Problem with a ChainingRegisteredServiceAccessStrategy service
55 views
Skip to first unread message
Alfonso Veraluz
May 6, 2024, 4:49:36 AM5/6/24
to CAS Community
Hello,
I have a CAS 6.6.15 working in this configuration:
In general, users that via Spnego when they are in some ip range, if not they go to the login form and that is configured with ldap.
For a determined url, we have a service json that redirects to a Dualshield and returns when they are logged in.
The problem is when i try to configure a service json that pretends:
The user goes to extranet.company.com
If the user is in a test ip, it should go to Dualshield for authentication.
If the users is not in the test ip, it should go to the login form.
Pretty sure that should be configured with a ChainingRegisteredServiceAccessStrategy but the criteria of the strategies is not very clear at the Doc.
Like this testsite-1.json:
{
"@class": "org.apereo.cas.services.CasRegisteredService",
"serviceId": "https://extranet.company.com/.*",
"name": "testsite",
"id": 1,
"evaluationOrder": 1,
"accessStrategy" :
{
"@class": "org.apereo.cas.services.ChainingRegisteredServiceAccessStrategy",
"strategies": [ "java.util.ArrayList",
[ {
"@class" : "org.apereo.cas.services.HttpRequestRegisteredServiceAccessStrategy",
"ipAddress" : "192.168.1.55",
"delegatedAuthenticationPolicy": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders": [ "java.util.ArrayList", [ "DualShield" ] ],
"permitUndefined": false,
"exclusive": true
}
},
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled": true
}
]
],
"operator": "OR"
}
}
This kind of json and some variants tested fails in two ways:
1) I recieve an error 500 on the cas/login screen and in the log says:
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction@28a6a1b0 in state 'viewLoginForm' of flow 'login' -- action execution attributes were 'map[[empty]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction@28a6a1b0 in state 'viewLoginForm' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionList.execute(ActionList.java:154) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ViewState.render(ViewState.java:291) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:185) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
...
Caused by: java.lang.NullPointerException
at org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy.select(DefaultDelegatedClientIdentityProviderRedirectionStrategy.java:63) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.lambda$select$0(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:40) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1632) ~[?:?]
at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127) ~[?:?]
at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:543) ~[?:?]
at org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.select(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:43) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer.produce(DefaultDelegatedClientIdentityProviderConfigurationProducer.java:64) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction.produceDelegatedAuthenticationClientsForContext(DelegatedAuthenticationGenerateClientsAction.java:45) ~[cas-server-support-pac4j-webflow-6.6.15.jar:6.6.15]
at org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction.doExecute(DelegatedAuthenticationGenerateClientsAction.java:33) ~[cas-server-support-pac4j-webflow-6.6.15.jar:6.6.15]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
... 194 more
DEBUG [org.apereo.cas.web.flow.error.DefaultDelegatedClientAuthenticationFailureEvaluator] - <Delegation request has failed. Details are [{code=500}]>
2) Gives an error about policy is marked non-null but is null.
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.web.flow.login.InitialFlowSetupAction@61ba9709 in state 'null' of flow 'login' -- action execution attributes were 'map[[empty]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.login.InitialFlowSetupAction@61ba9709 in state 'null' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionList.execute(ActionList.java:154) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:526) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1070) ~[spring-webmvc-5.3.22.jar:5.3.22]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.22.jar:5.3.22]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.22.jar:5.3.22]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.3.22.jar:5.3.22]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) ~[tomcat9-servlet-api.jar:?]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.22.jar:5.3.22]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[tomcat9-servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat9-catalina-9.0.16.jar:9.0.16]
...
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat9-util-9.0.16.jar:9.0.16]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: java.lang.NullPointerException: policy is marked non-null but is null
at org.apereo.cas.services.ChainingRegisteredServiceDelegatedAuthenticationPolicy.addStrategy(ChainingRegisteredServiceDelegatedAuthenticationPolicy.java:42) ~[cas-server-core-services-api-6.6.15.jar:6.6.15]
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) ~[?:?]
