SPNEGO/Kerberos config
342 views
Skip to first unread message
spfma...@e.mail.fr
Feb 24, 2022, 5:29:04 AM2/24/22
to cas-...@apereo.org
Hi,
I am setting a new CAS server in order to replace our well working 3.5.1, and I was I not able to have a working SPNEGO auth.
Of course, it was impossible to use the good old configuration files because of so many changes in implementation.
I have been following the instructions here : https://apereo.github.io/cas/6.4.x/authentication/SPNEGO-Authentication.html but it was not working and some informations were missing (how to configure the JCIFS principal in the configuration file, as we only want to rely on Kerberos, NTLM is not considered).
It seems I had an almost working configuration for some times, but I suspect a typo in the documentation. Here is why.
If I use a JAAS configuration file like this one :
jcifs.spnego.initiate { com.sun.security.auth.module.Krb5LoginModule \ required storeKey=true useKeyTab=true keyTab="/home/cas/kerberos/myspnaccount.keytab"; }; jcifs.spnego.accept { com.sun.security.auth.module.Krb5LoginModule \ required storeKey=true useKeyTab=true keyTab="/home/cas/kerberos/myspnaccount.keytab"; };
Authentication fails and I get the following exceptions :
2022-02-24 09:10:09,340 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'spnego' of flow 'login'>
2022-02-24 09:10:09,342 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@39f3f57b expression = spnego, resultExpression = [null]]>
2022-02-24 09:10:09,342 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.SpnegoCredentialsAction@442151d1>
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Available request headers are [[host, connection, authorization, upgrade-insecure-requests, user-agent, accept, sec-fetch-site, sec-fetch-mode, sec-fetch-user, sec-fetch-dest, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, referer, accept-encoding, accept-language]]>
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header located as [Negotiate YIID6QYGKwYBBQUCoIID3TCCA9mgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCA6MEggOfYIIDmwYJKoZIhvcSAQICAQBuggOKMIIDhqADAgEFoQMCAQ6iBwMFACAAAACjggHGYYIBwjCCAb6gAwIBBaEGGwRJTlNBoiwwKqADAgECoSMwIRsESFRUUBsZc3NvZGV2Lmluc2Etc3RyYXNib3VyZy5mcqOCAX8wggF7oAMCARKhAwIBAqKCAW0EggFpBwVuEHULzldlvQc0ht8tm9F9Ru4KWWVl8MQhnhMYVSIGAvm+GQh1G78M8zXxJghwQuMGXJFqkm3rQSGW6GXEIxxjgBO40Zp0WOope2olvTzDeBUgyq90cd1Avfc2+nwuBP68Qa+ZGNyf7Ui67X11zUo8fYF7OtUQDe88b91aRlFadg83TumdJr72aCQPS6N91obS4EjT3bNiJ1aNcIHEW+Gi+nylpuBBaJQACGUpYHkqNdk8WOM7Owyz9SMcfC5kJalT223yD3ttQVLIWrzc/ywaZ/MKCPadXYkh7C83gsBysSqSvOHx0/36quarooiPl96MkpX5eX3oXrGFuSt/y6/8UXILyIOcBapQc3ujWih/lCzExTMg4mw3N76QuIQFT4dfVSULrm2U17EJxwe0eA0PbYCAnMXCv7WWThXBGiIcVpPCm2kVQS1LAYyXE3cS+hx/nqPmMBujeWlThmFMNl4fQJDAjAF7jKSCAaUwggGhoAMCARKiggGYBIIBlCzBGl6XPSjVIt4+Q8KyQSX94JyANIY8NJSDHiWf1iDUyKoSxmKtABMYvO0uSZid6DvL5JcJeCjr3f1FI3S8N6wOV0l0riwsIYOY9xLsvFdgXS2Gu3hFdYrK1DpoHZvRMYQ2rjLTN0kOrtc3HS2M2vssxsebm6477e8Q/jYBN3q1VuHE936i9OwNl2jP51wCoj06Mjnh9b65AQ47QqE1puFeD+FHj/JFLBtkYHk2ChsrNEbNZDJgszNcaCPHDnciRUAcWNEJAO14xS5PJw8rwRtvBTqF8ab298fOfLS5d6xsh5SKb7EU+9329CjvrvMcxfcTz4OVz7r2d6IuMFy8tvoFHwu9ZIyya8mRp71CwCKrGLyR4kturq4FkIGWMsVUf+8IuEw1FB7M6vFlnFpX5jrjz6juwYbOswemDSXHok4Tkj21mwN+fkJ/jI2OBq+YcH673zfGtuhZreQ5Nd/kMepmo7R09C7Ye95LwLhvUlq4c2iqukI8N9bTn6IusHcO8TXGExvf4qb7g2OWmDeCnmP5Zhy8]>
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header found with [1340] bytes>
2022-02-24 09:10:09,343 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Obtained token: [`��+���0�٠00. *�H�� *�H��
+�7
+�7
