Pac4j login after "CAS is Unavailable"

[Jo]

Hi everyone, 

I'm login with Facebook and Twitter. Then I get an error as follows.

Oct 13, 2014 1:00:31 PM org.apache.catalina.core.StandardWrapperValve invoke

SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.jasig.cas.support.pac4j.web.flow.ClientAction@1ff3e96 in state 'clientAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause

org.jasig.cas.authentication.AuthenticationException: 0 errors, 0 successes

at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:248)

at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate_aroundBody0(PolicyBasedAuthenticationManager.java:143)

at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate_aroundBody1$advice(PolicyBasedAuthenticationManager.java:54)

at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:1)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)

at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)

at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47)

at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:53)

at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)

at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)

at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)

at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:126)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)

at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)

at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

at com.sun.proxy.$Proxy26.authenticate(Unknown Source)

at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody10(CentralAuthenticationServiceImpl.java:531)

at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody11$advice(CentralAuthenticationServiceImpl.java:54)

at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)

at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)

at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47)

at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:53)

at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)

at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)

at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)

at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:126)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)

at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)

at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

at com.sun.proxy.$Proxy27.createTicketGrantingTicket(Unknown Source)

at org.jasig.cas.support.pac4j.web.flow.ClientAction.doExecute(ClientAction.java:162)

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)

at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)

at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)

at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)

at org.springframework.webflow.engine.State.enter(State.java:194)

at org.springframework.webflow.engine.Flow.start(Flow.java:535)

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:366)

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)

at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)

at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)

at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)

at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)

at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)

at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:125)

at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:54)

at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

What can I do?

Thanks

[Jérôme LELEU]

Hi,

Nice stack trace, but it's hard to guess what's wrong in your case.

Don't you have more relevant logs or turn on DEBUG logs on org.pac4j?

Thanks.

Best regards,

Jérôme LELEU

Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj

Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Enes]

Hi, 

Thank you for your response. CAS error log is as follows.

2014-10-20 14:46:08,403 WARN [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Cannot find authentication handler that supports org.jasig.cas.support.pac4j.authentication.principal.ClientCredential@4b63da, which suggests a configuration problem.

2014-10-20 14:46:08,405 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: audit:unknown

WHAT: supplied credentials: [org.jasig.cas.support.pac4j.authentication.principal.ClientCredential@4b63da]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Mon Oct 20 14:46:08 EEST 2014

CLIENT IP ADDRESS: 192.168.56.1

SERVER IP ADDRESS: 192.168.56.101

=============================================================

2014-10-20 14:46:08,409 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: audit:unknown

WHAT: 0 errors, 0 successes

ACTION: TICKET_GRANTING_TICKET_NOT_CREATED

APPLICATION: CAS

WHEN: Mon Oct 20 14:46:08 EEST 2014

CLIENT IP ADDRESS: 192.168.56.1

SERVER IP ADDRESS: 192.168.56.101

=============================================================

Thanks.

[Jérôme LELEU]

Hi,

I don't see any DEBUG logs on org.pac4j? Did you turn them on?

Thanks.

Best regards,

Jérôme LELEU

Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj

Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

[Enes]

Hi,

I'm sorry, Pac4j Where can I see the error logs?

Thanks.

[Jérôme LELEU]

Hi,

In your CAS server, there is a https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/resources/log4j.xml you need to configure properly.

Then logs should output in cas.log. However, sometimes, uncaught exceptions can be seen in other logs files like the catalina.out for Tomcat.

Best regards,

Jérôme LELEU

Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj

Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

--

[Enes]

Hi,

here ıs the debug log. ı get cas unavailable message after facebook auth.

[Jérôme LELEU]

Hi,

As you can see, this line in the logs points out the problem:

2014-10-21 14:09:54,202 WARN [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Cannot find authentication handler that supports org.jasig.cas.support.pac4j.authentication.principal.ClientCredential@1f06161, which suggests a configuration problem.

Did you define the authenticationhandler for pac4?

Best regards;

Jérôme LELEU

Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj

Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

[Enes]

authenticationhandler at deployerconfigcontext.xml below:

is there any problem? i use this wiki for configurations : https://wiki.jasig.org/pages/viewpage.action?pageId=56164890 

<bean id="authenticationManager"
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">

        <constructor-arg>

            <map>

                <!--

                   | IMPORTANT

                   | Every handler requires a unique name.

                   | If more than one instance of the same handler
class is configured, you must explicitly

                   | set its name to something other than its default
name (typically the simple class name).

                   -->

                <entry key-ref="usernameDbAuthHandler"
value-ref="dbPrincipalResolver" />

                <entry key-ref="emailDbAuthHandler"
value-ref="dbPrincipalResolver" />

            </map>

        </constructor-arg>



        <property name="authenticationMetaDataPopulators">

            <util:list>

               <bean
class="org.jasig.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator"
/>

            </util:list>

        </property>



        <!-- Uncomment the metadata populator to allow clearpass to
capture and cache the password

             This switch effectively will turn on clearpass.

        <property name="authenticationMetaDataPopulators">

           <util:list>

              <bean
class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"

                    c:credentialCache-ref="encryptedMap" />

           </util:list>

        </property>

        -->



        <!--

           | Defines the security policy around authentication. Some
alternative policies that ship with CAS:

           |

           | * NotPreventedAuthenticationPolicy - all credential must
either pass or fail authentication

           | * AllAuthenticationPolicy - all presented credential must
be authenticated successfully

           | * RequiredHandlerAuthenticationPolicy - specifies a
handler that must authenticate its credential to pass

           -->

        <property name="authenticationPolicy">

            <bean
class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />

        </property>

    </bean>

[Jérôme LELEU]

Hi,

You should use this documentation: http://jasig.github.io/cas/4.0.0/integration/Delegate-Authentication.html, but there is a glitch.

I don't see the ClientAuthenticationHandler, which is what is missing in your configuration (not the xxMetadaPopulator).

Best regards,

Jérôme LELEU

Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj

Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

[Enes]

my deployerconfigcontect.xml attached. I have prımaryauthhandler do i have one more authhandler more?

thanks

[Jérôme LELEU]

Hi,

Yes, you have it as an alone bean. But it must be referenced with the other handers in your authentication manager bean as well.

Best regards,

Jérôme LELEU

Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj

Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

[Enes]

i explore your pac4j-demo github codes and finally make facebook login work. But now i didnt use ?service parameter in the url.

it gave this error : 

Application Not Authorized to Use CAS

The application you attempted to authenticate to is not authorized to use CAS.

log is attached.

thanks and regards

21 Ekim 2014 Salı 16:53:13 UTC+3 tarihinde Jérôme LELEU yazdı:

[Jérôme LELEU]

Hi,

A CAS question as a matter of fact. Applications authorized to use CAS must be properly defined.

Here is the CAS documentation: http://jasig.github.io/cas/4.0.0/installation/Service-Management.html.

Best regards,

Jérôme LELEU

Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj

Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org