Null pointer exception when configuring SAML2 IdP SSO but no MDUI extension
810 views
Skip to first unread message
mggardiner
Aug 14, 2017, 3:28:40 PM8/14/17
to CAS Community
I'm trying to configure the Apereo CAS Server 5.1.3 overlay template as a SAML 2 IdP using the Spring Security Sample application as the service provider.  When I authenticate to the CAS Server directly as a first step using casuser/Mellon credentials and then try to view the Spring Security Sample application as a second step I am able to successfully view the http://localhost:8080/spring-security-saml2-sample/ page that contains the following SAML2 assertion.
<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_1739942533610501230"
IssueInstant="2017-08-14T19:06:52.776Z" Version="2.0">
<saml2:Issuer>https://localhost:8443/cas/idp</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">casuser</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="a286ag342g5g95ea4d8j337je761je0"
NotOnOrAfter="2017-08-14T19:06:52.743Z"
Recipient="http://localhost:8080/spring-security-saml2-sample/saml/SSO"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2017-08-14T19:06:52.809Z" NotOnOrAfter="2017-08-14T19:06:52.809Z">
<saml2:AudienceRestriction>
<saml2:Audience>urn:test:mike:lehi</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2017-08-14T19:06:52.743Z" SessionIndex="_6040290832667287094">
<saml2:SubjectLocality Address="urn:test:mike:lehi"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute FriendlyName="samlAuthenticationStatementAuthMethod"
Name="samlAuthenticationStatementAuthMethod">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
urn:oasis:names:tc:SAML:1.0:am:password
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="longTermAuthenticationRequestTokenUsed"
Name="longTermAuthenticationRequestTokenUsed">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">false
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="isFromNewLogin" Name="isFromNewLogin">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">false
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="authenticationDate" Name="authenticationDate">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
2017-08-14T13:06:50.765-06:00[America/Denver]
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="authenticationMethod" Name="authenticationMethod">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
AcceptUsersAuthenticationHandler
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="successfulAuthenticationHandlers" Name="successfulAuthenticationHandlers">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
AcceptUsersAuthenticationHandler
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
However; If I try to view the service provider page first without first being authenticated I get the following NullPointerException in the Apereo CAS Server 5.1.3 console.
2017-08-14 12:55:49,790 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'viewLoginForm' of flow 'login'] with root cause>
java.lang.NullPointerException: null
at org.apereo.cas.support.saml.mdui.SamlMetadataUIInfo.getDisplayName(SamlMetadataUIInfo.java:161) ~[cas-server-support-saml-mdui-core-5.1.3.jar!/:5.1.3]
at org.apereo.cas.support.saml.mdui.SamlMetadataUIInfo.getDisplayName(SamlMetadataUIInfo.java:167) ~[cas-server-support-saml-mdui-core-5.1.3.jar!/:5.1.3]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_144]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_144]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_144]
at org.springframework.expression.spel.support.ReflectivePropertyAccessor$OptimalPropertyAccessor.read(ReflectivePropertyAccessor.java:636) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:211) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:94) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.expression.spel.ast.PropertyOrFieldReference.access$000(PropertyOrFieldReference.java:46) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.expression.spel.ast.PropertyOrFieldReference$AccessorLValue.getValue(PropertyOrFieldReference.java:375) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:120) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:267) ~[spring-expression-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.thymeleaf.spring4.expression.SPELVariableExpressionEvaluator.evaluate(SPELVariableExpressionEvaluator.java:263) ~[thymeleaf-spring4-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.standard.expression.VariableExpression.executeVariableExpression(VariableExpression.java:165) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.standard.expression.SimpleExpression.executeSimple(SimpleExpression.java:66) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.standard.expression.Expression.execute(Expression.java:109) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.standard.expression.Expression.execute(Expression.java:138) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.standard.expression.Expression.execute(Expression.java:125) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.standard.processor.AbstractStandardExpressionAttributeTagProcessor.doProcess(AbstractStandardExpressionAttributeTagProcessor.java:82) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.processor.element.AbstractAttributeTagProcessor.doProcess(AbstractAttributeTagProcessor.java:74) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.processor.element.AbstractElementTagProcessor.process(AbstractElementTagProcessor.java:95) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.util.ProcessorConfigurationUtils$ElementTagProcessorWrapper.process(ProcessorConfigurationUtils.java:633) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.ProcessorTemplateHandler.handleStandaloneElement(ProcessorTemplateHandler.java:918) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.StandaloneElementTag.beHandled(StandaloneElementTag.java:228) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.ProcessorTemplateHandler.handleStandaloneElement(ProcessorTemplateHandler.java:1204) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.StandaloneElementTag.beHandled(StandaloneElementTag.java:228) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.ProcessorTemplateHandler.handleOpenElement(ProcessorTemplateHandler.java:1587) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.OpenElementTag.beHandled(OpenElementTag.java:205) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.ProcessorTemplateHandler.handleOpenElement(ProcessorTemplateHandler.java:1587) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.OpenElementTag.beHandled(OpenElementTag.java:205) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.Model.process(Model.java:290) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.GatheringModelProcessable.process(GatheringModelProcessable.java:78) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.ProcessorTemplateHandler.handleCloseElement(ProcessorTemplateHandler.java:1640) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.CloseElementTag.beHandled(CloseElementTag.java:139) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.TemplateModel.process(TemplateModel.java:136) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.engine.TemplateManager.parseAndProcess(TemplateManager.java:592) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1098) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1072) ~[thymeleaf-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.spring4.view.ThymeleafView.renderFragment(ThymeleafView.java:335) ~[thymeleaf-spring4-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.thymeleaf.spring4.view.ThymeleafView.render(ThymeleafView.java:189) ~[thymeleaf-spring4-3.0.5.RELEASE.jar!/:3.0.5.RELEASE]
at org.springframework.webflow.mvc.servlet.ServletMvcView.doRender(ServletMvcView.java:55) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.mvc.view.AbstractMvcView.render(AbstractMvcView.java:196) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.ViewState.render(ViewState.java:293) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:185) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_144]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_144]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_144]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) ~[spring-aop-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at com.sun.proxy.$Proxy145.launchExecution(Unknown Source) ~[?:?]
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:263) ~[spring-webflow-2.4.4.RELEASE.jar!/:2.4.4.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) ~[spring-webmvc-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) ~[spring-webmvc-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) ~[javax.servlet-api-3.1.0.jar!/:3.1.0]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[javax.servlet-api-3.1.0.jar!/:3.1.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-embed-websocket-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28) ~[cas-server-core-web-5.1.3.jar!/:5.1.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) ~[cas-server-security-filter-2.0.6.jar!/:2.0.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238) ~[cas-server-security-filter-2.0.6.jar!/:2.0.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110) ~[spring-boot-actuator-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:90) ~[cas-server-core-logging-5.1.3.jar!/:5.1.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) ~[spring-boot-actuator-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:64) ~[inspektr-common-1.7.GA.jar!/:1.7.GA]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:639) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_144]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_144]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-8.5.19.jar!/:8.5.19]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144]
My CAS Server settings are as follows:
cas.properties
cas.server.name=https://localhost:8443
cas.server.prefix=https://localhost:8443/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config=file:/etc/cas/config/log4j2.xml
logging.level.org.apereo.cas=DEBUG
#cas.serviceRegistry.config.location=classpath:/services
cas.serviceRegistry.config.location=file:/etc/cas/config/services
cas.serviceRegistry.initFromJson=false
