Redirection after authentication from https to http

[Joe Manavalan]

I have cas6.1 deployed and working with cas.authn.pac4j.oauth2. The app works fine in my local windows machine on an https port

When deployed in unix with the same setting [except the url has domain name instead of server name] the app after authenticating with the external oauth2 provider redirects the url to an http port as shown below

This is the redirect url configured and get successfully redirected after authentication and authorization based on the browser trace

https://<domain>:<port>/cas/login/<clientName>?code=<code>&state=<state>&client_name=<clientName>

It then gets redirected to the below http port instead of the expected https port

http//<domain>:<port>/cas/login?code=<code>&state=<state>&client_name=<clientName>

Is this some configuration in CAS  or need to be investigated on the network side ?

Any help appreciated

[Jérôme LELEU]

Hi,

This redirection relies on: request.getRequestURL()

Do you have some reverse proxy in front of your Tomcat?

Thanks.

Best regards,

Jérôme

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org.

[Joe Manavalan]

Thanks Jerome for the response.

I am checking with the network team about the reverse proxy..

request.getRequestURL()  is coming in as "http  "

Following is the log

2020-08-31 17:45:43,157 DEBUG [org.springframework.security.web.FilterChainProxy] - </login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s reached end of additional filter chain; proceeding with original chain>
2020-08-31 17:45:43,164 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <GET "/codesESSO/login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s", parameters={masked}>
2020-08-31 17:45:43,167 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Mapped to org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String, HttpServletRequest, HttpServletResponse)>
2020-08-31 17:45:43,201 DEBUG [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Response for client [http://<domain>:8445/codesESSO/login/CodesESSO_Dev],>

I manually added a http to https replace here in BaseDelegatedAuthenticationController for testing
val url = httpUrl.replace("http", "https");

2020-08-31 17:45:43,204 DEBUG [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Received a response for client [a204264-CodesESSO_Dev], redirecting the login flow [https://<domain>:8445/codesESSO/login?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s&client_name=CodesESSO_Dev]>

Ended up throwing an error  [Which I believe is expected due to the manipulation]
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@40e79dec in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com.

[Joe Manavalan]

I was told there is  BIG-IP which counts as reverse proxy in front of tomcat. Are there any specific settings to resolve this ?

FYI : We have CAS war deployed in tomcat 8.5 [Not in embedded tomcat]

Thanks

Joe

[Jérôme LELEU]

Hi,

I would have expected the val url = httpUrl.replace("http", "https"); solution to work.

You may also try to set the "secure" flag in the Tomcat connector.

Thanks.

Best regards,

Jérôme

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f20905c-771f-457c-8dce-2c29e792364an%40apereo.org.

[Joe Manavalan]

Hi Jerome,

For testing I set up the server name as the url. And now I have the redirect url coming correctly but its timing out when getting authentication Object. since the error is from pac4j, I also posted a message in pac4j group too..

Following is the trace from log. Would it help trying a different version of pac4j ?

2020-09-07 18:47:30,765 DEBUG [org.springframework.security.web.FilterChainProxy] - </login/a204264-CodesESSO_DevDomain?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8 reached end of additional filter chain; proceeding with original chain>

2020-09-07 18:47:30,772 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <GET "/codesESSO/login/a204264-CodesESSO_DevDomain?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8", parameters={masked}>

2020-09-07 18:47:30,774 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Mapped to org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String, HttpServletRequest, HttpServletResponse)>

2020-09-07 18:47:30,775 DEBUG [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Received a response for client [a204264-CodesESSO_DevDomain], redirecting the login flow [https://mycompanydomain.com:8445/codesESSO/login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain]>

2020-09-07 18:47:30,786 DEBUG [org.springframework.web.servlet.view.RedirectView] - <View [RedirectView], model {}>

2020-09-07 18:47:30,787 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.>

2020-09-07 18:47:30,787 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Completed 302 FOUND>

2020-09-07 18:47:30,787 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] - <Chain processed normally>

2020-09-07 18:47:30,788 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <SecurityContextHolder now cleared, as request processing completed>

2020-09-07 18:47:30,860 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 1 of 9 in additional filter chain; firing Filter: 'ChannelProcessingFilter'>

2020-09-07 18:47:30,860 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 2 of 9 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'>

2020-09-07 18:47:30,860 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 3 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No HttpSession currently exists>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No SecurityContext was available from the HttpSession: null. A new one will be created.>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <saved request doesn't match>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@11ef9e01: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 10.98.183.5; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'>

