Hello, I've setup Jasig Central Authentication System (CAS) 4.0.2 with adfs-support-wsfederation I've used the maven overlay cas-adfs-integration-master
I've setup an adfs server (Windows Server 2012 R2) When I try logon to https://srv-jasig01.ict-toulouse.fr:4443/cas I've been redirected to https://adfs.ict-toulouse.fr/adfs/ls/?wa=wsignin1.0&wtrealm=urn:federation:cas That produces this log : 2016-04-20 11:58:31,103 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not generate service.> 2016-04-20 11:58:31,105 DEBUG [net.unicon.cas.support.wsfederation.web.flow.WsFederationAction] - <wresult : <t:RequestSecurityTokenResponse [truncated] 2016-04-20 11:58:31,115 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <parseTokenFromString: org.opensaml.saml1.core.impl.AssertionImpl@304d6837> 2016-04-20 11:58:31,125 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <validateSignature: Signature is valid.> 2016-04-20 11:58:31,126 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <createCredentialFromToken: retrieved on 2016-04-20T09:58:31.126Z> 2016-04-20 11:58:31,126 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <createCredentialFromToken: processed attribute: UPN> 2016-04-20 11:58:31,127 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <createCredentialFromToken: processed attribute: surname> 2016-04-20 11:58:31,127 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <createCredentialFromToken: processed attribute: givenname> 2016-04-20 11:58:31,127 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <createCredentialFromToken: processed attribute: Group> 2016-04-20 11:58:31,127 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <createCredentialFromToken: processed attribute: Email> 2016-04-20 11:58:31,127 DEBUG [net.unicon.cas.support.wsfederation.WsFederationUtils] - <createCredentialFromToken: ID: _d9fdfc33-6787-4bd9-8b4f-eb7b5c25d704 Issuer: http://adfs.ict-toulouse.fr/adfs/services/trust Audience: urn:federation:cas Audience Method: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Issued On: 2016-04-20T09:58:31.246Z Valid After: 2016-04-20T09:58:31.239Z Valid Before: 2016-04-20T10:58:31.239Z Attributes: Group: [ict\oSecretariats, ict\Utilisa. du domaine, ict\oDES-SG, ict\Groupe Projet Aurion, ict\Utilisateurs Info, ict\oAdministratif, ict\Utilisateurs ICT, ict\oDES-SG-SystemesDInformations] UPN: [email protected] Email: [email protected] surname: MOYA givenname: Yves > 2016-04-20 11:58:31,128 DEBUG [net.unicon.cas.support.wsfederation.authentication.principal.WsFederationCredential] - <.isValid: credential is valid.> Then I've been redirected back to https://srv-jasig01.ict-toulouse.fr:8443/cas/login That show me a blank page. source code of this page is : <html><head><title>Opération en cours...</title></head><body><form method="POST" name="hiddenform" action="https://srv-jasig01.ict-toulouse.fr:8443/cas/login";> <input type="hidden" name="wa" value="wsignin1.0" /><input type="hidden" name="wresult" value="<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-04-20T10:02:08.672Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-04-20T11:02:08.672Z</wsu:Expires></t:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>urn:federation:cas</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_97282ee8-e8af-4e1d-a809-d050b0f34c5c" Issuer="http://adfs.ict-toulouse.fr/adfs/services/trust" IssueInstant="2016-04-20T10:02:08.682Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2016-04-20T10:02:08.672Z" NotOnOrAfter="2016-04-20T11:02:08.672Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:cas</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="UPN" AttributeNamespace="urn:federation:cas"><saml:AttributeValue>[email