[cas-user] Google Apps Integration Problem
David Abney
I am currently updating to CAS v4.2.3 and trying to setup an application that uses the Google Apps integration with CAS. I believe I tested this setup and it worked in 4.1.x. Anyway, whenever I try to login to CAS, I am able to authenticate with my active directory username and password, but then I get an error message that “CAS is unavailable”. The other services that don’t use the Google Apps integration are working just fine. In the tomcat error log I get this message:
SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@40cf8796 targetAction = [EvaluateAction@78ceaa17 expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause
java.lang.NullPointerException
at org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder.constructSamlResponse(GoogleAccountsServiceResponseBuilder.java:119)
at org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder.build_aroundBody0(GoogleAccountsServiceResponseBuilder.java:62)
at org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder$AjcClosure1.run(GoogleAccountsServiceResponseBuilder.java:1)
…
I assume this process is failing because the attribute map is empty, but I don’t know how to fix this problem. I have attached a copy of my deployerConfigContext file. Also, my Google Apps settings are in the cas.properties file. Any thoughts on why this is occuring?
Thanks,
––––––––––––––––––––
David Abney
ITS Web Developer/Programmer
600 West Walnut Street
Danville, Kentucky 40422
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcd5c0d98a1149a0a46ab2ef131f0bd9%40Exchange-MB2.centre.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Misagh Moayyed
Misagh
David Abney
Misagh,
I set a 30 second skew allowance and set the logs to be Debug and tried again. I see these DEBUG messages:
2016-07-29 10:28:44,286 DEBUG [org.jasig.cas.support.saml.authentication.principal.SamlServiceFactory] - Request does not specify a TARGET or request body is empty
2016-07-29 10:28:44,287 DEBUG [org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder] - Using 30000 seconds as skew allowance.
2016-07-29 10:28:44,287 DEBUG [org.jasig.cas.web.support.DefaultArgumentExtractor] - Created [my_service_url] based on org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceFactory@54e059ef
2016-07-29 10:28:44,288 DEBUG [org.jasig.cas.web.support.DefaultArgumentExtractor] - Extractor generated service for: [my_service_url]
2016-07-29 10:28:44,288 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in context scope: [my_service_url]
2016-07-29 10:28:44,288 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in context scope: [my_service_url]
The logs go on and everything seems fine, it says I authenticated successfully, resolves my attributes from LDAP, and creates a ticket, then I see this error message:
2016-07-29 10:29:00,656 DEBUG [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [david.abney] for username.
2016-07-29 10:29:00,663 DEBUG [org.jasig.cas.web.FlowExecutionExceptionResolver] - Ignoring the received exception due to a type mismatch
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@44e71d85 targetAction = [EvaluateAction@ab8416b expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:60)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Transition.execute(Transition.java:228)
Does that help?
Thanks,
––––––––––––––––––––
David Abney
ITS Web Developer/Programmer
600 West Walnut Street
Danville, Kentucky 40422
Misagh Moayyed
David Abney
Misagh,
I tried using 4.2.4-SNAPSHOT and 4.2.5-SNAPSHOT, but I still got the same error. I was surprised I did not have to update anything when deploying those snapshots. Attached is the error I got when trying both versions.
After that, I tried 4.2.0 and it is working with my application. I don’t get an error message, I just see this where the error would normally appear:
2016-07-29 11:25:09,773 DEBUG [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [david.abney] for username.
2016-07-29 11:25:57,422 DEBUG [org.jasig.cas.util.CasSpringBeanJobFactory] - Created job org.jasig.cas.services.DefaultServicesManagerImpl$ServiceRegistryReloaderJob@3f301341 for bundle org.quartz.spi.TriggerFiredBundle@6d4030cf
Also, when trying 4.2.0, I removed a custom theme I was testing.
Misagh Moayyed
David Abney
Do I file an issues on the Github project, here https://github.com/apereo/cas/issues/new?
Misagh Moayyed
David Abney
Update to my earlier email:
The issue (#1931) was fixed in 4.2.5-SNAPSHOT, using this version of CAS resolved the Google Apps problem.