cas.tgc.encryptionKey=n-mjo3eRBKS2D1bN-9LfyrAKs97qaVDS1qm_QnXjXSk
cas.tgc.signingKey=pf7scXUAk-l6FmwWDVzOONH-Is8RU1OLIcGlTdTPJL_hYQvYz8zhwzOiLQQZE6I-sbJbiyNL7WP5jq9UkvxN7w
cas.webflow.signing.key=73eYssgawTHjAjkH_4uaEw4wUdaXD3M1lsPoqk50lpdpr_tu0XtLKLZmS_0DIJcZ_dU99nuXX7EaG9OBHQN1JA
cas.webflow.encryption.key=qblhBvdquHNqGjkw
management.contextPath=/status
management.security.enabled=false
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
endpoints.restart.enabled=false
endpoints.shutdown.enabled=false
endpoints.autoconfig.enabled=true
endpoints.beans.enabled=true
endpoints.bus.enabled=true
endpoints.configprops.enabled=true
endpoints.dump.enabled=true
endpoints.env.enabled=true
endpoints.health.enabled=true
endpoints.features.enabled=true
endpoints.info.enabled=true
endpoints.loggers.enabled=true
endpoints.logfile.enabled=true
endpoints.trace.enabled=true
endpoints.docs.enabled=false
endpoints.heapdump.enabled=true
cas.adminPagesSecurity.loginUrl=https://localhost:8443/cas/login
cas.adminPagesSecurity.service=https://localhost:8443/cas/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=false
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
# SAML 2 IdP Configuration
cas.authn.samlIdp.entityId=https://localhost:8443/cas/idp
cas.authn.samlIdp.hostName=localhost
cas.authn.samlIdp.scope=localhost
cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
cas.authn.samlIdp.metadata.failFast=true
#cas.authn.samlIdp.metadata.location=/etc/cas/saml
cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
cas.authn.samlIdp.metadata.requireValidMetadata=true
cas.authn.samlIdp.response.skewAllowance=0
cas.authn.samlIdp.response.signError=false
cas.authn.samlIdp.response.useAttributeFriendlyName=true
/etc/cas/config/services/SAMLService-1000000.json
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "urn:test:mike:lehi",
"name" : "SAMLService",
"id" : 10000003,
"description" : "SAML2 Spring Security integration test",
"evaluationOrder" : 10,
"metadataLocation" : "http://localhost:8080/spring-security-saml2-sample/saml/metadata"
}
pom.xml
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml-idp</artifactId>
<version>${cas.version}</version>
</dependency>
</dependencies>
The Spring Security SAML2 Sample has the following configuration following the instructions at http://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-quick-start.html
securityContext.xml
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<!-- Enable auto-wiring -->
<context:annotation-config/>
<!-- Scan for auto-wiring classes in spring saml packages -->
<context:component-scan base-package="org.springframework.security.saml"/>
<!-- Unsecured pages -->
<security:http security="none" pattern="/favicon.ico"/>
<security:http security="none" pattern="/images/**"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/logout.jsp"/>
<!-- Security for the administration UI -->
<security:http pattern="/saml/web/**" use-expressions="false">
<security:access-denied-handler error-page="/saml/web/metadata/login"/>
<security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
<security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>
<!-- Secured pages with SAML as entry point -->
<security:http entry-point-ref="samlEntryPoint" use-expressions="false">
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
<!-- Filters for processing of SAML messages -->
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
<security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
<security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
</security:filter-chain-map>
</bean>
<!-- Handler deciding where to redirect user after successful login -->
<bean id="successRedirectHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
<!--
Use the following for interpreting RelayState coming from unsolicited response as redirect URL:
<bean id="successRedirectHandler" class="org.springframework.security.saml.SAMLRelayStateSuccessHandler">
<property name="defaultTargetUrl" value="/" />
</bean>
-->
<!-- Handler deciding where to redirect user after failed login -->
<bean id="failureRedirectHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="useForward" value="true"/>
<property name="defaultFailureUrl" value="/error.jsp"/>
</bean>
<!-- Handler for successful logout -->
<bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/logout.jsp"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<!-- Register authentication manager for SAML provider -->
<security:authentication-provider ref="samlAuthenticationProvider"/>
<!-- Register authentication manager for administration UI -->
<security:authentication-provider>
<security:user-service id="adminInterfaceService">
<security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<!-- Logger for SAML messages and events -->
<bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger"/>
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks"/>
<constructor-arg type="java.lang.String" value="nalle123"/>
<constructor-arg>
<map>
<entry key="apollo" value="nalle123"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="apollo"/>
</bean>
<!-- Entry point to initialize authentication, default values taken from properties file -->
