ERROR CAS 6.1 SAML IDP GOOGLE
82 views
Skip to first unread message
Muhammad Ikhsan
Jul 27, 2023, 3:38:20 AM7/27/23
to CAS Community
i have an error implementing cas 6.1 as saml idp for google. please help me to tell what should i do
Config:
cas.authn.saml-idp.entity-id=https://cas.example.com/idp
Build.gradle:
// Other CAS dependencies/modules may be listed here...
implementation "org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
// compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jpa-service-registry:${project.'cas.version'}"
compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
// compile "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}"
// implementation "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"
// implementation "org.apereo.cas:cas-server-support-saml-idp-metadata:${project.'cas.version'}"
// implementation "org.apereo.cas:cas-server-support-saml-idp-web:${project.'cas.version'}"
// implementation "org.apereo.cas:cas-server-support-saml-idp-core:${project.'cas.version'}"
// implementation "org.apereo.cas:cas-server-support-saml-googleapps:${project.'cas.version'}"
Error:
27-Jul-2023 09:37:27.526 SEVERE [main] org.apache.catalina.startup.HostConfig.deployWAR Error deploying web application archive [C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\cas.war]
java.lang.IllegalStateException: Error starting child
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:729)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:698)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:696)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1023)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1910)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:824)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1617)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:318)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:943)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:835)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1393)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1383)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:265)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:430)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Catalina.start(Catalina.java:772)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas]]
at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:726)
... 37 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdPObjectSignatureValidator' defined in class path resource [org/apereo/cas/config/SamlIdPEndpointsConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator]: Factory method 'samlIdPObjectSignatureValidator' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdPMetadataGenerator' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method 'samlIdPMetadataGenerator' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception is java.net.MalformedURLException: no protocol: login.unila.ac.id/cas
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:645)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:475)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:879)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:878)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:152)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:132)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:92)
at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:172)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5211)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
... 38 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator]: Factory method 'samlIdPObjectSignatureValidator' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdPMetadataGenerator' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method 'samlIdPMetadataGenerator' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception is java.net.MalformedURLException: no protocol: login.unila.ac.id/cas
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:640)
... 60 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdPMetadataGenerator' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method 'samlIdPMetadataGenerator' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception is java.net.MalformedURLException: no protocol: login.unila.ac.id/cas
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:645)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:475)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:310)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1287)
at org.springframework.beans.factory.support.DefaultListableBeanFactory$DependencyObjectProvider.getObject(DefaultListableBeanFactory.java:1879)
at org.apereo.cas.config.SamlIdPEndpointsConfiguration.samlIdPObjectSignatureValidator(SamlIdPEndpointsConfiguration.java:160)
at org.apereo.cas.config.SamlIdPEndpointsConfiguration$$EnhancerBySpringCGLIB$$ed8f6eb6.CGLIB$samlIdPObjectSignatureValidator$0(<generated>)
at org.apereo.cas.config.SamlIdPEndpointsConfiguration$$EnhancerBySpringCGLIB$$ed8f6eb6$$FastClassBySpringCGLIB$$f2d1057e.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at org.apereo.cas.config.SamlIdPEndpointsConfiguration$$EnhancerBySpringCGLIB$$ed8f6eb6.samlIdPObjectSignatureValidator(<generated>)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 61 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method 'samlIdPMetadataGenerator' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception is java.net.MalformedURLException: no protocol: login.unila.ac.id/cas
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:640)
... 86 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception is java.net.MalformedURLException: no protocol: login.unila.ac.id/cas
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:645)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:475)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.resolveBeanReference(ConfigurationClassEnhancer.java:394)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:366)
at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf.samlSelfSignedCertificateWriter(<generated>)
at org.apereo.cas.config.SamlIdPMetadataConfiguration.samlIdPMetadataGenerator(SamlIdPMetadataConfiguration.java:140)
at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf.CGLIB$samlIdPMetadataGenerator$4(<generated>)
at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf$$FastClassBySpringCGLIB$$4511572f.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf.samlIdPMetadataGenerator(<generated>)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 87 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception is java.net.MalformedURLException: no protocol: login.unila.ac.id/cas
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:640)
... 110 more
Caused by: java.net.MalformedURLException: no protocol: login.unila.ac.id/cas
at java.base/java.net.URL.<init>(URL.java:627)
at java.base/java.net.URL.<init>(URL.java:523)
at java.base/java.net.URL.<init>(URL.java:470)
at org.apereo.cas.config.SamlIdPMetadataConfiguration.samlSelfSignedCertificateWriter(SamlIdPMetadataConfiguration.java:154)
at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf.CGLIB$samlSelfSignedCertificateWriter$3(<generated>)
at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf$$FastClassBySpringCGLIB$$4511572f.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf.samlSelfSignedCertificateWriter(<generated>)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 111 more
Richard Frovarp
Jul 27, 2023, 12:03:31 PM7/27/23
to cas-...@apereo.org
Typically the helpful bit in a long stack like this is at the end
Error:
Caused by: java.net.MalformedURLException: no protocol: login.unila.ac.id/casat java.base/java.net.URL.<init>(URL.java:627)at java.base/java.net.URL.<init>(URL.java:523)at java.base/java.net.URL.<init>(URL.java:470)at org.apereo.cas.config.SamlIdPMetadataConfiguration.samlSelfSignedCertificateWriter(SamlIdPMetadataConfiguration.java:154)at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf.CGLIB$samlSelfSignedCertificateWriter$3(<generated>)at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf$$FastClassBySpringCGLIB$$4511572f.invoke(<generated>)at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)at org.apereo.cas.config.SamlIdPMetadataConfiguration$$EnhancerBySpringCGLIB$$150398bf.samlSelfSignedCertificateWriter(<generated>)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.base/java.lang.reflect.Method.invoke(Method.java:566)at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)... 111 more
So you are missing the protocol (https://) bit from that value. Digging through the code, that comes from:
val url = new URL(casProperties.getServer().getPrefix());
In my CAS config I have:
cas.server.prefix=${cas.server.name}/cas
which is what it is trying to read.
