Error - Can't Determine SAML Request
193 views
Skip to first unread message
Jeremiah Garmatter
Jun 2, 2021, 10:04:02 AM6/2/21
to CAS Community
Hello,
I recently upgraded from CAS 6.2.1 to 6.3.2. I am using the embedded Tomcat server with this version. Occasionally, when users try to sign on to specific Service Providers I see this error :
ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas] threw exception [Request processing failed; nested exception is java.lang.IllegalArgumentException: SAML request could not be determined from the authentication request] with root cause>
Sometimes this occurs just after the "SERVICE_TICKET_CREATED" event and other times after the "SAML2_RESPONSE_CREATED" event.
A few users reported 500 errors on the CAS server after entering their credentials. They would try to access gmail, redirect to the CAS server, enter proper credentials, enter proper MFA prompt, and then see the 500 error page instead of redirecting back to their gmail.
One user sent me the error dump after this happened:
java.lang.IllegalArgumentException: SAML request could not be determined from the authentication request
at org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController.retrieveSamlAuthenticationRequestFromHttpRequest(AbstractSamlIdPProfileHandlerController.java:155)
at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlIdPProfileCallbackHandlerController.java:88)
at jdk.internal.reflect.GeneratedMethodAccessor341.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282)
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$81ad9b89.handleCallbackProfileRequest(<generated>)
at jdk.internal.reflect.GeneratedMethodAccessor341.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:878)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:792)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:64)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:887)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Has anyone seen this error before or have any advice to troubleshoot? Most users can sign into the affected services without any issues but a few saw this error.
Jeremiah Garmatter
Jun 3, 2021, 11:39:29 AM6/3/21
to CAS Community, Jeremiah Garmatter
I should've specified that I am using the SAML1.0 and SAML2.0 CAS 6.3.2 gradle implementations. It seems like other SAML2.0 services are also having trouble. I've seen errors with SLO null pointers:
2021-06-03 11:16:29,550 ERROR [org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler] - <NullPointerException>
java.lang.NullPointerException: null
at org.apereo.cas.support.saml.SamlIdPUtils.determineEndpointForRequest(SamlIdPUtils.java:119) ~[cas-server-support-saml-idp-core-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.SamlIdPUtils.preparePeerEntitySamlEndpointContext(SamlIdPUtils.java:79) ~[cas-server-support-saml-idp-core-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner.prepareOutboundContext(SamlIdPObjectSigner.java:187) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner.encode(SamlIdPObjectSigner.java:102) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor413.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner$$EnhancerBySpringCGLIB$$df995580.encode(<generated>) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPProfileSingleLogoutMessageCreator.create(SamlIdPProfileSingleLogoutMessageCreator.java:120) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor446.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at com.sun.proxy.$Proxy257.create(Unknown Source) ~[?:?]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.createSingleLogoutMessage(BaseSingleLogoutServiceMessageHandler.java:104) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.performBackChannelLogout(BaseSingleLogoutServiceMessageHandler.java:94) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.createLogoutRequest(BaseSingleLogoutServiceMessageHandler.java:171) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.lambda$createLogoutRequests$0(BaseSingleLogoutServiceMessageHandler.java:138) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.createLogoutRequests(BaseSingleLogoutServiceMessageHandler.java:140) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.handle(BaseSingleLogoutServiceMessageHandler.java:74) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.DefaultLogoutManager.lambda$performLogoutForTicket$4(DefaultLogoutManager.java:73) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
at org.apereo.cas.logout.DefaultLogoutManager.lambda$performLogoutForTicket$5(DefaultLogoutManager.java:77) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
at org.apereo.cas.logout.DefaultLogoutManager.performLogoutForTicket(DefaultLogoutManager.java:79) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.DefaultLogoutManager.performLogout(DefaultLogoutManager.java:43) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor387.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at com.sun.proxy.$Proxy228.performLogout(Unknown Source) ~[?:?]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.cleanTicket(DefaultTicketRegistryCleaner.java:64) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$4$1.accept(ReferencePipeline.java:212) ~[?:?]
