[cas-user] CAS 4.2.3 + SPNEGO setup
117 views
Skip to first unread message
Antti Sirviö
Jul 11, 2016, 3:20:31 AM7/11/16
to cas-...@apereo.org
Hello,
I'm currently exprimenting with CAS 4.2.3 + SPNEGO setup, and run into
some problems. I followed the wiki instructions of setting up SPNEGO,
but it seems that I've missed something or didn't understand something
correctly.
Currently, I have working kerberos setup with AD (keytab is ok, and
kinit is working as it should), and login.conf located in /etc/cas/
(the location is specified inside the cas.properties file). Also
modifications to the login-webflow.xml are done (replaced
to=viewLoginForm actions with to=startSpnegoAuthenticate)
Now, when I try to authenticate, I get 500 internal server error. Logs
show following behaviour:
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'ticketGrantingTicketCheck' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@3bf69b2b expression = ticketGrantingTicketCheckAction, resultExpression = [null]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@26573ce1>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@26573ce1; result = notExists>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@3bf69b2b expression = ticketGrantingTicketCheckAction, resultExpression = [null]]; result = notExists>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@7ae23c26 on = notExists, to = gatewayRequestCheck]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'ticketGrantingTicketCheck'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'gatewayRequestCheck' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@43fd721f on = *, to = serviceAuthorizationCheck]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'gatewayRequestCheck'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'serviceAuthorizationCheck' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@20aff67 expression = serviceAuthorizationCheck, resultExpression = [null]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682; result = success>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@20aff67 expression = serviceAuthorizationCheck, resultExpression = [null]]; result = success>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@78e25983 on = *, to = generateLoginTicket]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'serviceAuthorizationCheck'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'generateLoginTicket' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@a6fdfbc expression = generateLoginTicketAction.generate(flowRequestContext), resultExpression = [null]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.jasig.cas.web.flow.GenerateLoginTicketAction] - <Generated login ticket LT-346-BXiKx6UYxpODpnR5Pcey-xxxxxxxxxxx>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@a6fdfbc expression = generateLoginTicketAction.generate(flowRequestContext), resultExpression = [null]]; result = generated>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@692cd498 on = generated, to = startSpnegoAuthenticate]>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'generateLoginTicket'>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'startSpnegoAuthenticate' of flow 'login'>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@142933c8 expression = negociateSpnego, resultExpression = [null]]>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@1abe21d0>
2016-07-11 10:06:54,756 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - <Authorization header [null], User Agent header [Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko]>
2016-07-11 10:06:54,757 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - <Authorization header not found or does not match the message prefix [Negotiate ]. Sending [WWW-Authenticate] header [Negotiate]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@1abe21d0; result = success>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@142933c8 expression = negociateSpnego, resultExpression = [null]]; result = success>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@1d6b7385 on = success, to = spnego]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'startSpnegoAuthenticate'>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'spnego' of flow 'login'>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2c49b6e2 expression = spnego, resultExpression = [null]]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@31c7f7c5>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@31c7f7c5; result = error>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2c49b6e2 expression = spnego, resultExpression = [null]]; result = error>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@53ba1570 on = error, to = ticketGrantingTicketCheck]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'spnego'>
This is repeated about hundred times, and finally the client sees an
error message from the cas server. So does anyone have an idea what's
wrong with the configuration?
And one another question, how to configure ldap fallback for SPNEGO?
--
Antti Sirviö
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1468221621.4288.58.camel%40lut.fi.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
I'm currently exprimenting with CAS 4.2.3 + SPNEGO setup, and run into
some problems. I followed the wiki instructions of setting up SPNEGO,
but it seems that I've missed something or didn't understand something
correctly.
