Re: [cas-user] SAML2 Delegated Authentication problem (org.xml.sax.SAXParseException: Premature end of file.)

[Ray Bon]

Are you missing service-provider-metadata-path?

Ray

On Wed, 2024-05-01 at 20:20 +0200, wouldsmina wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hello,

I want to use SAML2 Delegated Authentication as explained in this documentation :https://fawnoos.com/2023/10/04/cas66-delegate-authn-saml2-idp/

Unfortunately, I'm encountering an error upon restarting the Tomcat service:

-----------------------------------------------------------------------------------------------------------

[2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,585 ERROR [net.shibboleth.utilities.java.support.xml.BasicParserPool] - <XML Parsing Error>#033[m
[2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,587 ERROR [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver] - <Metadata Resolver FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Unable to unmarshall metadata: net.shibboleth.utilities.java.support.xml.XMLParserException: Unable to parse inputstream, it contained invalid XML>#033[m
[2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,588 ERROR [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver] - <Metadata Resolver FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Error occurred while attempting to refresh metadata from '/tmp/samlSpMetadata6083509884623035039.xml'>#033[m
[2024-05-01 19:44:46] [info] net.shibboleth.utilities.java.support.resolver.ResolverException: Unable to unmarshall metadata
...
[2024-05-01 19:44:46] [info] #033[1;31m2024-05-01 19:44:46,595 ERROR [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver] - <Metadata Resolver FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Metadata provider failed to properly initialize, fail-fast=true, halting>#033[m
[2024-05-01 19:44:46] [info] #033[33m2024-05-01 19:44:46,598 WARN [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedController' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedController' parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedService' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedService' parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdentityProviderEntityParser' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.util.spring.beans.BeanContainer]: Factory method 'samlIdentityProviderEntityParser' threw exception; nested exception is org.pac4j.saml.exceptions.SAMLException: Unable to generate metadata for service provider>#033[m
[2024-05-01 19:44:51] [info] #033[1;31m2024-05-01 19:44:51,752 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>#033[m
[2024-05-01 19:44:51] [info] org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedController' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedController' parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'identityProviderDiscoveryFeedService' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Unsatisfied dependency expressed through method 'identityProviderDiscoveryFeedService' parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdentityProviderEntityParser' defined in class path resource [org/apereo/cas/config/SamlIdentityProviderDiscoveryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.util.spring.beans.BeanContainer]: Factory method 'samlIdentityProviderEntityParser' threw exception; nested exception is org.pac4j.saml.exceptions.SAMLException: Unable to generate metadata for service provider
...
[2024-05-01 19:44:51] [info] Caused by: org.xml.sax.SAXParseException: Premature end of file.

-----------------------------------------------------------------------------------------------------------

I checked the XML file with an online parser, and there are no errors. I've tried with several IDPs (Shibboleth or CAS) with both a URL and a local file, but the error remains the same. . However, if I use a file or URL that doesn't exist, the error is quite different. I'm using Tomcat 9, Java 11 (from debian 11 apt) and CAS 6.6.15.

cas.properties :

-----------------------------------------------------------------------------------------------------------

cas.authn.pac4j.saml[0].keystore-password=xxxxxxxxxxxxxxxxxxxxxxx
cas.authn.pac4j.saml[0].private-key-password=xxxxxxxxxxxxxxx
cas.authn.pac4j.saml[0].service-provider-entity-id=https://cas.domain.fr/cas/sp
cas.authn.pac4j.saml[0].keystore-path=/etc/cas/config/samlKeystore.jks
cas.authn.pac4j.saml[0].identity-provider-metadata-path=https://idp.domain.fr/idp/shibboleth
cas.authn.pac4j.saml[0].destination-binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
cas.authn.pac4j.saml[0].client-name=TEST1

-----------------------------------------------------------------------------------------------------------

Would anyone have an idea of the origin of my issue, please?

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/275d40252411fadca3bcaf4a7f17c09eafebcbc0.camel%40uvic.ca.