java.lang.NullPointerException: null
at org.apereo.cas.support.saml.SamlIdPUtils.determineEndpointForRequest(SamlIdPUtils.java:119) ~[cas-server-support-saml-idp-core-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.SamlIdPUtils.preparePeerEntitySamlEndpointContext(SamlIdPUtils.java:79) ~[cas-server-support-saml-idp-core-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner.prepareOutboundContext(SamlIdPObjectSigner.java:187) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner.encode(SamlIdPObjectSigner.java:102) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor413.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner$$EnhancerBySpringCGLIB$$df995580.encode(<generated>) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPProfileSingleLogoutMessageCreator.create(SamlIdPProfileSingleLogoutMessageCreator.java:120) ~[cas-server-support-saml-idp-web-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor446.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at com.sun.proxy.$Proxy257.create(Unknown Source) ~[?:?]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.createSingleLogoutMessage(BaseSingleLogoutServiceMessageHandler.java:104) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.performBackChannelLogout(BaseSingleLogoutServiceMessageHandler.java:94) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.createLogoutRequest(BaseSingleLogoutServiceMessageHandler.java:171) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.lambda$createLogoutRequests$0(BaseSingleLogoutServiceMessageHandler.java:138) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.createLogoutRequests(BaseSingleLogoutServiceMessageHandler.java:140) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler.handle(BaseSingleLogoutServiceMessageHandler.java:74) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.DefaultLogoutManager.lambda$performLogoutForTicket$4(DefaultLogoutManager.java:73) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
at org.apereo.cas.logout.DefaultLogoutManager.lambda$performLogoutForTicket$5(DefaultLogoutManager.java:77) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
at org.apereo.cas.logout.DefaultLogoutManager.performLogoutForTicket(DefaultLogoutManager.java:79) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.logout.DefaultLogoutManager.performLogout(DefaultLogoutManager.java:43) ~[cas-server-core-logout-api-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor387.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at com.sun.proxy.$Proxy228.performLogout(Unknown Source) ~[?:?]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.cleanTicket(DefaultTicketRegistryCleaner.java:64) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at java.util.stream.ReferencePipeline$4$1.accept(ReferencePipeline.java:212) ~[?:?]
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.Iterator.forEachRemaining(Iterator.java:133) ~[?:?]
at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801) ~[?:?]
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658) ~[?:?]
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:274) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.IntPipeline.reduce(IntPipeline.java:491) ~[?:?]
at java.util.stream.IntPipeline.sum(IntPipeline.java:449) ~[?:?]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.cleanInternal(DefaultTicketRegistryCleaner.java:81) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean(DefaultTicketRegistryCleaner.java:49) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner$$FastClassBySpringCGLIB$$29f046b2.invoke(<generated>) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:367) ~[spring-tx-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:118) ~[spring-tx-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner$$EnhancerBySpringCGLIB$$2d08512.clean(<generated>) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.config.CasCoreTicketsSchedulingConfiguration$TicketRegistryCleanerScheduler.run(CasCoreTicketsSchedulingConfiguration.java:102) ~[cas-server-core-tickets-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor423.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84) ~[spring-context-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.Iterator.forEachRemaining(Iterator.java:133) ~[?:?]
at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801) ~[?:?]
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658) ~[?:?]