Currently, I have working kerberos setup with AD (keytab is ok, and
kinit is working as it should), and login.conf located in /etc/cas/
(the location is specified inside the cas.properties file). Also
modifications to the login-webflow.xml are done (replaced
to=viewLoginForm actions with to=startSpnegoAuthenticate)
Now, when I try to authenticate, I get 500 internal server error. Logs
show following behaviour:
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'ticketGrantingTicketCheck' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@3bf69b2b expression = ticketGrantingTicketCheckAction, resultExpression = [null]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@26573ce1>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@26573ce1; result = notExists>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@3bf69b2b expression = ticketGrantingTicketCheckAction, resultExpression = [null]]; result = notExists>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@7ae23c26 on = notExists, to = gatewayRequestCheck]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'ticketGrantingTicketCheck'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'gatewayRequestCheck' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@43fd721f on = *, to = serviceAuthorizationCheck]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'gatewayRequestCheck'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'serviceAuthorizationCheck' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@20aff67 expression = serviceAuthorizationCheck, resultExpression = [null]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682; result = success>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@20aff67 expression = serviceAuthorizationCheck, resultExpression = [null]]; result = success>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@78e25983 on = *, to = generateLoginTicket]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'serviceAuthorizationCheck'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'generateLoginTicket' of flow 'login'>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@a6fdfbc expression = generateLoginTicketAction.generate(flowRequestContext), resultExpression = [null]]>
2016-07-11 10:06:54,755 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:06:54,755 DEBUG [org.jasig.cas.web.flow.GenerateLoginTicketAction] - <Generated login ticket LT-346-BXiKx6UYxpODpnR5Pcey-xxxxxxxxxxx>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@a6fdfbc expression = generateLoginTicketAction.generate(flowRequestContext), resultExpression = [null]]; result = generated>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@692cd498 on = generated, to = startSpnegoAuthenticate]>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'generateLoginTicket'>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'startSpnegoAuthenticate' of flow 'login'>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@142933c8 expression = negociateSpnego, resultExpression = [null]]>
2016-07-11 10:06:54,756 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@1abe21d0>
2016-07-11 10:06:54,756 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - <Authorization header [null], User Agent header [Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko]>
2016-07-11 10:06:54,757 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - <Authorization header not found or does not match the message prefix [Negotiate ]. Sending [WWW-Authenticate] header [Negotiate]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@1abe21d0; result = success>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@142933c8 expression = negociateSpnego, resultExpression = [null]]; result = success>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@1d6b7385 on = success, to = spnego]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'startSpnegoAuthenticate'>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'spnego' of flow 'login'>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2c49b6e2 expression = spnego, resultExpression = [null]]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@31c7f7c5>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@31c7f7c5; result = error>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2c49b6e2 expression = spnego, resultExpression = [null]]; result = error>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@53ba1570 on = error, to = ticketGrantingTicketCheck]>
2016-07-11 10:06:54,758 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'spnego'>
This is repeated about hundred times, and finally the client sees an
error message from the cas server. So does anyone have an idea what's
wrong with the configuration?
And one another question, how to configure ldap fallback for SPNEGO?
--
Antti Sirviö
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1468221621.4288.58.camel%40lut.fi.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
itshorty AT
Jul 11, 2016, 4:26:15 AM7/11/16
to CAS Community, Antti....@lut.fi
Hi,
I'm also trying to setup CAS 4.2.3 + SPNEGO + LDAP against Microsoft AD.
I have the same problem - seems like it's looping in the webflow as it dies in a StackOverflowException:
Greetings Florian
I'm also trying to setup CAS 4.2.3 + SPNEGO + LDAP against Microsoft AD.
I have the same problem - seems like it's looping in the webflow as it dies in a StackOverflowException:
2016-07-11 10:20:33,845 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'startSpnegoAuthenticate' of flow 'login'>
2016-07-11 10:20:33,845 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@33ddde4 expression = negociateSpnego, resultExpression = [null]]>
2016-07-11 10:20:33,845 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@127a33d7>
2016-07-11 10:20:33,845 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - <Authorization header [null], User Agent header [Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 OWASMIME/4.0500]>