<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
<property name="defaultProfileOptions">
<bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
<property name="includeScoping" value="false"/>
</bean>
</property>
</bean>
<!-- IDP Discovery Service -->
<bean id="samlIDPDiscovery" class="org.springframework.security.saml.SAMLDiscovery">
<property name="idpSelectionPath" value="/WEB-INF/security/idpSelection.jsp"/>
</bean>
<!-- Filter automatically generates default SP metadata -->
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="urn:test:mike:lehi"/>
<property name="extendedMetadata">
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="signMetadata" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
<!-- Configure HTTP Client to accept certificates from the keystore for HTTPS verification -->
<!--
<bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer">
<property name="sslHostnameVerification" value="default"/>
</bean>
-->
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<!-- Example of classpath metadata with Extended Metadata -->
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata/idp.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
</bean>
</constructor-arg>
</bean>
<!-- Example of HTTP metadata without Extended Metadata -->
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<!-- URL containing the metadata -->
<constructor-arg>
<value type="java.lang.String">https://localhost:8443/cas/idp/metadata</value>
</constructor-arg>
<!-- Timeout for metadata loading in ms -->
<constructor-arg>
<value type="int">15000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
<!-- Example of file system metadata without Extended Metadata -->
<!--
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">/usr/local/metadata/idp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
-->
</list>
</constructor-arg>
<!-- OPTIONAL used when one of the metadata files contains information about this service provider -->
<!-- <property name="hostedSPName" value=""/> -->
<!-- OPTIONAL property: can tell the system which IDP should be used for authenticating user by default. -->
<!-- <property name="defaultIDP" value="http://localhost:8080/opensso"/> -->
</bean>
<!-- SAML Authentication Provider responsible for validating of received SAML messages -->
<bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
<!-- OPTIONAL property: can be used to store/load user data after login -->
<!--
<property name="userDetails" ref="bean" />
-->
</bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl"/>
<!-- Processing filter for WebSSO profile messages -->
<bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
<property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
</bean>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter" class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
<property name="authenticationFailureHandler" ref="failureRedirectHandler"/>
</bean>
<!-- Logout handler terminating local session -->
<bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="false"/>
</bean>
<!-- Override default logout processing filter with the one processing SAML messages -->
<bean id="samlLogoutFilter" class="org.springframework.security.saml.SAMLLogoutFilter">
<constructor-arg index="0" ref="successLogoutHandler"/>
<constructor-arg index="1" ref="logoutHandler"/>
<constructor-arg index="2" ref="logoutHandler"/>
</bean>
<!-- Filter processing incoming logout messages -->
<!-- First argument determines URL user will be redirected to after successful global logout -->
<bean id="samlLogoutProcessingFilter" class="org.springframework.security.saml.SAMLLogoutProcessingFilter">
<constructor-arg index="0" ref="successLogoutHandler"/>
<constructor-arg index="1" ref="logoutHandler"/>
</bean>
<!-- Class loading incoming SAML messages from httpRequest stream -->
<bean id="processor" class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg>
<list>
<ref bean="redirectBinding"/>
<ref bean="postBinding"/>
<ref bean="artifactBinding"/>
<ref bean="soapBinding"/>
<ref bean="paosBinding"/>
</list>
</constructor-arg>
</bean>
<!-- SAML 2.0 WebSSO Assertion Consumer -->
<bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl"/>
<!-- SAML 2.0 Holder-of-Key WebSSO Assertion Consumer -->
<bean id="hokWebSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>
<!-- SAML 2.0 Web SSO profile -->
<bean id="webSSOprofile" class="org.springframework.security.saml.websso.WebSSOProfileImpl"/>
<!-- SAML 2.0 Holder-of-Key Web SSO profile -->
<bean id="hokWebSSOProfile" class="org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl"/>
<!-- SAML 2.0 ECP profile -->
<bean id="ecpprofile" class="org.springframework.security.saml.websso.WebSSOProfileECPImpl"/>
<!-- SAML 2.0 Logout Profile -->
<bean id="logoutprofile" class="org.springframework.security.saml.websso.SingleLogoutProfileImpl"/>
<!-- Bindings, encoders and decoders used for creating and parsing messages -->
<bean id="postBinding" class="org.springframework.security.saml.processor.HTTPPostBinding">
<constructor-arg ref="parserPool"/>
<constructor-arg ref="velocityEngine"/>
</bean>
<bean id="redirectBinding" class="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding">