�����`�� *�H��n��0����� ���a��0����NSA�,0*��#0!TTPsodev.my.domain�0�{����m�inu
�We�4��-��}F�
Yee��!�U"�u▒▒
�<o�ZFQZv7N�&��h$K�}ֆ��H�ݳb'V�p��[��|���Ahe)`y*5�<X�;;��}u�J<}�{:�
��#|.d%�S�m�{mAR�Z���,g� ��]�!�/7��r�*��������櫢���ތ���y}�^���˯�Qr
ȃ��Ps{�Z�,��3 �l77����O�_U%
m����¿��N�"V��iA-K��w���0▒▒yiS�aL6^@���{����0��������,�^�=(�"�>C²A%����4�<4��%�� �Ȫ�b���.I���;�� x(���E#t�7�WIt�,,!����W`]-��xEu���h��\�=:29����;B�5��^�G��E,`y67z�V���~���
F�d2`�3\h#�w"E@X� �x�.O'+�:������|��w�l���o�����(����σ�Ϻ�w�.0\���
%ǢN�=��~~�����p~��7ƶ�Y��95��1�f��t�.�{�K��oRZ�sh��B<7�ӟ�.�w�5�▒▒���c��7��c�f�]. Creating credential...>ZW�:�Ϩ���γ�
PuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTY2022-02-24 09:10:09,369 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Edg/98.0.1108.56] is authorized to proceed>
2022-02-24 09:10:09,369 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [10.1.254.67] to proceed.>
2022-02-24 09:10:09,370 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Request is not eligible to be issued service tickets just yet>
2022-02-24 09:10:09,392 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication credentials provided for this transaction are [[SpnegoCredential(principal=null, isNtlm=false)]]>
2022-02-24 09:10:09,398 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Candidate/Registered authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@f54a90b2, org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@d29257f5, org.apereo.cas.authentication.LdapAuthenticationHandler@75836f9f]]>
2022-02-24 09:10:09,399 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers for this transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@33bf2602]]>
2022-02-24 09:10:09,401 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers produced no candidate authentication handler. Using the default handler resolver instead...>
2022-02-24 09:10:09,403 DEBUG [org.apereo.cas.authentication.AuthenticationHandlerResolver] - <Default authentication handlers used for this transaction are [HttpBasedServiceCredentialsAuthenticationHandler,JcifsSpnegoAuthenticationHandler,Corporate LDAP]>
2022-02-24 09:10:09,403 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Resolved and finalized authentication handlers to carry out this authentication transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@33bf2602]]>
2022-02-24 09:10:09,404 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Candidate resolved authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@f54a90b2, org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@d29257f5, org.apereo.cas.authentication.LdapAuthenticationHandler@75836f9f]]>
2022-02-24 09:10:09,404 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting to authenticate credential [SpnegoCredential(principal=null, isNtlm=false)]>
2022-02-24 09:10:09,405 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [SpnegoCredential(principal=null, isNtlm=false)].>
2022-02-24 09:10:09,406 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting authentication of [unknown] using [JcifsSpnegoAuthenticationHandler]>
2022-02-24 09:10:09,407 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Processing SPNEGO authentication>
2022-02-24 09:10:09,602 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Processing SPNEGO authentication failed with exception>
2022-02-24 09:10:09,615 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[JcifsSpnegoAuthenticationHandler] exception details: [Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException].>
So the token was provided but no valid principal could be obtained. Strange ...