2020-09-07 18:47:30,861 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying to match using Ant [pattern='/null/**']>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/null/**'>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <No matches found>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying to match using Ant [pattern='/css/**']>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/css/**'>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying to match using Ant [pattern='/js/**']>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/js/**'>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying to match using Ant [pattern='/images/**']>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/images/**'>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying to match using Ant [pattern='/webjars/**']>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/webjars/**'>

2020-09-07 18:47:30,864 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying to match using Ant [pattern='/**/favicon.ico']>

2020-09-07 18:47:30,867 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/**/favicon.ico'>

2020-09-07 18:47:30,868 DEBUG [org.springframework.security.web.util.matcher.OrRequestMatcher] - <No matches found>

2020-09-07 18:47:30,868 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/resources/**'>

2020-09-07 18:47:30,868 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/login'; against '/static/**'>

2020-09-07 18:47:30,869 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <Public object - authentication not attempted>

2020-09-07 18:47:30,869 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain reached end of additional filter chain; proceeding with original chain>

2020-09-07 18:47:30,870 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <GET "/codesESSO/login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain", parameters={masked}>

2020-09-07 18:47:30,872 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/codesESSO/login' to flow with id 'login'>

2020-09-07 18:47:30,873 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapped to [FlowHandlerMapping.DefaultFlowHandler@5687bc9e]>

2020-09-07 18:47:30,875 DEBUG [org.springframework.webflow.executor.FlowExecutorImpl] - <Launching new execution of flow 'login' with input map['client_name' -> 'a204264-CodesESSO_DevDomain', 'code' -> 'Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse', 'state' -> 'TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8']>

2020-09-07 18:47:30,875 DEBUG [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] - <Getting FlowDefinition with id 'login'>

2020-09-07 18:47:30,875 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImplFactory] - <Creating new execution of 'login'>

2020-09-07 18:47:30,876 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Starting in org.springframework.webflow.mvc.servlet.MvcExternalContext@68d39ed8 with input map['client_name' -> 'a204264-CodesESSO_DevDomain', 'code' -> 'Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse', 'state' -> 'TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8']>

2020-09-07 18:47:30,876 DEBUG [org.springframework.webflow.engine.Flow] - <Creating [FlowVariable@511bfc1c name = 'credential', valueFactory = [BeanFactoryVariableValueFactory@42331ab3 type = UsernamePasswordCredential]]>

2020-09-07 18:47:30,878 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@4bf00528 expression = initialFlowSetupAction, resultExpression = [null]]>

2020-09-07 18:47:30,879 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.InitialFlowSetupAction@7befab70>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.login.InitialFlowSetupAction@7befab70; result = success>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@4bf00528 expression = initialFlowSetupAction, resultExpression = [null]]; result = success>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@68329dba expression = verifyRequiredServiceAction, resultExpression = [null]]>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.VerifyRequiredServiceAction@4f7a057a>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.login.VerifyRequiredServiceAction@4f7a057a; result = success>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@68329dba expression = verifyRequiredServiceAction, resultExpression = [null]]; result = success>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.pm.web.flow.PasswordManagementWebflowConfigurer$$Lambda$892/0x0000000100f99840@51e913b3>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.pm.web.flow.PasswordManagementWebflowConfigurer$$Lambda$892/0x0000000100f99840@51e913b3; result = null>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'delegatedAuthenticationAction' of flow 'login'>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@7780b35 expression = delegatedAuthenticationAction, resultExpression = [null]]>

2020-09-07 18:47:30,885 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f>

2020-09-07 18:47:30,887 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Client identifier could not found as part of the request parameters. Looking at state for the OAuth2/Oidc client>

2020-09-07 18:47:30,888 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Located delegated client identifier for this request as [Optional[TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8]]>

2020-09-07 18:47:30,895 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Located delegated client identifier as [TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8]>

2020-09-07 18:47:30,898 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Removing delegated client identifier [TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8] from registry>

2020-09-07 18:47:30,904 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [TransientSessionTicketImpl(super=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8, service=null, properties={targetService=null, method=, service=null, theme=, locale=})] from the registry.>

