I am currently updating to CAS v4.2.3 and trying to setup an application that uses the Google Apps integration with CAS. I believe I tested this setup and it worked in 4.1.x. Anyway, whenever I try to login to CAS, I am able to authenticate with my active directory username and password, but then I get an error message that “CAS is unavailable”. The other services that don’t use the Google Apps integration are working just fine. In the tomcat error log I get this message:
SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@40cf8796 targetAction = [EvaluateAction@78ceaa17 expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause
java.lang.NullPointerException
at org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder.constructSamlResponse(GoogleAccountsServiceResponseBuilder.java:119)
at org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder.build_aroundBody0(GoogleAccountsServiceResponseBuilder.java:62)
at org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder$AjcClosure1.run(GoogleAccountsServiceResponseBuilder.java:1)
…
I assume this process is failing because the attribute map is empty, but I don’t know how to fix this problem. I have attached a copy of my deployerConfigContext file. Also, my Google Apps settings are in the cas.properties file. Any thoughts on why this is occuring?
Thanks,
––––––––––––––––––––
David Abney
ITS Web Developer/Programmer
600 West Walnut Street
Danville, Kentucky 40422
Misagh,
I set a 30 second skew allowance and set the logs to be Debug and tried again. I see these DEBUG messages:
2016-07-29 10:28:44,286 DEBUG [org.jasig.cas.support.saml.authentication.principal.SamlServiceFactory] - Request does not specify a TARGET or request body is empty
2016-07-29 10:28:44,287 DEBUG [org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder] - Using 30000 seconds as skew allowance.
2016-07-29 10:28:44,287 DEBUG [org.jasig.cas.web.support.DefaultArgumentExtractor] - Created [my_service_url] based on org.jasig.cas.support.saml.authentication.principal.GoogleAccountsServiceFactory@54e059ef
2016-07-29 10:28:44,288 DEBUG [org.jasig.cas.web.support.DefaultArgumentExtractor] - Extractor generated service for: [my_service_url]
2016-07-29 10:28:44,288 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in context scope: [my_service_url]
2016-07-29 10:28:44,288 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in context scope: [my_service_url]
The logs go on and everything seems fine, it says I authenticated successfully, resolves my attributes from LDAP, and creates a ticket, then I see this error message:
2016-07-29 10:29:00,656 DEBUG [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [david.abney] for username.
2016-07-29 10:29:00,663 DEBUG [org.jasig.cas.web.FlowExecutionExceptionResolver] - Ignoring the received exception due to a type mismatch
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@44e71d85 targetAction = [EvaluateAction@ab8416b expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:60)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Transition.execute(Transition.java:228)
Does that help?
Thanks,
––––––––––––––––––––
David Abney
ITS Web Developer/Programmer
600 West Walnut Street
Danville, Kentucky 40422
Misagh,
I tried using 4.2.4-SNAPSHOT and 4.2.5-SNAPSHOT, but I still got the same error. I was surprised I did not have to update anything when deploying those snapshots. Attached is the error I got when trying both versions.
After that, I tried 4.2.0 and it is working with my application. I don’t get an error message, I just see this where the error would normally appear:
2016-07-29 11:25:09,773 DEBUG [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [david.abney] for username.
2016-07-29 11:25:57,422 DEBUG [org.jasig.cas.util.CasSpringBeanJobFactory] - Created job org.jasig.cas.services.DefaultServicesManagerImpl$ServiceRegistryReloaderJob@3f301341 for bundle org.quartz.spi.TriggerFiredBundle@6d4030cf
Also, when trying 4.2.0, I removed a custom theme I was testing.
Do I file an issues on the Github project, here https://github.com/apereo/cas/issues/new?
Update to my earlier email:
The issue (#1931) was fixed in 4.2.5-SNAPSHOT, using this version of CAS resolved the Google Apps problem.