<constructor-arg ref="parserPool"/>
</bean>
<bean id="artifactBinding" class="org.springframework.security.saml.processor.HTTPArtifactBinding">
<constructor-arg ref="parserPool"/>
<constructor-arg ref="velocityEngine"/>
<constructor-arg>
<bean class="org.springframework.security.saml.websso.ArtifactResolutionProfileImpl">
<constructor-arg>
<bean class="org.apache.commons.httpclient.HttpClient">
<constructor-arg>
<bean class="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
</constructor-arg>
</bean>
</constructor-arg>
<property name="processor">
<bean class="org.springframework.security.saml.processor.SAMLProcessorImpl">
<constructor-arg ref="soapBinding"/>
</bean>
</property>
</bean>
</constructor-arg>
</bean>
<bean id="soapBinding" class="org.springframework.security.saml.processor.HTTPSOAP11Binding">
<constructor-arg ref="parserPool"/>
</bean>
<bean id="paosBinding" class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
<constructor-arg ref="parserPool"/>
</bean>
<!-- Initialization of OpenSAML library-->
<bean class="org.springframework.security.saml.SAMLBootstrap"/>
<!-- Initialization of the velocity engine -->
<bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine"/>
<!--
XML parser pool needed for OpenSAML parsing
WARNING: If customizing a ParserPool implementation See https://shibboleth.net/community/advisories/secadv_20131213.txt
Specifically the following should be explicitly set to avoid exploits:
1) set pool property 'expandEntityReferences' to 'false'
2) set feature 'javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING' to true
3) set feature 'http://apache.org/xml/features/disallow-doctype-decl' to true. This is a Xerces-specific feature,
including derivatives such as the internal JAXP implementations supplied with the Oracle and OpenJDK JREs. For
other JAXP implementations, consult the documentation for the implementation for guidance on how to achieve a
similar configuration.
-->
<bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" init-method="initialize"/>
<bean id="parserPoolHolder" class="org.springframework.security.saml.parser.ParserPoolHolder"/>
</beans>So my question are:1. Is there a bug causing this Null Pointer Exception when configuring the Apereo Server to act as a SAML2 IdP but the Service Provider doesn't have the MDUI section in the request?2. Where should the MDUI extension be configured (CAS server side or Spring Security Side)?Any help here would be greatly appreciated.Thanks.-Mike-
dkopy...@unicon.net
Aug 14, 2017, 3:44:31 PM8/14/17
to CAS Community
The MDUI NPE bug has been fixed in the master. Try 5.2.0 SNAPSHOT
D.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3da57fbd-f2ec-4c37-82b0-da51605ed6cc%40apereo.org.
mggardiner
Aug 14, 2017, 7:03:27 PM8/14/17
to CAS Community, dkopy...@unicon.net
Trying against 5.2.0-RC3-SNAPSHOT it builds fine but I get the following runtime error:
Caused by: java.lang.ClassNotFoundException: org.apereo.cas.web.flow.DefaultWebflowConfigurer
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:94)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
mggardiner
Aug 14, 2017, 7:07:19 PM8/14/17
to CAS Community, dkopy...@unicon.net
Update on the exception.  It looks like DefaultWebflowConfigurer has moved to a different package (org.apereo.cas.web.flow.configurer instead of org.apereo.cas.web.flow) so something is still referencing the old package.
dkopy...@unicon.net
Aug 14, 2017, 7:09:17 PM8/14/17
to mggardiner, CAS Community
I'll give it a debugging shot tomorrow.
Cheers,
D.
This email has been scanned for spam and viruses by Proofpoint Essentials. Click here to report this email as spam.
Ng Sek Long
Aug 14, 2017, 11:10:28 PM8/14/17
to CAS Community
I used to have this type of exception, seems to relate to thymeleaf framework in the cas default login page not able to display some of the name variable in "fragments/serviceui".
Last time I fixed this I just remove the part in the cas default login page which contains the display name (I know this is not an elegant solution, but it works for me).
If the display name is not important in your application (for example, you don't need to display the SAML name to your user), then you might try to delete this until you find a better solution:
casLoginView.html:
Last time I fixed this I just remove the part in the cas default login page which contains the display name (I know this is not an elegant solution, but it works for me).
If the display name is not important in your application (for example, you don't need to display the SAML name to your user), then you might try to delete this until you find a better solution:
casLoginView.html:
        <div th:replace="fragments/insecure"/>
        <div th:replace="fragments/defaultauthn"/>
        <div th:replace="fragments/cookies"/>
        <!-- The below div contains the display name -->
        <!-- The below div contains the display name -->
        <!--  <div th:replace="fragments/serviceui"/> -->
        <div th:replace="fragments/cas-resources-list" />
        <div th:replace="fragments/loginProviders" />
...
Reply all
Reply to author
Forward
0 new messages