ADFS integration Error
92 views
Skip to first unread message
Scott Green
Mar 9, 2018, 6:37:57 PM3/9/18
to CAS Community
I was able to integrate the ADFS delegation for CAS successfully... briefly. Now every application I try to access throws the following exception error in cas.log They all come back and say application unauthorized to use CAS
2018-03-09 15:34:38,225 ERROR [org.apereo.cas.support.wsfederation.web.flow.WsFederationAction] - <Could not locate wsfed configuration for security token provided>
java.lang.IllegalArgumentException: Could not locate wsfed configuration for security token provided
at org.apereo.cas.support.wsfederation.WsFederationHelper.buildAndVerifyAssertion(WsFederationHelper.java:207) ~[cas-server-support-wsfederation-5.2.3.jar:5.2.3]
at org.apereo.cas.support.wsfederation.WsFederationHelper$$FastClassBySpringCGLIB$$2a86e006.invoke(<generated>) ~[cas-server-support-wsfederation-5.2.3.jar:5.2.3]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.apereo.cas.support.wsfederation.WsFederationHelper$$EnhancerBySpringCGLIB$$8cca8f6e.buildAndVerifyAssertion(<generated>) ~[cas-server-support-wsfederation-5.2.3.jar:5.2.3]
at org.apereo.cas.support.wsfederation.web.flow.WsFederationAction.handleWsFederationAuthenticationRequest(WsFederationAction.java:158) ~[cas-server-support-wsfederation-5.2.3.jar:5.2.3]
at org.apereo.cas.support.wsfederation.web.flow.WsFederationAction.doExecute(WsFederationAction.java:87) ~[cas-server-support-wsfederation-5.2.3.jar:5.2.3]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:1.8.0_144]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:1.8.0_144]
at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_144]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at com.sun.proxy.$Proxy313.execute(Unknown Source) ~[?:?]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:1.8.0_144]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:1.8.0_144]
at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_144]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at com.sun.proxy.$Proxy287.launchExecution(Unknown Source) ~[?:?]
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:263) ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) ~[servlet-api.jar:?]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) ~[servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-websocket.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28) ~[cas-server-core-web-5.2.3.jar:5.2.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) ~[cas-server-security-filter-2.0.7.jar:2.0.7]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245) ~[cas-server-security-filter-2.0.7.jar:2.0.7]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110) ~[spring-boot-actuator-1.5.8.RELEASE.jar:1.5.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:93) ~[cas-server-core-logging-5.2.3.jar:5.2.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) ~[spring-boot-actuator-1.5.8.RELEASE.jar:1.5.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115) ~[spring-boot-1.5.8.RELEASE.jar:1.5.8.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59) ~[spring-boot-1.5.8.RELEASE.jar:1.5.8.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90) ~[spring-boot-1.5.8.RELEASE.jar:1.5.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108) ~[spring-boot-1.5.8.RELEASE.jar:1.5.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.0.GA.jar:1.8.0.GA]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.9.1.jar:2.9.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[catalina.jar:8.5.11]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:474) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[catalina.jar:8.5.11]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) ~[catalina.jar:8.5.11]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) ~[catalina.jar:8.5.11]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[catalina.jar:8.5.11]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) ~[catalina.jar:8.5.11]
at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:241) ~[tomcat-coyote.jar:8.5.11]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:8.5.11]
at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:65) ~[tomcat-coyote.jar:8.5.11]
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) ~[tomcat-coyote.jar:8.5.11]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[?:1.8.0_144]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[?:1.8.0_144]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:8.5.11]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_144]
Scott Green
Mar 12, 2018, 7:15:39 PM3/12/18
to CAS Community
Updating post to include debug lines prior to ERROR
2018-03-12 16:10:41,664 DEBUG [org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory] - <Request does not specify a [TARGET] or request body is empty>
