Sakai 11 Double Login Issue and Home Page Question?

135 views
Skip to first unread message

jeffrey.miller.ctr

unread,
Apr 7, 2016, 9:08:18 AM4/7/16
to Sakai Development
I've got Sakai 11 CASified and the LDAP provider configured. After our SSO login (usu-sso.png), I'm presented with another Sakai login page (sakai-11-login.png). Am I missing a new property or something?
Also, any ideas why the left tool nav is not a consistent background color (sakai-11-home.png)?
usu-sso.png
sakai-11-login.png
sakai-11-home.png

jeffrey.miller.ctr

unread,
Apr 12, 2016, 3:15:07 PM4/12/16
to Sakai Development
I found this same issue that I'm experiencing in the old dev list, still without a remedy though:

I am also getting this message in Tomcat log..

WARN http-bio-8443-exec-100 org.sakaiproject.login.tool.ContainerLogin - 
Authentication Failed for: null. Invalid Login: Identifier empty.

Thanks
Omer
On 6/30/2014 11:51 AM, Omer A Piperdi wrote:
> I am trying to implement CAS integration using xlogin-context.xml way..
> It prompt me to login with my CAS server and I am seeing another login
> prompt with /portal/relogin .
>
> Before if a user exists in Sakai with same netID, it will login
> automatically.. Did I miss any property or configuration?
>
> Thanks
> Omer

Sam Ottenhoff

unread,
Apr 12, 2016, 3:18:46 PM4/12/16
to jeffrey.miller.ctr, Sakai Development
Authentication Failed for: null

There's the issue: your container login isn't finding a valid user. Do you see errors in the logs when starting up? Have you upped logging in the relevant auth classes? How are you setting up CAS auth? Please post the relevant XML, and I will take a look.

jeffrey.miller.ctr

unread,
Apr 12, 2016, 3:28:57 PM4/12/16
to Sakai Development, jeffrey.m...@usuhs.edu
Thanks, here's my xlogin-context.xml (taken from my 10.6 instance), tweaked to match the xlogin-context.cas.xml template :

<?xml version="1.0" encoding="UTF-8"?>


<beans xmlns="http://www.springframework.org/schema/beans"

           xmlns:sec="http://www.springframework.org/schema/security"

           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd

                               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"

           default-lazy-init="false">


      <bean id="org.sakaiproject.login.filter.SakaiCasAuthenticationFilter" class="org.sakaiproject.login.filter.SakaiCasAuthenticationFilter">

        <property name="casServerLoginUrl" value="https://cas.usuhs.edu/cas/login"/>

        <property name="renew" value="false"/>

        <property name="gateway" value="false"/>

        <!--property name="service" value="https://jebdev.usuhs.edu:8443/portal/login"/-->

        <property name="service" value="https://jebdev.usuhs.edu:8443/sakai-login-tool/container"/>

      </bean>


      <bean id="org.jasig.cas.client.validation.Cas20ServiceTicketValidator.serverUrl" class="java.lang.String">

        <constructor-arg value="https://cas.usuhs.edu/cas"/>

      </bean>


      <bean id="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">

        <!--property name="service" value="https://jebdev.usuhs.edu:8443/portal/login"/-->

        <property name="service" value="https://jebdev.usuhs.edu:8443/sakai-login-tool/container"/>

        <property name="redirectAfterValidation" value="false"/>

        <property name="ticketValidator">

          <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">

            <constructor-arg ref="org.jasig.cas.client.validation.Cas20ServiceTicketValidator.serverUrl" />

          </bean>

        </property>

      </bean>


      <bean id="org.jasig.cas.client.util.HttpServletRequestWrapperFilter" class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter"/>


      <bean id="org.springframework.security.web.FilterChainProxy" class="org.springframework.security.web.FilterChainProxy">

        <sec:filter-chain-map path-type="ant">

        <sec:filter-chain pattern="/container/**" 

             filters="org.sakaiproject.login.filter.SakaiCasAuthenticationFilter,org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter,org.jasig.cas.client.util.HttpServletRequestWrapperFilter"/>

        </sec:filter-chain-map>

      </bean>


</beans>


Here's the log extract:

2016-04-12 11:38:23,728  INFO localhost-startStop-1 org.sakaiproject.component.impl.SakaiContextLoader - Servlet xlogin located an additional bean definition at sakai.home/xlogin-context.xml

2016-04-12 11:38:23,763  WARN localhost-startStop-1 org.springframework.security.config.http.MatcherType - 'path-type' is deprecated. Please use 'request-matcher' instead.

2016-04-12 11:38:23,764  INFO localhost-startStop-1 org.sakaiproject.component.impl.SakaiContextLoader - Servlet xlogin loaded 5 beans from [/home/jmiller/apache-tomcat-8.0.33/sakai/xlogin-context.xml]

2016-04-12 11:38:23,796  INFO localhost-startStop-1 org.sakaiproject.util.ToolListener - registering tools from resource: /tools/sakai.login.xml

2016-04-12 11:38:23,799 DEBUG localhost-startStop-1 org.sakaiproject.login.springframework.SafeDelegatingFilterProxy - Initializing filter 'springSecurityFilterChain'

2016-04-12 11:38:23,799  INFO localhost-startStop-1 org.sakaiproject.login.springframework.SafeDelegatingFilterProxy - Can't find a bean with name: springSecurityFilterChain, safely disable proxying

2016-04-12 11:38:23,799 DEBUG localhost-startStop-1 org.sakaiproject.login.springframework.SafeDelegatingFilterProxy - Filter 'springSecurityFilterChain' configured successfully

2016-04-12 11:38:23,800  INFO localhost-startStop-1 org.sakaiproject.login.tool.ContainerLogin - init()

2016-04-12 11:38:23,802  INFO localhost-startStop-1 org.sakaiproject.login.tool.SkinnableLogin - init()

Sam Ottenhoff

unread,
Apr 12, 2016, 3:45:17 PM4/12/16
to jeffrey.miller.ctr, Sakai Development

2016-04-12 11:38:23,799  INFO localhost-startStop-1 org.sakaiproject.login.springframework.SafeDelegatingFilterProxy - Can't find a bean with name: springSecurityFilterChain, safely disable proxying


Compare your custom xlogin-context.xml with the default login-tool/tool/src/webapp/WEB-INF/xlogin-context.cas.xml file. You are missing a bean with an id of "springSecurityFilterChain". Your bean id is named  "org.springframework.security.web.FilterChainProxy"

jeffrey.miller.ctr

unread,
Apr 12, 2016, 3:55:27 PM4/12/16
to Sakai Development, jeffrey.m...@usuhs.edu
Yep, much better! Thanks Sam.

Earle Nietzel

unread,
Apr 12, 2016, 3:59:35 PM4/12/16
to jeffrey.miller.ctr, Sakai Development
The reason this changed was because spring's convention is to look for “springSecurityFilterChain”. Why we originally chose a name other than that is a deviation and probably unintentional.

This became apparent when working on SAML integration (https://jira.sakaiproject.org/browse/SAK-30105) so it was corrected.

On Apr 12, 2016, at 3:44 PM, Sam Ottenhoff <otte...@longsight.com> wrote:

"springSecurityFilterChain"

jeffrey.miller.ctr

unread,
Apr 12, 2016, 8:15:54 PM4/12/16
to Sakai Development, jeffrey.m...@usuhs.edu
Nice to know! Thanks Earle.
Reply all
Reply to author
Forward
0 new messages