CAS 6.4 DelegatedAuthentication Loigout error
381 views
Skip to first unread message
Juan Manuel Díaz Nevado
Aug 25, 2021, 4:24:45 AM8/25/21
to CAS Community
hi,
I'm update from CAS 6.3 to 6.4 yesterday, not much changes in config and all work nice, but logout when user is auth through Azure oidc delegate auth show java exception:
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedAuthenticationClientLogoutAction@d827673 in state 'terminateSession' of flow 'logout' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at org.springframework.webflow.engine.ActionList.execute(ActionList.java:154)
at org.springframework.webflow.engine.State.enter(State.java:193)
at org.springframework.webflow.engine.Flow.start(Flow.java:527)
....
....
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.ClassCastException: class java.lang.String cannot be cast to class org.pac4j.core.profile.UserProfile (java.lang.String is in module java.base of loader 'bootstrap'; org.pac4j.core.profile.UserProfile is in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @25f38edc)
at org.pac4j.core.profile.ProfileManager.removeOrRenewExpiredProfiles(ProfileManager.java:90)
at org.pac4j.core.profile.ProfileManager.retrieveAll(ProfileManager.java:81)
at org.pac4j.core.profile.ProfileManager.getProfile(ProfileManager.java:48)
at org.apereo.cas.web.flow.DelegatedAuthenticationClientLogoutAction.findCurrentProfile(DelegatedAuthenticationClientLogoutAction.java:100)
at org.apereo.cas.web.flow.DelegatedAuthenticationClientLogoutAction.doPreExecute(DelegatedAuthenticationClientLogoutAction.java:49)
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:186)
at jdk.internal.reflect.GeneratedMethodAccessor149.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282)
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
at com.sun.proxy.$Proxy292.execute(Unknown Source)
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
... 92 more
Any thoughts are welcome, thx.
Juan Manuel Díaz Nevado
Aug 26, 2021, 6:31:38 AM8/26/21
to CAS Community, Juan Manuel Díaz Nevado
Hi, in my test i realize that there is some interaction with mongo registry tickets. When I set default tickets registry or now redis ticket registry there is no problem in logout, but mongo log is set in debug and no messages are displayed.
Maybe i need to put on debug some other module than mongo, I thoght that something is broken when somethis is search for user profile.
flo13270
Mar 29, 2023, 10:15:00 AM3/29/23
to CAS Community, jdne...@gmail.com
Hi,
We encounter a similar problem.
Migration from CAS 5.3 (with Redis) to CAS 6.6 (with Mongo) broke the logout of users authenticated through OIDC.
("class java.lang.String cannot be cast to class org.pac4j.core.profile.UserProfile")
Did you finally succeed in fixing it while still using Mongo?
We encounter a similar problem.
Migration from CAS 5.3 (with Redis) to CAS 6.6 (with Mongo) broke the logout of users authenticated through OIDC.
("class java.lang.String cannot be cast to class org.pac4j.core.profile.UserProfile")
Did you finally succeed in fixing it while still using Mongo?
Thanks,
Florian Nari,
Software developer at Paris 1 Panthéon-Sorbonne University
Juan Manuel Díaz Nevado
Mar 30, 2023, 12:05:28 PM3/30/23
to CAS Community, floria...@gmail.com, Juan Manuel Díaz Nevado
hi,
nope, we continue using redis for tickets registry and move to cas 6.6 now, but not try again with mongo due to we are happy with redis performance.
Cheers.
Pablo Vidaurri
Apr 18, 2024, 12:43:45 AM4/18/24
to CAS Community, flo13270, jdne...@gmail.com
Did you get around this issue. Facing the same problem with Azure AD delegation but I'm using Postgres not Mongo.
Looks like perhaps when user profile is being saved to the session it may end up getting encrypted. On the saveAll, I see user profile in logs as plain text. But when reading user profile from session, debugger looks like it is trying to cast an encrypted string to a UserProfile object.
-psv
flo13270
Apr 25, 2024, 7:08:58 AM4/25/24
to CAS Community, Pablo Vidaurri, flo13270, jdne...@gmail.com
Hello,
Yes, I solved the problem by modifying the file support/cas-server-support-pac4j-core-clients/src/main/java/org/apereo/cas/support/pac4j/serialization/DelegatedClientJacksonModule.java
Hope it works for you too
Yes, I solved the problem by modifying the file support/cas-server-support-pac4j-core-clients/src/main/java/org/apereo/cas/support/pac4j/serialization/DelegatedClientJacksonModule.java
Hope it works for you too
Pablo Vidaurri
Apr 26, 2024, 2:53:33 PM4/26/24
to CAS Community, flo13270, Pablo Vidaurri, jdne...@gmail.com
Thank you for the link. I have reviewed, made slight modification to use AzureAdProfile.class instead of OidcProfile.class.
So far looking much better.
I appreciate the assist!
-psv
Reply all
Reply to author
Forward
0 new messages