2018-03-12 16:10:41,665 DEBUG [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - <No service is specified in the request. Skipping service creation>
2018-03-12 16:10:41,665 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <No service could be extracted based on the given request>
2018-03-12 16:10:41,666 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - <Extractor did not generate service.>
2018-03-12 16:10:41,667 DEBUG [org.apereo.cas.support.wsfederation.web.flow.WsFederationAction] - <Parameter [wresult] received: [<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2018-03-12T23:10:41.734Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2018-03-13T00:10:41.734Z</wsu:Expires></t:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>urn:cas:test</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_d919b36d-eda6-4db3-9635-6fa85c19cba0" Issuer="http://test-sso.ewu.edu/adfs/services/trust" IssueInstant="2018-03-12T23:10:41.734Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2018-03-12T23:10:41.734Z" NotOnOrAfter="2018-03-13T00:10:41.734Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:cas:test</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="upn" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>sgre...@mailtest.ewu.edu</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>Green</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>Scott</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>sgre...@ewu.edu</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="employeeNumber" AttributeNamespace="ewu"><saml:AttributeValue>BE0E01B6AC937C19E0430100007FE9A3</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="Group" AttributeNamespace="http://schemas.xmlsoap.org/claims"><saml:AttributeValue>easterntest\Domain Users</saml:AttributeValue><saml:AttributeValue>easterntest\CRS-AAST301-75-200940</saml:AttributeValue><saml:AttributeValue>easterntest\OIT_Test</saml:AttributeValue><saml:AttributeValue>easterntest\Eastern-EmployeesExempt</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="employeeID" AttributeNamespace="ewu"><saml:AttributeValue>00691177</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="employeeType" AttributeNamespace="ewu"><saml:AttributeValue>Employee</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" AuthenticationInstant="2018-03-12T21:53:29.199Z"><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_d919b36d-eda6-4db3-9635-6fa85c19cba0"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>bstLfq3DpKjMy1yBk4j7gcdxAyhbQWnk9k5iWbsSRIc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>GbeZOfEhDarnLBM5bY8cir9cC69ioAS3w9vvA63upXLJ0y9jKlerDElyCDSyDj+qY+7R6iGDe35k+gWtVswOvVbsUMIzXTnbm+InCx4Y2Wz2raba5b9ARei2rQ8itW/jSv9VZjd5LtgQPM6oRWqYcbP2giajmsfiAnk1LqFEmiNkOL2gl1tQRRWtxRFqRj1f8pjszIDeVlowE3MxK4kb9qei4O3vLukgR5jNN864VYsoLn+AcS3wBaVc7ZDQjDlBuMASL4kUFifCb6rmOjdSqhNk9GfTOY34ysl7hheE1q0B25mRrtEnQ21a0kaO5vd/Xm48cIzOFyHj2+IX/PVwTQ==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC3DCCAcSgAwIBAgIQRwzSYZoy45tHWbfYICLO6TANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSB0ZXN0LXNzby5ld3UuZWR1MB4XDTE4MDEwNzE4MTUyMVoXDTE5MDEwNzE4MTUyMVowKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gdGVzdC1zc28uZXd1LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJkNZ21/m3ss7ySgu+V8Kcdjvzxqmw/pGpXMVgBxKaP64YcJmuiVuuAkri5UnEARNYo6KgPBqpYGckYSeDM06gHwIr9QHkOHGt1vgpO0dA9WRwmksGocfWjirfUoYMK6ci8selvQijNHyqNjlMMbmjYmyQeeLkrY1ou2nW240iHWvHYEJ/1h5GZqqveFjhk9kgVRbwpbZ1aqbW+utWd+PmZA9SIec7NQhw7xcfTttsu6IYpwG9yjuZbqH77gZd9sThwSfwNU7c1n///6P4d7paBIBzxgsj0ZJtE6FbPOPqh0BesAMmoaPYHt7CIJm/O/PTOicE4wYH1IcPeCsN5gPhECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAHoj16qKEpmETgYbfaqwVxMMkjNDfvbwlqDADXnfOR0qmQw575aCYKC0z+h7WpeNQ3DMwIBu3v4Cph6yaQAauab2RtdHM7VXYnW+LK1QBZrT6iCeV+OZ4Ksk5NHOv7AcTGP9v9VYlpayimftn691xVeixOECT5m83VzgSxgSg6WiHAnpernGIwtBR78Pku2OaIZC06wZDFGJuoaz5n1UwEoo91Htau1jDgb6X9fLscoUD1na1Gee2uTTeHa+St3lO/tRYurraUZUmp+nfdQ3AQoCUyP9/meP/thp1oEMVjAlTPouVXq5qJ4tJf5zXwRA9UDNEEbsz5u/+DVTylOxFdQ==</X509Certificate></X509Data></KeyInfo></ds:Signature></saml:Assertion></t:RequestedSecurityToken><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>]>
2018-03-12 16:10:41,667 DEBUG [org.apereo.cas.support.wsfederation.web.flow.WsFederationAction] - <Attempting to create an assertion from the token parameter>
