn E

unread,
Jul 27, 2018, 3:26:08 PM7/27/18
to cas-...@apereo.org

Dan, it looks like you may be right.  I see that when mod_auth_cas makes a SAML1.1 request, it doesn’t include the RequestID.  The SAML1.1 protocol requires the RequestID to be included, so it looks like mod_auth_cas-1.1 is not usable with CAS 5.x.

 

https://github.com/apereo/mod_auth_cas/issues/148

 

Thanks for pointing me in the right direction.

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5KEBEYV1oc%3Dd5s-2covHpxWSCTHCvRt03%2BKNfMwZHjx6Q%40mail.gmail.com.

David Hawes

unread,
Jul 28, 2018, 11:39:37 PM7/28/18
to CAS Community

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR01MB4191EE098A54A9F55255C880D92A0%40SN6PR01MB4191.prod.exchangelabs.com.

David Hawes

unread,
Jul 30, 2018, 5:24:54 PM7/30/18
to CAS Community
On Fri, Jul 27, 2018 at 3:26 PM, Dickison, Lynn E <LynnDi...@missouristate.edu> wrote:

Dan, it looks like you may be right.  I see that when mod_auth_cas makes a SAML1.1 request, it doesn’t include the RequestID.  The SAML1.1 protocol requires the RequestID to be included, so it looks like mod_auth_cas-1.1 is not usable with CAS 5.x.

 

https://github.com/apereo/mod_auth_cas/issues/148

 

Thanks for pointing me in the right direction.


Can you test the patch that's referenced in the issue above? That would be useful in getting it merged.

Thanks.

Curtis Ruck

unread,
Sep 6, 2018, 4:19:13 PM9/6/18
to CAS Community
I can validate these changes address the issue in my environment, though I believe we should be modifying cas itself to allow for this also.

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Reply all
Reply to author
Forward
0 new messages