I then have:
cas.server.name=https://<hostname>.ndsu.edu
So look in that area of your config to add the protocol.
Obligatory note that 6.1 is old and you should upgrade.
Ray Bon
Jul 27, 2023, 12:55:00 PM7/27/23
to cas-...@apereo.org
Muhammad,
Your config has entity-id=https://cas.example.com/idp but it looks like cas is trying to create the certificate with login.unila.ac.id/cas
I am not sure why it insists on a protocol, should not matter for a self signed cert.
You could also make sure your cas.server.name has a protocol.
If your entityId does have a protocol, you can create the metadata yourself. See https://www.samltool.com/idp_metadata.php
Your version is quite old, so it may be hard to diagnose problems.
Ray
On Wed, 2023-07-26 at 19:43 -0700, Muhammad Ikhsan wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
i have an error implementing cas 6.1 as saml idp for google. please help me to tell what should i do
Config:cas.authn.saml-idp.entity-id=https://cas.example.com/idp
Build.gradle:// Other CAS dependencies/modules may be listed here...implementation "org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}"implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"implementation "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"// compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"implementation "org.apereo.cas:cas-server-support-jpa-service-registry:${project.'cas.version'}"compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"// compile "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}"// implementation "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"implementation "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"// implementation "org.apereo.cas:cas-server-support-saml-idp-metadata:${project.'cas.version'}"// implementation "org.apereo.cas:cas-server-support-saml-idp-web:${project.'cas.version'}"// implementation "org.apereo.cas:cas-server-support-saml-idp-core:${project.'cas.version'}"// implementation "org.apereo.cas:cas-server-support-saml-googleapps:${project.'cas.version'}"
Error:27-Jul-202309:37:27.526 SEVERE [main] org.apache.catalina.startup.HostConfig.deployWAR Error deploying web application archive [C:\Program Files\Apache Software Foundation\Tomcat9.0\webapps\cas.war]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdPObjectSignatureValidator' defined in class path resource [org/apereo/cas/config/SamlIdPEndpointsConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator]: Factory method'samlIdPObjectSignatureValidator' threw exception; nested exception isorg.springframework.beans.factory.BeanCreationException:Error creating bean with name'samlIdPMetadataGenerator' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception isorg.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method 'samlIdPMetadataGenerator' threw exception; nested exception isorg.springframework.beans.factory.BeanCreationException:Error creating bean with name'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception isorg.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception isjava.net.MalformedURLException: no protocol:login.unila.ac.id/cas
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:645)at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:475)at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338)at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177)at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:879)at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:878)at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550)at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747)at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:152)at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:132)at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:92)at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:172)at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5211)at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)... 38 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator]: Factory method'samlIdPObjectSignatureValidator' threw exception; nested exception isorg.springframework.beans.factory.BeanCreationException:Error creating bean with name'samlIdPMetadataGenerator' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception isorg.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method 'samlIdPMetadataGenerator' threw exception; nested exception isorg.springframework.beans.factory.BeanCreationException:Error creating bean with name'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception isorg.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception isjava.net.MalformedURLException: no protocol:login.unila.ac.id/cas
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:640)... 60 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdPMetadataGenerator' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method 'samlIdPMetadataGenerator' threw exception; nested exception isorg.springframework.beans.factory.BeanCreationException:Error creating bean with name'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception isorg.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception isjava.net.MalformedURLException: no protocol:login.unila.ac.id/cas
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator]: Factory method'samlIdPMetadataGenerator' threw exception; nested exception isorg.springframework.beans.factory.BeanCreationException:Error creating bean with name'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception isorg.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception isjava.net.MalformedURLException: no protocol:login.unila.ac.id/cas
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:640)... 86 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlSelfSignedCertificateWriter' defined in class path resource [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method 'samlSelfSignedCertificateWriter' threw exception; nested exception isjava.net.MalformedURLException: no protocol:login.unila.ac.id/cas
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter]: Factory method'samlSelfSignedCertificateWriter' threw exception; nested exception isjava.net.MalformedURLException: no protocol:login.unila.ac.id/cas
Ray Bon
Jul 27, 2023, 12:56:11 PM7/27/23
to cas-...@apereo.org
What Richard said.