2018-03-12 16:10:41,667 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Result token received from ADFS is [<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2018-03-12T23:10:41.734Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2018-03-13T00:10:41.734Z</wsu:Expires></t:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>urn:cas:test</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_d919b36d-eda6-4db3-9635-6fa85c19cba0" Issuer="http://test-sso.ewu.edu/adfs/services/trust" IssueInstant="2018-03-12T23:10:41.734Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2018-03-12T23:10:41.734Z" NotOnOrAfter="2018-03-13T00:10:41.734Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:cas:test</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="upn" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>sgre...@mailtest.ewu.edu</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>Green</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>Scott</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>sgre...@ewu.edu</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="employeeNumber" AttributeNamespace="ewu"><saml:AttributeValue>BE0E01B6AC937C19E0430100007FE9A3</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="Group" AttributeNamespace="http://schemas.xmlsoap.org/claims"><saml:AttributeValue>easterntest\Domain Users</saml:AttributeValue><saml:AttributeValue>easterntest\CRS-AAST301-75-200940</saml:AttributeValue><saml:AttributeValue>easterntest\OIT_Test</saml:AttributeValue><saml:AttributeValue>easterntest\Eastern-EmployeesExempt</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="employeeID" AttributeNamespace="ewu"><saml:AttributeValue>00691177</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="employeeType" AttributeNamespace="ewu"><saml:AttributeValue>Employee</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" AuthenticationInstant="2018-03-12T21:53:29.199Z"><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_d919b36d-eda6-4db3-9635-6fa85c19cba0"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>bstLfq3DpKjMy1yBk4j7gcdxAyhbQWnk9k5iWbsSRIc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>GbeZOfEhDarnLBM5bY8cir9cC69ioAS3w9vvA63upXLJ0y9jKlerDElyCDSyDj+qY+7R6iGDe35k+gWtVswOvVbsUMIzXTnbm+InCx4Y2Wz2raba5b9ARei2rQ8itW/jSv9VZjd5LtgQPM6oRWqYcbP2giajmsfiAnk1LqFEmiNkOL2gl1tQRRWtxRFqRj1f8pjszIDeVlowE3MxK4kb9qei4O3vLukgR5jNN864VYsoLn+AcS3wBaVc7ZDQjDlBuMASL4kUFifCb6rmOjdSqhNk9GfTOY34ysl7hheE1q0B25mRrtEnQ21a0kaO5vd/Xm48cIzOFyHj2+IX/PVwTQ==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC3DCCAcSgAwIBAgIQRwzSYZoy45tHWbfYICLO6TANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSB0ZXN0LXNzby5ld3UuZWR1MB4XDTE4MDEwNzE4MTUyMVoXDTE5MDEwNzE4MTUyMVowKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gdGVzdC1zc28uZXd1LmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJkNZ21/m3ss7ySgu+V8Kcdjvzxqmw/pGpXMVgBxKaP64YcJmuiVuuAkri5UnEARNYo6KgPBqpYGckYSeDM06gHwIr9QHkOHGt1vgpO0dA9WRwmksGocfWjirfUoYMK6ci8selvQijNHyqNjlMMbmjYmyQeeLkrY1ou2nW240iHWvHYEJ/1h5GZqqveFjhk9kgVRbwpbZ1aqbW+utWd+PmZA9SIec7NQhw7xcfTttsu6IYpwG9yjuZbqH77gZd9sThwSfwNU7c1n///6P4d7paBIBzxgsj0ZJtE6FbPOPqh0BesAMmoaPYHt7CIJm/O/PTOicE4wYH1IcPeCsN5gPhECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAHoj16qKEpmETgYbfaqwVxMMkjNDfvbwlqDADXnfOR0qmQw575aCYKC0z+h7WpeNQ3DMwIBu3v4Cph6yaQAauab2RtdHM7VXYnW+LK1QBZrT6iCeV+OZ4Ksk5NHOv7AcTGP9v9VYlpayimftn691xVeixOECT5m83VzgSxgSg6WiHAnpernGIwtBR78Pku2OaIZC06wZDFGJuoaz5n1UwEoo91Htau1jDgb6X9fLscoUD1na1Gee2uTTeHa+St3lO/tRYurraUZUmp+nfdQ3AQoCUyP9/meP/thp1oEMVjAlTPouVXq5qJ4tJf5zXwRA9UDNEEbsz5u/+DVTylOxFdQ==</X509Certificate></X509Data></KeyInfo></ds:Signature></saml:Assertion></t:RequestedSecurityToken><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>]>
2018-03-12 16:10:41,668 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Parsing token into a document>
2018-03-12 16:10:41,669 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Unmarshalling the document into a security token response>
2018-03-12 16:10:41,679 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Locating list of requested security tokens>
2018-03-12 16:10:41,680 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Locating the first occurrence of a requested security token in the list>
2018-03-12 16:10:41,680 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Locating the first occurrence of a security token from the requested security token>
2018-03-12 16:10:41,681 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Security token is an assertion.>
2018-03-12 16:10:41,681 DEBUG [org.apereo.cas.support.wsfederation.WsFederationHelper] - <Extracted assertion successfully: [org.opensaml.saml.saml1.core.impl.AssertionImpl@7b6682cc]>
2018-03-12 16:10:41,682 ERROR [org.apereo.cas.support.wsfederation.web.flow.WsFederationAction] - <Could not locate wsfed configuration for security token provided>
java.lang.IllegalArgumentException: Could not locate wsfed configuration for security token provided
Scott Green
Mar 14, 2018, 12:48:56 PM3/14/18
to CAS Community
Just an FYI on this. It was solved. The error was due to the Identifier property in the CAS/ADFS configuration was not correct. It was pretty minor, but the /services/trust in ADFS is not https, but rather http.
Posting this as information for anyone else who may come across this.
Reply all
Reply to author
Forward
0 new messages