Has anyone tried to do something similar with the services?
Thanks for the time.
I have a CAS 6.6.15 working in this configuration:
In general, users that via Spnego when they are in some ip range, if not they go to the login form and that is configured with ldap.
For a determined url, we have a service json that redirects to a Dualshield and returns when they are logged in.
The problem is when i try to configure a service json that pretends:
The user goes to extranet.company.com
If the user is in a test ip, it should go to Dualshield for authentication.
If the users is not in the test ip, it should go to the login form.
Pretty sure that should be configured with a ChainingRegisteredServiceAccessStrategy but the criteria of the strategies is not very clear at the Doc.
Like this testsite-1.json:
{
"@class": "org.apereo.cas.services.CasRegisteredService",
"serviceId": "https://extranet.company.com/.*",
"name": "testsite",
"id": 1,
"evaluationOrder": 1,
"accessStrategy" :
{
"@class": "org.apereo.cas.services.ChainingRegisteredServiceAccessStrategy",
"strategies": [ "java.util.ArrayList",
[ {
"@class" : "org.apereo.cas.services.HttpRequestRegisteredServiceAccessStrategy",
"ipAddress" : "192.168.1.55",
"delegatedAuthenticationPolicy": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders": [ "java.util.ArrayList", [ "DualShield" ] ],
"permitUndefined": false,
"exclusive": true
}
},
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled": true
}
]
],
"operator": "OR"
}
}
This kind of json and some variants tested fails in two ways:
1) I recieve an error 500 on the cas/login screen and in the log says:
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction@28a6a1b0 in state 'viewLoginForm' of flow 'login' -- action execution attributes were 'map[[empty]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction@28a6a1b0 in state 'viewLoginForm' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionList.execute(ActionList.java:154) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ViewState.render(ViewState.java:291) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:185) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
...
Caused by: java.lang.NullPointerException
at org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy.select(DefaultDelegatedClientIdentityProviderRedirectionStrategy.java:63) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.lambda$select$0(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:40) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1632) ~[?:?]
at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127) ~[?:?]
at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:543) ~[?:?]
at org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.select(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:43) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer.produce(DefaultDelegatedClientIdentityProviderConfigurationProducer.java:64) ~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction.produceDelegatedAuthenticationClientsForContext(DelegatedAuthenticationGenerateClientsAction.java:45) ~[cas-server-support-pac4j-webflow-6.6.15.jar:6.6.15]
at org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction.doExecute(DelegatedAuthenticationGenerateClientsAction.java:33) ~[cas-server-support-pac4j-webflow-6.6.15.jar:6.6.15]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
... 194 more
DEBUG [org.apereo.cas.web.flow.error.DefaultDelegatedClientAuthenticationFailureEvaluator] - <Delegation request has failed. Details are [{code=500}]>
2) Gives an error about policy is marked non-null but is null.
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.web.flow.login.InitialFlowSetupAction@61ba9709 in state 'null' of flow 'login' -- action execution attributes were 'map[[empty]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.login.InitialFlowSetupAction@61ba9709 in state 'null' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionList.execute(ActionList.java:154) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:526) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1070) ~[spring-webmvc-5.3.22.jar:5.3.22]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.22.jar:5.3.22]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.22.jar:5.3.22]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.3.22.jar:5.3.22]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) ~[tomcat9-servlet-api.jar:?]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.22.jar:5.3.22]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[tomcat9-servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat9-catalina-9.0.16.jar:9.0.16]
...
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat9-util-9.0.16.jar:9.0.16]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: java.lang.NullPointerException: policy is marked non-null but is null
at org.apereo.cas.services.ChainingRegisteredServiceDelegatedAuthenticationPolicy.addStrategy(ChainingRegisteredServiceDelegatedAuthenticationPolicy.java:42) ~[cas-server-core-services-api-6.6.15.jar:6.6.15]
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) ~[?:?]
Has anyone tried to do something similar with the services?
Thanks for the time.
Reply all
Reply to author
Forward
0 new messages