But a deep inspection in the stacktrace showed this :
2022-02-24 09:10:09,602 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Processing SPNEGO authentication failed with exception>
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
at jcifs.spnego.Authentication.processKerberos(Authentication.java:447) ~[jcifs-ext.jar!/:?]
at jcifs.spnego.Authentication.processSpnego(Authentication.java:346) ~[jcifs-ext.jar!/:?]
at jcifs.spnego.Authentication.process(Authentication.java:235) ~[jcifs-ext.jar!/:?]
at org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler.doAuthentication(JcifsSpnegoAuthenticationHandler.java:72) ~[cas-server-support-spnego-6.4.5.jar!/:6.4.5]
at org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:44) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.sun.proxy.$Proxy175.authenticate(Unknown Source) ~[?:?]
at org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateAndResolvePrincipal(DefaultAuthenticationManager.java:201) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:302) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:68) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at org.apereo.cas.authentication.DefaultAuthenticationManager$$FastClassBySpringCGLIB$$5927c4b3.invoke(<generated>) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186) ~[inspektr-audit-1.8.16.GA.jar!/:1.8.16.GA]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.apereo.cas.authentication.DefaultAuthenticationManager$$EnhancerBySpringCGLIB$$23139495.authenticate(<generated>) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.sun.proxy.$Proxy191.authenticate(Unknown Source) ~[?:?]
at org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:33) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.sun.proxy.$Proxy192.handle(Unknown Source) ~[?:?]
at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:60) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleInitialAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:39) ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.sun.proxy.$Proxy172.handleInitialAuthenticationTransaction(Unknown Source) ~[?:?]
at org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.resolveInternal(DefaultCasDelegatingWebflowEventResolver.java:64) ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5]
at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:107) ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5]
at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:112) ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.sun.proxy.$Proxy305.resolveSingle(Unknown Source) ~[?:?]
at org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecute(AbstractAuthenticationAction.java:64) ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at jdk.internal.reflect.GeneratedMethodAccessor138.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.sun.proxy.$Proxy286.execute(Unknown Source) ~[?:?]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.sun.proxy.$Proxy307.launchExecution(Unknown Source) ~[?:?]
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1064) ~[spring-webmvc-5.3.9.jar!/:5.3.9]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.9.jar!/:5.3.9]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.9.jar!/:5.3.9]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.3.9.jar!/:5.3.9]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.9.jar!/:5.3.9]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401) ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200) ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62) ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204) ~[spring-security-web-5.5.2.jar!/:5.5.2]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.5.2.jar!/:5.5.2]
at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90) ~[spring-security-web-5.5.2.jar!/:5.5.2]
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:78) ~[spring-security-web-5.5.2.jar!/:5.5.2]
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:67) ~[spring-security-web-5.5.2.jar!/:5.5.2]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) ~[spring-boot-actuator-2.5.4.jar!/:2.5.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99) ~[cas-server-core-logging-6.4.5.jar!/:6.4.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.16.GA.jar!/:1.8.16.GA]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.9.jar!/:5.3.9]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:769) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) ~[tomcat-catalina-9.0.56.jar!/:9.0.56]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) ~[tomcat-coyote-9.0.56.jar!/:9.0.56]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote-9.0.56.jar!/:9.0.56]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895) ~[tomcat-coyote-9.0.56.jar!/:9.0.56]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1732) ~[tomcat-coyote-9.0.56.jar!/:9.0.56]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote-9.0.56.jar!/:9.0.56]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util-9.0.56.jar!/:9.0.56]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util-9.0.56.jar!/:9.0.56]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util-9.0.56.jar!/:9.0.56]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at jcifs.spnego.Authentication$ServerAction.run(Authentication.java:511) ~[jcifs-ext.jar!/:?]
at jcifs.spnego.Authentication.processKerberos(Authentication.java:430) ~[jcifs-ext.jar!/:?]