2020-09-07 18:47:30,912 DEBUG [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <Delegated authentication client is [#GenericOAuth20Client# | name: a204264-CodesESSO_DevDomain | callbackUrl: https://mycompanydomain.com:8445/codesESSO/login | callbackUrlResolver: org.pac4j.core.http.callback.PathParameterCallbackUrlResolver@10eaf59b | ajaxRequestResolver: org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@283128c7 | redirectionActionBuilder: org.pac4j.oauth.redirect.OAuth20RedirectionActionBuilder@1a90d8b6 | credentialsExtractor: org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor@4e0ba4c6 | authenticator: org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator@4555b8e7 | profileCreator: org.pac4j.oauth.profile.creator.OAuth20ProfileCreator@6483d79a | configuration: #OAuth20Configuration# | key: dc-EzviE8N74pZ4EoQ8lZDLLX | secret: [protected] | tokenAsHeader: false | responseType: code | scope: null | api: org.pac4j.scribe.builder.api.GenericApi20@78caf6d4 | hasBeenCancelledFactory: org.pac4j.oauth.config.OAuthConfiguration$$Lambda$946/0x0000000100fe9c40@3674ffcb | profileDefinition: org.pac4j.oauth.profile.generic.GenericOAuth20ProfileDefinition@6b74509f | httpClientConfig: null | |] with service [null]>

2020-09-07 18:47:30,913 DEBUG [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <Fetching credentials from delegated client [#GenericOAuth20Client# | name: a204264-CodesESSO_DevDomain | callbackUrl: https://mycompanydomain.com:8445/codesESSO/login | callbackUrlResolver: org.pac4j.core.http.callback.PathParameterCallbackUrlResolver@10eaf59b | ajaxRequestResolver: org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@283128c7 | redirectionActionBuilder: org.pac4j.oauth.redirect.OAuth20RedirectionActionBuilder@1a90d8b6 | credentialsExtractor: org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor@4e0ba4c6 | authenticator: org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator@4555b8e7 | profileCreator: org.pac4j.oauth.profile.creator.OAuth20ProfileCreator@6483d79a | configuration: #OAuth20Configuration# | key: dc-EzviE8N74pZ4EoQ8lZDLLX | secret: [protected] | tokenAsHeader: false | responseType: code | scope: null | api: org.pac4j.scribe.builder.api.GenericApi20@78caf6d4 | hasBeenCancelledFactory: org.pac4j.oauth.config.OAuthConfiguration$$Lambda$946/0x0000000100fe9c40@3674ffcb | profileDefinition: org.pac4j.oauth.profile.generic.GenericOAuth20ProfileDefinition@6b74509f | httpClientConfig: null | |]>

2020-09-07 18:47:30,941 DEBUG [org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Updated ticket [TransientSessionTicketImpl(super=TST-dc0a2fe1-45b6-400e-84ff-8b3563ef0882, service=null, properties={})].>

2020-09-07 18:47:30,947 DEBUG [org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor] - <sessionState: TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8 / stateParameter: Optional[TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8]>

2020-09-07 18:47:30,947 DEBUG [org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor] - <code: Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse>

2020-09-07 18:47:30,947 DEBUG [org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator] - <code: Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse>

2020-09-07 18:47:43,647 WARN [org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry] - <[registry.json] does not match the recommended pattern [(\w+)-(\d+)\.json]. While CAS tries to be forgiving as much as possible, it's recommended that you rename the file to match the requested pattern to avoid issues with duplicate service loading. Future CAS versions may try to strictly force the naming syntax, refusing to load the file.>

2020-09-07 18:47:43,651 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^(https|http|imaps)://.*] with name [HTTPS and IMAPS] and internal identifier [10000001]>

2020-09-07 18:47:43,651 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>

2020-09-07 18:47:54,568 DEBUG [org.apereo.cas.ticket.registry.support.JpaLockingStrategy] - <[c892txdctool1] trying to acquire [cas-ticket-registry-cleaner] lock.>

2020-09-07 18:47:54,590 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Cleaning up expired ticket [TST-f8c798e3-dbd1-4a00-981a-f430b891b36a]>

2020-09-07 18:47:54,591 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [TransientSessionTicketImpl(super=TST-f8c798e3-dbd1-4a00-981a-f430b891b36a, service=null, properties={})] from the registry.>

2020-09-07 18:47:54,600 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[1] expired tickets removed.>

2020-09-07 18:47:54,601 DEBUG [org.apereo.cas.ticket.registry.support.JpaLockingStrategy] - <Releasing [cas-ticket-registry-cleaner] lock held by [c892txdctool1].>

