Hi,
I'm using CAS 5.0.0.RC3-SNAPSHOT with SAML2 support.
Since this version I got an issue with authentication (authentication works with RC1).
I think the issue comes from these lines(cas/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/web/idp/profile/builders/enc/SamlObjectSigner.java) :
l.409 : if (!overrideBlackListedSignatureAlgorithms.isEmpty()) {
and
l.414 : if (!overrideWhiteListedAlgorithms.isEmpty()) {
Should it be :
l.409 : if (this.overrideBlackListedSignatureAlgorithms != null && !this.overrideBlackListedSignatureAlgorithms.isEmpty()) {
and
l.414 : if (this.overrideWhiteListedAlgorithms != null && !overrideWhiteListedAlgorithms.isEmpty()) {
Or is there a properties to set this 2 list to empty ones?
I got the following stackTrace (full stacktrace in attachment) :
2016-10-18 16:02:24,943 INFO [org.apereo.cas.support.saml.services.idp.metadata.cache.ChainingMetadataResolverCacheLoader] - <Initialized metadata resolver from [http://cas.sp.test.fr/metadata]>
2016-10-18 16:02:25,053 ERROR [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to error page from request [/idp/profile/SAML2/Redirect/SSO] due to exception [null]>
java.lang.NullPointerException
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner.verifySamlProfileRequestIfNeeded(SamlObjectSigner.java:409) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner$$FastClassBySpringCGLIB$$84e9b1fd.invoke(<generated>) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner$$EnhancerBySpringCGLIB$$cc188ec1.verifySamlProfileRequestIfNeeded(<generated>) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT]
at org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController.initiateAuthenticationRequest(AbstractSamlProfileHandlerController.java:408) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT]
at org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileHandlerController.handleSsoPostProfileRequest(SSOPostProfileHandlerController.java:71) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT]
at org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileHandlerController.handleSaml2ProfileSsoRedirectRequest(SSOPostProfileHandlerController.java:43) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT]
[...]
My cas.properties :
server.contextPath=/cas
server.port=8443
server.ssl.keyStore=file:C:\\workspace\\cas-server\\etc\\cas\\thekeystore
server.ssl.keyStorePassword=changeit
server.ssl.keyPassword=changeit
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.maxHttpHeaderSize=20971520
server.tomcat.maxThreads=5
server.tomcat.portHeader=X-Forwarded-Port
server.tomcat.protocolHeader=X-Forwarded-Proto
server.tomcat.protocolHeaderHttpsValue=https
server.tomcat.remoteIpHeader=X-FORWARDED-FOR
server.tomcat.uriEncoding=UTF-8
server.useForwardHeaders=true
server.name=http://cas.idp.test.fr:8080
server.prefix=${server.name}/cas
cas.server.name=http://cas.idp.test.fr:8080
cas.server.prefix=${server.name}/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config:file:C:\\workspace\\cas-server\\etc\\cas\\config\\log4j2.xml
## SERVICES
cas.serviceRegistry.config.location=classpath:/services
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.repeatInterval=10000
cas.serviceRegistry.startDelay=15000
cas.serviceRegistry.initFromJson=true
## AUTHENTICATION
cas.authn.shiro.config.location=file:C:\\workspace\\cas-server\\etc\\cas\\config\\shiro.ini
cas.authn.accept.users=
## SAML IDP
cas.authn.samlIdp.entityId=http://cas.idp.test.fr:8080/cas/idp
cas.authn.samlIdp.hostName=cas.idp.test.fr
cas.authn.samlIdp.scope=cas.idp.test.fr
cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
cas.authn.samlIdp.metadata.failFast=true
cas.authn.samlIdp.metadata.location=C:/workspace/cas-server/etc/cas/config/saml
cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
cas.authn.samlIdp.metadata.requireValidMetadata=true
cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
cas.authn.samlIdp.response.skewAllowance=0
cas.authn.samlIdp.response.signError=false
cas.authn.samlIdp.response.overrideSignatureCanonicalizationAlgorithm=
cas.authn.samlIdp.response.useAttributeFriendlyName=true
## CAS components mappings
primaryAuthenticationHandler=shiroAuthenticationHandler
## CAS SSO Cookie Generation & Security
tgc.cipherEnabled=true
tgc.encryption.key=cTuglkjtEwRkpHuF
tgc.signing.key=I5k4Ydbnv4y14c_c8VwAkMCjOCQez-txtRXOUjnRIYeOq7zpiNb8rokfT12-IH5QJvXldhtaIH_InGahR5dUtQ
# Indicates whether SAML ticket id generation should be saml2-compliant.
cas.saml.ticketid.saml2=true
My pom.xml :
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-overlay</artifactId>
<packaging>war</packaging>
<version>1.0</version>
<build>
<plugins>
<plugin>
<groupId>com.rimerosolutions.maven.plugins</groupId>
<artifactId>wrapper-maven-plugin</artifactId>
<version>0.0.4</version>
<configuration>
<verifyDownload>true</verifyDownload>
<checksumAlgorithm>MD5</checksumAlgorithm>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<warName>cas</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp/META-INF/MANIFEST.MF</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp</artifactId>
</overlay>
</overlays>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>${maven-jetty-plugin.version}</version>
<configuration>
<jettyXml>${basedir}/etc/jetty/jetty.xml,${basedir}/etc/jetty/jetty-ssl.xml,${basedir}/etc/jetty/jetty-https.xml</jettyXml>
<systemProperties>
<systemProperty>
<name>org.eclipse.jetty.annotations.maxWait</name>
<value>240</value>
</systemProperty>
</systemProperties>
<webApp>
<contextPath>/cas</contextPath>
<overrideDescriptor>${basedir}/etc/jetty/web.xml</overrideDescriptor>
</webApp>
<webAppConfig>
<allowDuplicateFragmentNames>true</allowDuplicateFragmentNames>
</webAppConfig>
<jvmArgs>-Dlogging.config=/etc/cas/log4j2.xml -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n</jvmArgs>
</configuration>
</plugin>
</plugins>
<finalName>cas</finalName>
</build>
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml-idp</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-generic</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.inspektr</groupId>
<artifactId>inspektr-aspects</artifactId>
<version>1.5.GA</version>
</dependency>
</dependencies>
<properties>
<cas.version>5.0.0.RC3-SNAPSHOT</cas.version>
<maven-jetty-plugin.version>9.3.6.v20151106</maven-jetty-plugin.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<repositories>
<repository>
<id>sonatype-releases</id>
<url>http://oss.sonatype.org/content/repositories/releases/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>sonatype-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>shibboleth-releases</id>
<url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
</repository>
<repository>
<id>spring-milestones</id>
<url>https://repo.spring.io/milestone</url>
</repository>
</repositories>
<profiles>
<profile>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<id>pgp</id>
<build>
<plugins>
<plugin>
<groupId>com.github.s4u.plugins</groupId>
<artifactId>pgpverify-maven-plugin</artifactId>
<version>1.1.0</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer>
<pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath>
<scope>test</scope>
<verifyPomFiles>true</verifyPomFiles>
<failNoSignature>false</failNoSignature>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Regards.