[cas-user] HTTP status 500 when authenticating via LDAP without service URL
78 views
Skip to first unread message
Steppacher Ralf
Aug 26, 2013, 9:16:02 AM8/26/13
to cas-...@lists.jasig.org
Hello,
I have a problem with LDAP authentication in CAS 3.5.2: As soon as I add either an instance of FastBindLdapAuthenticationHandler or BindLdapAuthenticationHandler to the chain of authenticationHandlers, the basic test to call <server>/cas/login stops working (if using a user that would be successfully authenticated through LDAP). I can see from the logs that the user is authenticated alright but then things go south. But all I get in the logs, and only on level debug, is a message saying "Ignoring the received exception due to a type mismatch". If I call <server>/cas/services and then log in, then everything works fine. I assume this is a bug?
This is the log output with org.jasig logging in level DEBUG.
2013-08-26 15:01:09,241 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler@4dd43f7d authenticated steppra1 with credential [username: steppra1].>
2013-08-26 15:01:09,241 DEBUG [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Attribute map for steppra1: {uid=uid, groupMembership=memberOf}>
2013-08-26 15:01:09,245 INFO [org.perf4j.TimingLogger] - <Performance Statistics 2013-08-26 15:00:00 - 2013-08-26 15:01:00
Tag Avg(ms) Min Max Std Dev Count
DESTROY_TICKET_GRANTING_TICKET 0.0 0 0 0.0 1
>
2013-08-26 15:01:09,245 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: steppra1]
WHAT: supplied credentials: [username: steppra1]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Mon Aug 26 15:01:09 CEST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================
>
2013-08-26 15:01:09,250 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-1-3DfolZtaAqLdfRRODxwaHRs3S0YhWMbbMUDNw6jDlLfk6WmK2P-steppra1-linux-mint] to registry.>
2013-08-26 15:01:09,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: steppra1]
WHAT: TGT-1-3DfolZtaAqLdfRRODxwaHRs3S0YhWMbbMUDNw6jDlLfk6WmK2P-steppra1-linux-mint
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Mon Aug 26 15:01:09 CEST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================
>
2013-08-26 15:01:09,250 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]>
2013-08-26 15:01:09,251 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie with name [CASTGC] and value [TGT-1-3DfolZtaAqLdfRRODxwaHRs3S0YhWMbbMUDNw6jDlLfk6WmK2P-steppra1-linux-mint]>
2013-08-26 15:01:09,252 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not generate service.>
2013-08-26 15:01:09,252 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor did not generate service.>
2013-08-26 15:01:09,254 DEBUG [org.jasig.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch>
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2886)
at org.apache.catalina.connector.Request.getSession(Request.java:2316)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:898)
at org.springframework.webflow.context.servlet.HttpSessionMap.getMutex(HttpSessionMap.java:98)
at org.springframework.webflow.core.collection.LocalSharedAttributeMap.getMutex(LocalSharedAttributeMap.java:39)
at org.springframework.webflow.conversation.impl.ContainedConversation.unlock(ContainedConversation.java:108)
at org.springframework.webflow.execution.repository.support.ConversationBackedFlowExecutionLock.unlock(ConversationBackedFlowExecutionLock.java:55)
at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:178)
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
...
I have a problem with LDAP authentication in CAS 3.5.2: As soon as I add either an instance of FastBindLdapAuthenticationHandler or BindLdapAuthenticationHandler to the chain of authenticationHandlers, the basic test to call <server>/cas/login stops working (if using a user that would be successfully authenticated through LDAP). I can see from the logs that the user is authenticated alright but then things go south. But all I get in the logs, and only on level debug, is a message saying "Ignoring the received exception due to a type mismatch". If I call <server>/cas/services and then log in, then everything works fine. I assume this is a bug?
This is the log output with org.jasig logging in level DEBUG.
2013-08-26 15:01:09,241 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler@4dd43f7d authenticated steppra1 with credential [username: steppra1].>
2013-08-26 15:01:09,241 DEBUG [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Attribute map for steppra1: {uid=uid, groupMembership=memberOf}>
2013-08-26 15:01:09,245 INFO [org.perf4j.TimingLogger] - <Performance Statistics 2013-08-26 15:00:00 - 2013-08-26 15:01:00
Tag Avg(ms) Min Max Std Dev Count
DESTROY_TICKET_GRANTING_TICKET 0.0 0 0 0.0 1
>
2013-08-26 15:01:09,245 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: steppra1]
WHAT: supplied credentials: [username: steppra1]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Mon Aug 26 15:01:09 CEST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================
>
2013-08-26 15:01:09,250 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-1-3DfolZtaAqLdfRRODxwaHRs3S0YhWMbbMUDNw6jDlLfk6WmK2P-steppra1-linux-mint] to registry.>
2013-08-26 15:01:09,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: steppra1]
WHAT: TGT-1-3DfolZtaAqLdfRRODxwaHRs3S0YhWMbbMUDNw6jDlLfk6WmK2P-steppra1-linux-mint
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Mon Aug 26 15:01:09 CEST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================
>
2013-08-26 15:01:09,250 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]>
2013-08-26 15:01:09,251 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie with name [CASTGC] and value [TGT-1-3DfolZtaAqLdfRRODxwaHRs3S0YhWMbbMUDNw6jDlLfk6WmK2P-steppra1-linux-mint]>
2013-08-26 15:01:09,252 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not generate service.>
2013-08-26 15:01:09,252 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor did not generate service.>
2013-08-26 15:01:09,254 DEBUG [org.jasig.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch>
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2886)
at org.apache.catalina.connector.Request.getSession(Request.java:2316)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:898)
at org.springframework.webflow.context.servlet.HttpSessionMap.getMutex(HttpSessionMap.java:98)
at org.springframework.webflow.core.collection.LocalSharedAttributeMap.getMutex(LocalSharedAttributeMap.java:39)
at org.springframework.webflow.conversation.impl.ContainedConversation.unlock(ContainedConversation.java:108)
at org.springframework.webflow.execution.repository.support.ConversationBackedFlowExecutionLock.unlock(ConversationBackedFlowExecutionLock.java:55)
at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:178)
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
...
--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply all
Reply to author
Forward
0 new messages