General cause of "action execution attributes were 'map[[empty]]'"
928 views
Skip to first unread message
Pablo Vidaurri
May 25, 2022, 4:10:32 PM5/25/22
to CAS Community
On occasion I'm seeing a login error with this in my logs:
in state 'xxxCheck' of flow 'login' -- action execution attributes were 'map[[empty]]'
What is the general cause of this error?
-psv
Misagh
May 26, 2022, 12:02:17 AM5/26/22
to CAS Community
It is not an error. If you see this, usually it means the problem is something or somewhere else and this is not the root cause.
-- Misagh
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/16267ecb-67dc-43c6-9ed0-04d1e3623099n%40apereo.org.
Chris Durham
Oct 6, 2022, 4:00:23 PM10/6/22
to CAS Community, Misagh Moayyed
Hi,
With 6.6.0, we've been using the memcached Ticket Registry support previously, but now we want to take advantage of the Account Profile pages we can't get Session information (as getTickets() is not supported), so I thought I would switch to JPA (since we have a suitable DB). Logins without a service work perfectly and direct me to the Account Profile pages and I can see sessions etc.
However as soon I try and login through Delegated Authentications (any one of the 10+ providers we have) all responses show the CAS error page (500) and the logs show
DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception [org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.GenerateServiceTicketAction@7edba858 in state 'generateServiceTicket' of flow 'login' -- action execution attributes were 'map[[empty]]'] due to a type mismatch with handler [[FlowHandlerMapping.DefaultFlowHandler@2c96d8bf]
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.web.flow.GenerateServiceTicketAction@7edba858 in state 'generateServiceTicket' of flow 'login' -- action execution attributes were 'map[[empty]]']> [m
DEBUG [org.apereo.cas.web.flow.error.DefaultDelegatedClientAuthenticationFailureEvaluator] - <Delegation request has failed. Details are [{code=500}]> [m
Now I note that Misagh said map[[empty]] issues weren't an issue but were a symptom of another problem, but doesn't anyone have any suggestions as to how to debug what that "other problem" might be when the only change is between where the Ticket Registry is stored.
Up until that point everything looked normal and appeared to be working
Sven Specker
Oct 10, 2022, 11:57:30 AM10/10/22
to cas-...@apereo.org
On 10/6/22 22:00, 'Chris Durham' via CAS Community wrote:
> Hi,
>
Hi!
If we necro this, lets keep it shambling..:) While I did not have the
issue in delegated auth, it might have the same solution.
> Now I note that Misagh said map[[empty]] issues weren't an issue but
> were a symptom of another problem, but doesn't anyone have any
> suggestions as to how to debug what that "other problem" might be when
> the only change is between where the Ticket Registry is stored.
>
I had the exact same problem (map[[empty]]), but in the consent flow.
After not getting any proper error message, i found out that the
attributes that are pulled from my directory are all Lists, even if they
can only hold a single value.
Now in the service that failed the consent with that "map[[empty]]"
exception, i introduced a derived attribute via a groovy script. Since I
was setting an attribute that only can hold a single value, I set it as
a non-List string.
The code that checks the attributes in the consent flow apparently
blindly assumes that it gets a collection within the attribute map. CAS
6.1.x did not behave like that.
Once I made sure, all derived attributes are Lists before the login
flow/consent continued, it worked.
Maybe my problem could point to your problem...maybe not.
The error message was not very clear, it took me a while to even figure
out what the hell was wrong.
Best regards,
Sven Specker
--
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center ***
*********** UNIX System Administration (Auth/IDM) ****************
***** spe...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *****
******************************************************************
__________________________________________________________________
Johann Wolfgang Goethe Universitaet
- Hochschulrechenzentrum -
Theodor W. Adorno-Platz 1 (PA-1P16)
D-60323 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________
> Hi,
>
Hi!
If we necro this, lets keep it shambling..:) While I did not have the
issue in delegated auth, it might have the same solution.
> Now I note that Misagh said map[[empty]] issues weren't an issue but
> were a symptom of another problem, but doesn't anyone have any
> suggestions as to how to debug what that "other problem" might be when
> the only change is between where the Ticket Registry is stored.
>
After not getting any proper error message, i found out that the
attributes that are pulled from my directory are all Lists, even if they
can only hold a single value.
Now in the service that failed the consent with that "map[[empty]]"
exception, i introduced a derived attribute via a groovy script. Since I
was setting an attribute that only can hold a single value, I set it as
a non-List string.
The code that checks the attributes in the consent flow apparently
blindly assumes that it gets a collection within the attribute map. CAS
6.1.x did not behave like that.
Once I made sure, all derived attributes are Lists before the login
flow/consent continued, it worked.
Maybe my problem could point to your problem...maybe not.
The error message was not very clear, it took me a while to even figure
out what the hell was wrong.
Best regards,
Sven Specker
--
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center ***
*********** UNIX System Administration (Auth/IDM) ****************
***** spe...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *****
******************************************************************
__________________________________________________________________
Johann Wolfgang Goethe Universitaet
- Hochschulrechenzentrum -
Theodor W. Adorno-Platz 1 (PA-1P16)
D-60323 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________
Reply all
Reply to author
Forward
0 new messages