2016-07-11 10:20:33,847 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - <Authorization header not found or does not match the message prefix [Negotiate ]. Sending [WWW-Authenticate] header [Negotiate]>
2016-07-11 10:20:33,848 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - <Mixed-mode authentication is disabled. Executing completion of response>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@127a33d7; result = success>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@33ddde4 expression = negociateSpnego, resultExpression = [null]]; result = success>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@5cf1b6b2 on = success, to = spnego]>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'startSpnegoAuthenticate'>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'spnego' of flow 'login'>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@7b568a3c expression = spnego, resultExpression = [null]]>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@37510309>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@37510309; result = error>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@7b568a3c expression = spnego, resultExpression = [null]]; result = error>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@1118fca on = error, to = ticketGrantingTicketCheck]>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'spnego'>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'ticketGrantingTicketCheck' of flow 'login'>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@28c02a7d expression = ticketGrantingTicketCheckAction, resultExpression = [null]]>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@16c24b14>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@16c24b14; result = notExists>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@28c02a7d expression = ticketGrantingTicketCheckAction, resultExpression = [null]]; result = notExists>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@60258971 on = notExists, to = gatewayRequestCheck]>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'ticketGrantingTicketCheck'>
2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'gatewayRequestCheck' of flow 'login'>
2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@2f02c45 on = *, to = serviceAuthorizationCheck]>
2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'gatewayRequestCheck'>
2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'serviceAuthorizationCheck' of flow 'login'>
2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@65ea6784 expression = serviceAuthorizationCheck, resultExpression = [null]]>
2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]>
2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.jasig.cas.web.flow.ServiceAuthorizationCheck@62b99ff8>
2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]>
2016-07-11 10:20:33,852 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Could not complete request>
org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is java.lang.StackOverflowError
at org.springframework.web.servlet.DispatcherServlet.triggerAfterCompletionWithError(DispatcherServlet.java:1303) ~[DispatcherServlet.class:4.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:977) ~[DispatcherServlet.class:4.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) ~[DispatcherServlet.class:4.2.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[FrameworkServlet.class:4.2.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) ~[FrameworkServlet.class:4.2.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618) ~[tomcat8-servlet-api-8.0.14.jar:?]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[FrameworkServlet.class:4.2.3.RELEASE]
Greetings Florian
itshorty AT
Jul 11, 2016, 4:28:30 AM7/11/16
to CAS Community, Antti....@lut.fi
Hi again,
missed that a request returns HTTP500 instead of HTTP401 Auth. Required.
But the HTTP500 response contains the WWW-Authenticate: Neogotiate header.
Greetings Florian
missed that a request returns HTTP500 instead of HTTP401 Auth. Required.
But the HTTP500 response contains the WWW-Authenticate: Neogotiate header.
Greetings Florian
itshorty AT
Jul 11, 2016, 12:39:06 PM7/11/16
to CAS Community, Antti....@lut.fi
I think there is maybe a error in the changed login-webflow.xml.
I changed 2 occurences of viewLoginForm with startSpnegoAuthenticate.
File is attached.
I changed 2 occurences of viewLoginForm with startSpnegoAuthenticate.
File is attached.
Misagh Moayyed
Jul 11, 2016, 12:49:14 PM7/11/16
to CAS Community
I am not sure I follow. With your changes SPNEGO works, is what you’re saying?
If so, review: https://apereo.github.io/cas/4.2.x/installation/SPNEGO-Authentication.html#webflow-configuration
--
Misagh
Misagh
Antti Sirviö
Jul 12, 2016, 1:30:23 AM7/12/16
to itsh...@gmail.com, cas-...@apereo.org
My setup looks similar. Trying to figure out if the problem is in the
login-webflow.xml or somewhere else, but no success yet.
On Mon, 2016-07-11 at 09:39 -0700, itshorty AT wrote:
> I think there is maybe a error in the changed login-webflow.xml.
>
> I changed 2 occurences of viewLoginForm with startSpnegoAuthenticate.
> File is attached.
>
>
>
> Am Montag, 11. Juli 2016 10:28:29 UTC+2 schrieb itshorty AT:
> > Hi again,
> >
> > missed that a request returns HTTP500 instead of HTTP401 Auth.
> > Required.
> > But the HTTP500 response contains the WWW-Authenticate: Neogotiate
> > header.
> >
> > Greetings Florian
login-webflow.xml or somewhere else, but no success yet.
On Mon, 2016-07-11 at 09:39 -0700, itshorty AT wrote:
> I think there is maybe a error in the changed login-webflow.xml.
>
> I changed 2 occurences of viewLoginForm with startSpnegoAuthenticate.
> File is attached.
>
>
>
> Am Montag, 11. Juli 2016 10:28:29 UTC+2 schrieb itshorty AT:
> > Hi again,
> >
> > missed that a request returns HTTP500 instead of HTTP401 Auth.
> > Required.
> > But the HTTP500 response contains the WWW-Authenticate: Neogotiate
> > header.
> >
> > Greetings Florian
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1468301415.4288.68.camel%40lut.fi.