Ray
On Thu, 2023-07-27 at 09:45 -0500, 'Richard Frovarp' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Muhammad Ikhsan
Jul 31, 2023, 10:37:46 AM7/31/23
to CAS Community, richard.frovarp
thanks richard,
i have updated cas version to 6.6 and i have successfully installed saml dependencies
My application has successfully redirected from the mail.google.com/a/example.net page to the cas server. but there is a statement The application you attempted to authenticate to is not authorized to use CAS
url: https://example.net/cas/idp/profile/SAML2/Redirect/SSO?SAMLRequest=jZJLT8MwEIT%2FSuR7Eyd90FpNq6gIqVJBqDwOXNDK2bZGjp16N4X%2Be0J5I1S4emc0s996PH2qbLTDQMa7XKSxFBE67Uvj1rm4uT7 rDMV0MiaobFarouGNW%2BK2QeKoNTpSr5NcNMEpD2RIOaiQFGt1VZwvVBZLVQfPXnsrooIIA7dRM%2B%2BoqTBcYdgZjTfLRS42zDWpJAGtfeOY4rX3a4ux9lXyEhPqdkTTUJsylz0D3QdpU9htHT2K 6MwHjYd%2BuViBJRTR%2FDQX9xmO%2BpBhvz8o03I06knA%2FgBkLxsNEEBCK6NLIDI7%2FDQSNTh3xOA4F5nMuh150umm1%2FJEdaVKZTwc9u5EdPuOrV1SvEFSB3P4Suc4HHhHctihAj4uf3k xZWd1kCp0bHgvJv9AVyFDCQy%2F8hsnX8t% 2F3PuiDZufXnpr9D4qrPWPs4DALSkODf5dOI3Tn4UrMLYoy4BEIpm85X7%2FWZNn&RelayState=b.z6IDjUow3SrU0TTRKNTU1SzFMsbQ0MUhMNTVLNDAxsjRLTUw0SBSSzSgpKSi20tfPTczM0UvPz0 _PSdVLzs8F8_UBZSIT_A%3D%3D
IDP Entity ID:
https://example.net/idp
Sign-in page URL:
https://example.net/cas/idp/profile/SAML2/Redirect/SSO
Sign-out page URL:
https://example.net/cas/logout
cas configuration:
cas.saml-core.issuer=https://login.unila.ac.id
cas.authn.saml-idp.entity-id=https://login.unila.ac.id/idp
cas.authn.saml-idp.metadata.location=C:/etc/cas/saml
Services:
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "^(http?|https?)://.*google.com/a/example.net",
"name" : "G Suite",
"id" : 1680247200,
"evaluationOrder" : 1,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "mail",
"canonicalizationMode": "LOWER"
},
"metadataLocation" : "C:/etc/cas/saml/google-apps.xml",
"metadataSignatureLocation" : "C:/etc/cas/saml/idp-signing.crt"
}
example.net/idp:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
cacheDuration="PT604800S"
entityID="https://accounts.google.com/samlrp/metadata?rpid=***">
<md:SPSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://accounts.google.com/samlrp/acs?rpid=***"
index="1" />
</md:SPSODescriptor>
</md:EntityDescriptor>
gogole-apps.xml:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor
entityID="google.com/a/example.net"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:email</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://www.google.com/a/example.net/acs" />
</md:SPSODescriptor>
</md:EntityDescriptor>
My application has successfully redirected from the mail.google.com/a/example.net page to the cas server. but there is a statement The application you attempted to authenticate to is not authorized to use CAS
url: https://example.net/cas/idp/profile/SAML2/Redirect/SSO?SAMLRequest=jZJLT8MwEIT%2FSuR7Eyd90FpNq6gIqVJBqDwOXNDK2bZGjp16N4X%2Be0J5I1S4emc0s996PH2qbLTDQMa7XKSxFBE67Uvj1rm4uT7 rDMV0MiaobFarouGNW%2BK2QeKoNTpSr5NcNMEpD2RIOaiQFGt1VZwvVBZLVQfPXnsrooIIA7dRM%2B%2BoqTBcYdgZjTfLRS42zDWpJAGtfeOY4rX3a4ux9lXyEhPqdkTTUJsylz0D3QdpU9htHT2K 6MwHjYd%2BuViBJRTR%2FDQX9xmO%2BpBhvz8o03I06knA%2FgBkLxsNEEBCK6NLIDI7%2FDQSNTh3xOA4F5nMuh150umm1%2FJEdaVKZTwc9u5EdPuOrV1SvEFSB3P4Suc4HHhHctihAj4uf3k xZWd1kCp0bHgvJv9AVyFDCQy%2F8hsnX8t% 2F3PuiDZufXnpr9D4qrPWPs4DALSkODf5dOI3Tn4UrMLYoy4BEIpm85X7%2FWZNn&RelayState=b.z6IDjUow3SrU0TTRKNTU1SzFMsbQ0MUhMNTVLNDAxsjRLTUw0SBSSzSgpKSi20tfPTczM0UvPz0 _PSdVLzs8F8_UBZSIT_A%3D%3D
IDP Entity ID:
https://example.net/idp
Sign-in page URL:
https://example.net/cas/idp/profile/SAML2/Redirect/SSO
Sign-out page URL:
https://example.net/cas/logout
cas configuration:
cas.saml-core.issuer=https://login.unila.ac.id
cas.authn.saml-idp.entity-id=https://login.unila.ac.id/idp
cas.authn.saml-idp.metadata.location=C:/etc/cas/saml
Services:
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "^(http?|https?)://.*google.com/a/example.net",
"name" : "G Suite",
"id" : 1680247200,
"evaluationOrder" : 1,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "mail",
"canonicalizationMode": "LOWER"
},
"metadataLocation" : "C:/etc/cas/saml/google-apps.xml",
"metadataSignatureLocation" : "C:/etc/cas/saml/idp-signing.crt"
}
example.net/idp:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
cacheDuration="PT604800S"
entityID="https://accounts.google.com/samlrp/metadata?rpid=***">
<md:SPSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://accounts.google.com/samlrp/acs?rpid=***"
index="1" />
</md:SPSODescriptor>
</md:EntityDescriptor>
gogole-apps.xml:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor
entityID="google.com/a/example.net"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:email</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://www.google.com/a/example.net/acs" />
</md:SPSODescriptor>
</md:EntityDescriptor>
Richard Frovarp
Jul 31, 2023, 10:37:46 AM7/31/23
to cas-...@apereo.org
The entityID in your metadata isn't the same as the service ID in your CAS configuration. Those need to match (or match via regex). Note that the entityID from Google doesn't come with protocols.
Muhammad Ikhsan
Aug 2, 2023, 1:08:27 AM8/2/23
to CAS Community, richard.frovarp
thankyou richard for your response,
I have updated according to your instructions and in the cas log I have managed to create a service ticket as below:
2023-08-02 11:31:19,308 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service ticket [ST-2-********oaF8MyBtDjB06Pn4Vgy-ETy] for service [https://accounts.google.com/samlrp/acs?rpid=04ia3j0l1avqnsw] and principal [user...@mail.com]>
2023-08-02 11:31:19,308 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: user...@mail.com
WHAT: {ticket=ST-2-********oaF8MyBtDjB06Pn4Vgy-ETy, service=https://accounts.google.com/samlrp/acs?rpid=04ia3j0l1avqnsw}
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Aug 02 11:31:19 ICT 2023
CLIENT IP ADDRESS: 103.3.46.247
SERVER IP ADDRESS: 127.0.0.1
=============================================================
then forwarded to the url https://accounts.google.com/signin/samlrpstart, where an error (500 Server Error) appears.
What is wrong?
What is wrong?
Richard Frovarp
Aug 4, 2023, 7:37:03 PM8/4/23
to CAS Community
I don't know. SAML Tracer in Firefox is
quite helpful. As is just looking at the network history in either
Chrome or Firefox developer tools. What is your ACS URL?
(AssertionConsumerService in the metadata). Mine is at
www.google.com, not accounts.google.com. So how did you get there?
The browser is doing a number of redirects, so having a log of
what those redirects are is pretty key in debugging. Maybe it
doesn't like the username value you are sending it? I've never
tried sending it a bogus username (to Google), so I don't know
what error that would cause, and what URL that error would show up
at. Basically, you are now having a problem that needs to be
solved by someone that knows how Google works. It might still be a
problem in CAS, but the key to understanding that problem is
understanding Google.
Reply all
Reply to author
Forward
0 new messages