... 245 more
Caused by: java.lang.SecurityException: java.io.IOException: Erreur de configuration :
Ligne 2 : attendu [controlFlag], trouvé [null]
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) ~[?:?]
And I started to look for JAAS configuration samples (intuition, it's the only configuration file mentioning JCFIS options) in order to compare.
It seems the culpirt was just the backslash after "Krb5LoginModule". BASH would have been fine with that, but what about JAVA related configuration files ? I don't know.
So with this JAAS connfiguration file (I ahve put several principals in the keytab, one for the host itself and one for the CAS service principal, just in case) it is now working :
jcifs.spnego.initiate {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/krb5.keytab"
principal="HTTP/ssodev.my.domain@MY_REALM";
};
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/krb5.keytab"
principal="HTTP/ssodev.my.domain@MY_REALM";
};
jcifs.spnego.accept {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/krb5.keytab"
principal="HTTP/ssodev.my.domain@MY_REALM";
};
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/krb5.keytab"
principal="HTTP/ssodev.my.domain@MY_REALM";
};
The relevant part of the "cas.properties" file :
##########
# SPNEGO #
##########
cas.authn.spnego.order=0
cas.authn.spnego.system.login-conf=file:////etc/jaas.conf
# SPNEGO #
##########
cas.authn.spnego.order=0
cas.authn.spnego.system.login-conf=file:////etc/jaas.conf
cas.authn.spnego.system.kerberos-conf=file:////etc/krb5.conf
cas.authn.spnego.system.kerberos-realm=MY_REALM
cas.authn.spnego.system.kerberos-kdc=krb-master.my.domain
cas.authn.spnego.system.kerberos-kdc=krb-master.my.domain
cas.authn.spnego.properties[0].jcifs-service-principal=HTTP/ssodev.my.domain@MY_REALM
cas.authn.spnego.system.kerberos-debug=true
cas.authn.spnego.system.kerberos-debug=true
cas.authn.spnego.mixed-mode-authentication=true
cas.authn.spnego.send401OnAuthenticationFailure=false
cas.authn.spnego.send401OnAuthenticationFailure=false
cas.authn.spnego.ips-to-check-pattern=.+
cas.authn.spnego.ntlm-allowed=false
cas.authn.spnego.ntlm=false
cas.authn.spnego.spnego-attribute-name=sAMAccountName
cas.authn.spnego.ntlm=false
cas.authn.spnego.spnego-attribute-name=sAMAccountName
And the related "krb5.conf" file :
[libdefaults]
default_realm = MY_REALM
default_keytab_name = /etc/krb5.keytab
default_realm = MY_REALM
default_keytab_name = /etc/krb5.keytab
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
dns_lookup_realm = false
dns_lookup_kdc = false
dns_lookup_kdc = false
[realms]
MY_REALM = {
kdc = krb-master.my.domain
kdc = krb-slave.my.domain
admin_server = krb-master.my.domain
kpasswd_server = krb-master.my.domain
}
MY_REALM = {
kdc = krb-master.my.domain
kdc = krb-slave.my.domain
admin_server = krb-master.my.domain
kpasswd_server = krb-master.my.domain
}
[domain_realm]
.my.domain = MY_REALM
my.domain = MY_REALM
.my.domain = MY_REALM
my.domain = MY_REALM
Maybe this can help somebody facing the same problem, as it was quite time consuming to debug.
Regards
FreeMail powered by mail.fr
Mohamed Amdouni
Nov 10, 2023, 5:57:45 AM11/10/23
to CAS Community, spfma...@e.mail.fr
Hello,
Did you figured out what is the root cause?
I have a similar problem with null as principal after versio upgrade.
Thanks.
Reply all
Reply to author
Forward
0 new messages