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Antti Sirviö
Jul 12, 2016, 5:05:26 AM7/12/16
to cas-...@apereo.org
I have a similar case like Florian - login-webflow.xml is modified
exactly like his, and the actual problem is similar too: It seems that
the login-flow loops with SPNEGO, and client gets back HTTP-500 (not
401 as it should. Please see the log sniplet in the first post in this
thread.
On Mon, 2016-07-11 at 09:49 -0700, Misagh Moayyed wrote:
> I am not sure I follow. With your changes SPNEGO works, is what
> you’re saying?
>
> If so, review: https://apereo.github.io/cas/4.2.x/installation/SPNEGO
> -Authentication.html#webflow-configuration ;
> > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentia
> > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredent
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1468314317.4288.74.camel%40lut.fi.
exactly like his, and the actual problem is similar too: It seems that
the login-flow loops with SPNEGO, and client gets back HTTP-500 (not
401 as it should. Please see the log sniplet in the first post in this
thread.
On Mon, 2016-07-11 at 09:49 -0700, Misagh Moayyed wrote:
> I am not sure I follow. With your changes SPNEGO works, is what
> you’re saying?
>
> If so, review: https://apereo.github.io/cas/4.2.x/installation/SPNEGO
> > > > > ialsAction] - <Authorization header [null], User Agent header
> > > > > [Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
> > > > > like Gecko]>
> > > > > 2016-07-11 10:06:54,757 DEBUG
> > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredent
> > > > > [Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
> > > > > like Gecko]>
> > > > > 2016-07-11 10:06:54,757 DEBUG
> > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredent
> > > > > ialsAction] - <Authorization header not found or does not
> > > > > match the message prefix [Negotiate ]. Sending [WWW
> > > > > match the message prefix [Negotiate ]. Sending [WWW
itshorty AT
Jul 21, 2016, 3:40:23 AM7/21/16
to CAS Community, mmoa...@unicon.net
Hello,
I modfied the login-webflow.xml as described in the documentation mentioned.
Please see attached file from last post.
The problem is that's i'm not getting a 401 response to the browser - it only loops till a stack overflow and than sends a HTTP 500 response with the negotiate header.
The browser doesn't reply on this HTTP 500 response as it is expected.
My setup is a Debian 8 with tomcat8 installed via apt. In front of the tomcat is a haproxy to handle ssl.
I have also tried it bypassing the haproxy - also no success.
Kerberos auth. is working on other services with my browser.
Hope that helps - if more informations are needed I will kinldy provide them.
Greetings Florian
I modfied the login-webflow.xml as described in the documentation mentioned.
Please see attached file from last post.
The problem is that's i'm not getting a 401 response to the browser - it only loops till a stack overflow and than sends a HTTP 500 response with the negotiate header.
The browser doesn't reply on this HTTP 500 response as it is expected.
My setup is a Debian 8 with tomcat8 installed via apt. In front of the tomcat is a haproxy to handle ssl.
I have also tried it bypassing the haproxy - also no success.
Kerberos auth. is working on other services with my browser.
Hope that helps - if more informations are needed I will kinldy provide them.
Greetings Florian
Am Montag, 11. Juli 2016 18:49:16 UTC+2 schrieb Misagh Moayyed:
I am not sure I follow. With your changes SPNEGO works, is what you’re saying?If so, review: https://apereo.github.io/cas/4.2.x/installation/SPNEGO-Authentication.html#webflow-configuration
--
Misagh
Kévin Déré
Jul 27, 2016, 3:24:33 AM7/27/16
to CAS Community, mmoa...@unicon.net
Hello,
If you're using cas-server-support-spnego-webflow, it seem there is an issue causing a loop with it .
you can have more detail here in the third comment :
hope it can help you.
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac515fa8-71b3-45b7-8664-2d3761d481d6%40apereo.org.You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Misagh Moayyed
Jul 27, 2016, 4:06:44 AM7/27/16
to CAS Community
As was suggested in that discussion, if you can reproduce the looping behavior based on what the docs suggest and have turned up logging for spring web flow unto DEBUG, please share those logs on the issue so we review.
--
Misagh
Misagh
From: Kévin Déré <dere.ke...@gmail.com>
Reply: Kévin Déré <dere.ke...@gmail.com>
Date: July 27, 2016 at 12:24:36 AM
To: CAS Community <cas-...@apereo.org>
Reply all
Reply to author
Forward
0 new messages