[CAS 6.2.2 ] invalid SAML 2 HTTP Redirect message

[Olivier Podeur]

Hello,

This error occurs when I want to connect to an IDP with SAML V2. It happens only with Firefox not with Chrome.

Do you have an idea about this error ?

Best regards.

Olivier

org.opensaml.messaging.decoder.MessageDecodingException: No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message    at org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder.doDecode(HTTPRedirectDeflateDecoder.java:114)    at org.opensaml.messaging.decoder.AbstractMessageDecoder.decode(AbstractMessageDecoder.java:56)    at org.opensaml.messaging.decoder.servlet.AbstractHttpServletRequestMessageDecoder.decode(AbstractHttpServletRequestMessageDecoder.java:53)    at org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder.decode(BaseHttpServletRequestXMLMessageDecoder.java:69)    at org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor.extract(DefaultSSOSamlHttpRequestExtractor.java:44)    at org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor$$FastClassBySpringCGLIB$$c80756f9.invoke(<generated>)    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771)    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)    at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)    at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135)    at jdk.internal.reflect.GeneratedMethodAccessor219.invoke(Unknown Source)    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)    at java.base/java.lang.reflect.Method.invoke(Method.java:566)    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644)    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633)    at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)    at org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor$$EnhancerBySpringCGLIB$$73628216.extract(<generated>)    at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostSimpleSignProfileHandlerController.handleSsoPostProfileRequest(SSOSamlIdPPostSimpleSignProfileHandlerController.java:69)    at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostSimpleSignProfileHandlerController.handleSaml2ProfileSsoRedirectRequest(SSOSamlIdPPostSimpleSignProfileHandlerController.java:40)    at jdk.internal.reflect.GeneratedMethodAccessor872.invoke(Unknown Source)    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)    at java.base/java.lang.reflect.Method.invoke(Method.java:566)    at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282)    at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499)    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)    at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostSimpleSignProfileHandlerController$$EnhancerBySpringCGLIB$$f8dff110.handleSaml2ProfileSsoRedirectRequest(<generated>)    at jdk.internal.reflect.GeneratedMethodAccessor872.invoke(Unknown Source)    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)    at java.base/java.lang.reflect.Method.invoke(Method.java:566)    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:879)    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793)    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)    at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)    at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:409)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:199)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:63)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:128)    at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66)    at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:103)    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)    at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:121)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:109)    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1591)    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)    at java.base/java.lang.Thread.run(Thread.java:834)