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:274) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.util.stream.IntPipeline.reduce(IntPipeline.java:491) ~[?:?]
at java.util.stream.IntPipeline.sum(IntPipeline.java:449) ~[?:?]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.cleanInternal(DefaultTicketRegistryCleaner.java:81) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean(DefaultTicketRegistryCleaner.java:49) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner$$FastClassBySpringCGLIB$$29f046b2.invoke(<generated>) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:367) ~[spring-tx-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:118) ~[spring-tx-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner$$EnhancerBySpringCGLIB$$2d08512.clean(<generated>) ~[cas-server-core-tickets-api-6.3.2.jar!/:6.3.2]
at org.apereo.cas.config.CasCoreTicketsSchedulingConfiguration$TicketRegistryCleanerScheduler.run(CasCoreTicketsSchedulingConfiguration.java:102) ~[cas-server-core-tickets-6.3.2.jar!/:6.3.2]
at jdk.internal.reflect.GeneratedMethodAccessor423.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84) ~[spring-context-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
2021-06-03 11:16:29,550 WARN [org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler] - <Logout message is not sent to [AbstractWebApplicationService(id=<serviceID>, originalUrl=<original url>, artifactId=null, principal=<username>, source=service, loggedOutAlready=false, format=XML, attributes={entityId=[<entity ID>]})]; Continuing processing...>
On that last line, I've removed the entries and replaced them with <some variable>. The proper values are shown in actuality.
Jeremiah Garmatter
Jun 15, 2021, 4:57:48 PM6/15/21
to CAS Community
Update: I've patched my CAS deployment to 6.3.4. I still see 500 errors in the tomcat access logs with "SAML request could not be determined from the authentication request" in the CAS logs at corresponding times.
These are SP-initiated logins, a user visits the SP, redirects to my login server, logs in successfully, then gets the 500 error instead of redirecting back to the SP.
This always seems to appear after the "SERVICE_TICKET_CREATED" action in my log.
I tried removing the SAML2Callback service from my service registry and no difference was made. I'm guessing that service is no longer needed?
I can not reproduce this error, but I see a few hundred of them logged a day, which worries me. Does anyone have insight into this issue?
Ray Bon
Jun 15, 2021, 5:34:54 PM6/15/21
to cas-...@apereo.org
Jeremiah,
When cas responds to a service with a protocol other than CAS protocol, it self validates the service ticket, then creates the SAML (or whatever protocol) response.
Since you are seeing ticket created but not ticket validated, the hang up may be in the internal redirect.
I am about to begin debugging a 500 with oauth2 protocol. With one cas server, it all works as expected; with 2 servers (in round robin) it validates the ST twice. Of course the second validation fails and cas throws the 500. This may be what you are experiencing.
Try turning up debugging on your cas server(s).
Ray
On Tue, 2021-06-15 at 13:57 -0700, Jeremiah Garmatter wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Jeremiah Garmatter
Jun 18, 2021, 10:54:51 AM6/18/21
to CAS Community, Ray Bon
Thanks Ray,
I found a way to replicate the error, here's the process: Visit a SAML SP, get
redirected to CAS, then wait a few minutes instead of logging in
immediately. After logging in, CAS will report the error from my first email in this chain, "SAML request could not be determined from the authentication request". This happens every time on every SAML SP I have configured (~25 total).
This error has something to do with Tomcat's setup. I used the embedded tomcat server with the newer version of CAS and got this error. So I tried using an external instance set up with David Curry's guide: https://dacurry-tns.github.io/deploying-apereo-cas/setup_tomcat_overview.html
After deploying the exploded CAS war file into the external tomcat instance, I tried to get the SAML error again, but could not. I even left my computer overnight with a browser open to CAS and could sign in, no problems, the next day.
ds n
Dec 8, 2021, 12:43:26 AM12/8/21
to CAS Community, j-gar...@onu.edu, Ray Bon
Hi,
We too were getting a similar error ( using Embedded Tomcat container).
We were able to increase the timeout value by adding the settings mentioned in the post - https://fawnoos.com/2021/08/11/cas63x-saml2-idp-httpsession/
The setting specified for Embedded Tomcat container is :
server.servlet.session.timeout=PT300S
Currently , in our case we have set it to 10 minutes; so the error occurs only after the specified time.
Hope this information helps someone.
Regards,
DSN
Reply all
Reply to author
Forward
0 new messages