2020-09-07 18:47:54,602 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.>

2020-09-07 18:48:43,656 WARN [org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry] - <[registry.json] does not match the recommended pattern [(\w+)-(\d+)\.json]. While CAS tries to be forgiving as much as possible, it's recommended that you rename the file to match the requested pattern to avoid issues with duplicate service loading. Future CAS versions may try to strictly force the naming syntax, refusing to load the file.>

2020-09-07 18:48:43,660 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^(https|http|imaps)://.*] with name [HTTPS and IMAPS] and internal identifier [10000001]>

2020-09-07 18:48:43,661 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>

2020-09-07 18:49:38,301 DEBUG [org.pac4j.oauth.client.GenericOAuth20Client] - <Credentials validation took: 127354 ms>

2020-09-07 18:49:38,302 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Attempting to handle [org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause [org.pac4j.core.exception.HttpCommunicationException: Error getting token:Connection timed out (Connection timed out)]>

2020-09-07 18:49:38,302 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Rethrowing unhandled flow execution exception>

2020-09-07 18:49:38,302 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception [org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] due to a type mismatch with handler [[FlowHandlerMapping.DefaultFlowHandler@5687bc9e]]>

2020-09-07 18:49:38,302 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception [org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] due to a type mismatch with handler [[FlowHandlerMapping.DefaultFlowHandler@5687bc9e]]>

2020-09-07 18:49:38,303 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Failed to complete request: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'>

2020-09-07 18:49:38,304 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.>

2020-09-07 18:49:38,304 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <SecurityContextHolder now cleared, as request processing completed>

2020-09-07 18:49:38,304 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]']>

org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]

at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]

at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]

at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]

at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar:2.2.0.RC1]

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at com.sun.proxy.$Proxy241.launchExecution(Unknown Source) ~[?:?]

at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) ~[servlet-api.jar:?]

at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[servlet-api.jar:?]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) ~[cas-server-core-web-api-6.1.7.jar:6.1.7]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:411) ~[cas-server-core-web-api-6.1.7.jar:6.1.7]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:216) ~[cas-server-core-web-api-6.1.7.jar:6.1.7]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:67) ~[cas-server-core-web-api-6.1.7.jar:6.1.7]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:128) ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE]

at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66) ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE]

at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:103) ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:121) ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108) ~[spring-boot-actuator-2.2.0.RELEASE.jar:2.2.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99) ~[cas-server-core-logging-6.1.7.jar:6.1.7]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.6.GA.jar:1.8.6.GA]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.12.1.jar:2.12.1]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:185) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[catalina.jar:9.0.12]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) ~[catalina.jar:9.0.12]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[catalina.jar:9.0.12]

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668) ~[catalina.jar:9.0.12]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[catalina.jar:9.0.12]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[catalina.jar:9.0.12]

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) ~[tomcat-coyote.jar:9.0.12]

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:9.0.12]

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770) ~[tomcat-coyote.jar:9.0.12]

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) ~[tomcat-coyote.jar:9.0.12]

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.12]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.12]

at java.lang.Thread.run(Thread.java:834) [?:?]

Caused by: org.pac4j.core.exception.HttpCommunicationException: Error getting token:Connection timed out (Connection timed out)

at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.retrieveAccessToken(OAuth20Authenticator.java:36) ~[pac4j-oauth-4.0.3.jar:?]

at org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:38) ~[pac4j-oauth-4.0.3.jar:?]

at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.validate(OAuth20Authenticator.java:20) ~[pac4j-oauth-4.0.3.jar:?]

at org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:20) ~[pac4j-oauth-4.0.3.jar:?]

at org.pac4j.core.client.BaseClient.lambda$retrieveCredentials$0(BaseClient.java:70) ~[pac4j-core-4.0.3.jar:?]

at java.util.Optional.ifPresent(Optional.java:183) ~[?:?]

at org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:67) ~[pac4j-core-4.0.3.jar:?]

at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:144) ~[pac4j-core-4.0.3.jar:?]

at org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.getCredentialsFromDelegatedClient(DelegatedClientAuthenticationAction.java:254) ~[cas-server-support-pac4j-webflow-6.1.7.jar:6.1.7]

at org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.populateContextWithClientCredential(DelegatedClientAuthenticationAction.java:240) ~[cas-server-support-pac4j-webflow-6.1.7.jar:6.1.7]

at org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.doExecute(DelegatedClientAuthenticationAction.java:213) ~[cas-server-support-pac4j-webflow-6.1.7.jar:6.1.7]

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

at jdk.internal.reflect.GeneratedMethodAccessor196.invoke(Unknown Source) ~[?:?]

at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]

at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]

at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar:2.2.0.RC1]

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE]

at com.sun.proxy.$Proxy228.execute(Unknown Source) ~[?:?]

