[cas-user] shib-cas-authn2 plugin error

21 views
Skip to first unread message

Niva Agmon

unread,
Mar 26, 2015, 3:35:49 PM3/26/15
to cas-...@lists.jasig.org

Hello,

 

I installed the plugin to have shibbolized apps authenticate through CAS, but am getting exceptions where the CAS client is looking for log4j:

 

java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory

 

The log4j-over-slf4j-1.7.5.jar and slf4j-api-1.7.5.jar jars are under /opt/shibboleth-idp/lib. Not sure why it’s not seeing them.

 

 

SEVERE: StandardWrapper.Throwable

java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory

        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)

        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)

        at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)

        at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)

        at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)

        at javax.servlet.GenericServlet.init(GenericServlet.java:212)

        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)

        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)

        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4425)

        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4738)

        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)

        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)

        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)

        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)

        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)

        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)

        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)

        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)

        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)

        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)

        at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)

        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)

        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)

        at org.apache.catalina.core.StandardService.start(StandardService.java:516)

        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)

        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:622)

        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)

        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

Mar 26, 2015 3:20:10 PM org.apache.catalina.core.StandardContext loadOnStartup

SEVERE: Servlet /idp threw load() exception

java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory

        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)

        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)

        at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)

        at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)

        at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)

        at javax.servlet.GenericServlet.init(GenericServlet.java:212)

        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)

        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)

        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4425)

        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4738)

        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)

        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)

        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)

        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)

        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)

        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)

        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)

        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)

        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)

        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)

        at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)

        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)

        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)

        at org.apache.catalina.core.StandardService.start(StandardService.java:516)

        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)

        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:622)

        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)

        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

Mar 26, 2015 3:20:20 PM org.apache.catalina.core.ApplicationContext log

SEVERE: StandardWrapper.Throwable

java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory

        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)

        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)

        at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)

        at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)

        at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)

        at javax.servlet.GenericServlet.init(GenericServlet.java:212)

        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)

        at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:809)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:129)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

        at java.lang.Thread.run(Thread.java:701)

Mar 26, 2015 3:20:20 PM org.apache.catalina.core.StandardWrapperValve invoke

SEVERE: Allocate exception for servlet External Authn Callback

java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory

        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)

        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)

        at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)

        at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)

        at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)

        at javax.servlet.GenericServlet.init(GenericServlet.java:212)

        at org.apache.catalina.core

 

 

 

Thanks a lot,

Niva

 

 

Niva Agmon

Temple University

O: 215-204-2680

nag...@temple.edu

 

 

 

-- 
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

John Gasper

unread,
Mar 27, 2015, 11:24:10 AM3/27/15
to cas-...@lists.jasig.org
Hi Niva,

The jars in shibboleth-idp/lib are only uses when running the scripts in shibboleth-idp/bin. The webapp has its own set of libraries. They are built from the installer directory (shibboleth-identity-privder-2.4.X/lib) when you run install.sh/.bat. Are to two logging jars in that directory?

Usually the shib-cas-authn2 only needs itself and the the cas client jar… What version of the cas client jar are you using? I usually download the necessary files with :

Hope that helps… 

John

-- 
John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef


-- 
You are currently subscribed to cas-...@lists.jasig.org as: jga...@unicon.net
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Niva Agmon

unread,
Mar 27, 2015, 4:59:35 PM3/27/15
to cas-...@lists.jasig.org

Hi John,

 

Thanks a lot for your reply.

The error must have been because I build the shib-cas-authn2-2.05.jar  (based on article https://github.com/Unicon/shib-cas-authenticator).

Once I downloaded the jar from the URL you posted the error went away.

 

Of course we’re making baby steps here -  now I’m getting the SSL handshake exception:

SEVERE: Servlet.service() for servlet External Authn Callback threw exception

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Thanks again,

Niva

You are currently subscribed to cas-...@lists.jasig.org as: nag...@temple.edu
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

John Gasper

unread,
Mar 30, 2015, 11:47:34 AM3/30/15
to cas-...@lists.jasig.org
The shib-cas-authn2 is itself a CAS Client and has to make a backchannel call to CAS’s /serviceValidate endpoint. The SSL cert on the CAS Server is not trusted by the Java CA certs keystore. You’ll need to import the cert into the keystore used by Shib so that the trust works. I think you should be able to find more help at https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide

Niva Agmon

unread,
Mar 30, 2015, 6:38:35 PM3/30/15
to cas-...@lists.jasig.org

This explains it.

Both servers are using real certs (from GlobalSign, not self signed), but I did notice that the GlobalSign root certs are not the same on the two servers, so I’ll import the one from CAS to the Shib server cacert & am praying that this will do the trick!

 

Thanks again John,

Reply all
Reply to author
Forward
0 new messages