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]

... 119 more

2020-09-07 18:49:38,308 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <"FORWARD" dispatch for GET "/codesESSO/error?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain", parameters={masked}>

2020-09-07 18:49:38,310 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)>

2020-09-07 18:49:38,432 DEBUG [org.springframework.web.servlet.view.ContentNegotiatingViewResolver] - <Selected 'text/html' given [text/html, text/html;q=0.8]>

Thanks

[Jérôme LELEU]

Hi,

During the authentication process, CAS via pac4j tries to directly contact the identity provider to retrieve the access token.

The "connection timeout" means that the identity provider is not directly reachable from the CAS server. Maybe a mismatch in the URL definition or a proxy setting on the CAS server.

Thanks.

Best regards,

Jérôme

 

[Joe Manavalan]

HiJerome,

It appears that the token server cannot be reached directly but has to go via a proxy.

Is there a property in cas to specify the proxy url and port ? or this has to be a network settings on the server ?

Thanks 

Joe

[Joe Manavalan]

Hi Jerome,

Are there any logs we can get to see the timed out request url?

btw I tried adding the proxy host and port as jvm arguments with the same connection timed out error.

Thanks

Joe

[Jérôme LELEU]

Hi,

You should turn on DEBUG logs on org.pac4j and com.github.scribejava.

Thanks.

Best regards,

Jérôme

[Joe Manavalan]

Unfortunately I did not get any additional logs from  either of the packages. 

[Jérôme LELEU]

Hi,

pac4j relies on ScribeJava to handle the OAuth protocol communications.

This library itself relies on an internal HTTP client for HTTP calls: by default, it's the JDKHttpClient.

And you can set a Proxy at this level. But this must be done programmatically.

You should put some breakpoint in the OAuth20Authenticator.

Thanks.

Best regards,

Jérôme

[Joe Manavalan]

Hi Jerome,

For some reason com.github.scribejava.core.httpclient.jdk.JDKHttpClient.java is not using the proxy from jvm arguments even though the arguments are reaching the class.

Finally when I explicitly use a proxy in the connection, everything works.  Do you think this is the right approach ? Or am I missing any properties which is causing the client not to use proxy ?

final Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxy", 80));

final HttpURLConnection connection = (HttpURLConnection) new URL(completeUrl).openConnection(proxy);

Thanks again for your tips. 

Joe

[Jérôme LELEU]

Hi,

In fact, I meant that you should set the Proxy in a specific JDKHttpClientConfig and instantiate a specific JDKHttpClient with that. Instead of using it directly for the HttpURLConnection.

This may not be possible though... I haven't tested it...

Thanks.

Best regards,

Jérôme

[Joe Manavalan]

Hi Jerome,

Where do we add custom jars in the project to be included in the build ? I am using cas overlay template 6.1, building war, and deploying in tomcat [not embedded tomcat]

Also how do we restrict specific version of jars being pulled in by Gradle build ?

After using custom JDKHttpClient with modified JDKHttpClientConfig using proxy, redirection issue [https to http ] was resolved with replace method in BaseDelegatedAuthenticationController 

[val url = httpUrl.replace("http", "https");]

So I need to use 2 custom jars 

cas-server-support-pac4j-webflow-6.1.7.jar

scribejava-core-6.9.0.jar

Thanks

Joe

Thanks

Joe

[Jérôme LELEU]

Hi,

Yes, you need to add additional JARs for that customization.

Thanks.

Best regards,

Jérôme

[Ray Bon]

Joe,

If you built those jars, you can install them to your company repo with gradle install.

You then include them like all the others in the dependencies section. Make sure you add your company repo to the repos section of build.gradle. (It may have to be first in the list.)

Ray

On Wed, 2020-09-16 at 22:22 -0700, Joe Manavalan wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

[Joe Manavalan]

Thanks Ray for the response.

I did create the jar and copied to the lib folder of the project. When the war gets deployed, my custom jar is deployed instead of the one pulled in.

Since I am only specifying the versions of CAS and PAC4J, I was not sure whether there is a possibility of a different version of cas-server-support-pac4j-webflow-?.jar or scribejava-core-?.jar being pulled in, in the future.

Thanks

joe