protected]</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="surname" AttributeNamespace="urn:federation:cas"><saml:AttributeValue>MOYA</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="givenname" AttributeNamespace="urn:federation:cas"><saml:AttributeValue>Yves</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="Group" AttributeNamespace="urn:federation:cas"><saml:AttributeValue>ict\oSecretariats</saml:AttributeValue><saml:AttributeValue>ict\Utilisa. du domaine</saml:AttributeValue><saml:AttributeValue>ict\oDES-SG</saml:AttributeValue><saml:AttributeValue>ict\Groupe Projet Aurion</saml:AttributeValue><saml:AttributeValue>ict\Utilisateurs Info</saml:AttributeValue><saml:AttributeValue>ict\oAdministratif</saml:AttributeValue><saml:AttributeValue>ict\Utilisateurs ICT</saml:AttributeValue><saml:AttributeValue>ict\oDES-SG-SystemesDInformations</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="Email" AttributeNamespace="urn:federation:cas"><saml:AttributeValue>[email protected]</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" AuthenticationInstant="2016-04-20T09:58:31.205Z"><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference URI="#_97282ee8-e8af-4e1d-a809-d050b0f34c5c"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ds:DigestValue>FM+gP64NCIMiXtXR/Dc0ayjfA2c=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>VhHMXjliT/69Sbx8XvkQxx8s1oTsWd1wVUsqbBBNROGZnkt7lKsZDV/XM8Kmdgt9mIWOZnStauRCwzevxKKzDr0HRBp4YkSDjA1A5i4F5neqQR+amztCac93yZyF1G22wGeyr2YZgSVUNYikhppQlkR1kjeg12AStzTURkDK4bzChbABeDW01KDMDx+CP0Cz9+m542bUxIblnauH8K8tQs4C2yznT6v8BU1nbDh/sO0S3NiDdwHwBF2txHLZ+08j5KZcpeBV8CUUUkm37APvTzKz7rxwpBErd8x7Osju6sJT92wSGxs3uqMHfpwhJftZNpCLC9VuHS4s3VtAz/Bfxg==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC5DCCAcygAwIBAgIQX/hzgUzQraZAdHY06sGvdDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIFNpZ25pbmcgLSBhZGZzLmljdC10b3Vsb3VzZS5mcjAeFw0xNjAzMDkxMDE1MTBaFw0xNzAzMDkxMDE1MTBaMC4xLDAqBgNVBAMTI0FERlMgU2lnbmluZyAtIGFkZnMuaWN0LXRvdWxvdXNlLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ucaOaY0fD0YKHqLtKecU/AYHMgiyXWngaEWx+soBfjI8eqICCCg0f9P/PrtN5OFC8p7cmb0T/cYlow7gBZEwfEF6V5Hc4P7OFM0UOMuFm51a2fiDDY3NmYasrfn/3cvvH/DjVrxwFmgiteNCf6motCiHRbpfE4bZo4b/szct3x8ftICjkDYVzUxauOy6xrCarHNzq907fFM8bwqLqGJ338WzX1dMwSzQSwzO1m4h3cwNmNv6dbLdJg0BDZnLROg8BxqRBdcn2ZT143SLRar5Bt0eWOmM4g0hqQLcBsf7rHOgr8u84lJ85GSLoe9jUqp5JFu4N/dMbYEcsvFVuBfpwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAfDl/biqaMedwhrazYrEmvtA+eWFaIGNGkl4dUT3Zrx6KrGsXANXuSm9ZrqX4TcrGLH3Z1wiFypC7128IXXwHOAAs2RluO8ojMGIFvAr6dF43sIYLwV6Yhg8dr//MPn4ZcFr1xr3BAOIWpGTYsr/yaQ/HtCWtv1oQTBdgfQxVWqj8lhja4jhFT1hKpUa78ml2w+Dif440j5We58/5yIODru1PxzMNGiIme3wvuccvuQY7G0JL1Iab3j/A32903OcKHM1ca9fBCbUG2nuPRIXdOmPcypyFkbQXP/Embfg9o+LC3xz82e/USf/fExa+jl3rocNataeTD9Dexv3ITnW3p</X509Certificate></X509Data></KeyInfo></ds:Signature></saml:Assertion></t:RequestedSecurityToken><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>" /><noscript><p>Le script est désactivé. Cliquez sur Envoyer pour continuer.</p><input type="submit" value="Envoyer" /></noscript></form><script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script></body></html> Then in log file I have 2016-04-20 11:58:31,129 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <WsFederationAuthenticationHandler successfully authenticated ID: _d9fdfc33-6787-4bd9-8b4f-eb7b5c25d704 Issuer: http://adfs.ict-toulouse.fr/adfs/services/trust Audience: urn:federation:cas Audience Method: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Issued On: 2016-04-20T09:58:31.246Z Valid After: 2016-04-20T09:58:31.239Z Valid Before: 2016-04-20T10:58:31.239Z Attributes: UPN: yves.moya Email: [email protected] FirstName: Yves Groups: [ict\oSecretariats, ict\Utilisa. du domaine, ict\oDES-SG, ict\Groupe Projet Aurion, ict\Utilisateurs Info, ict\oAdministratif, ict\Utilisateurs ICT, ict\oDES-SG-SystemesDInformations] LastName: MOYA > 2016-04-20 11:58:31,129 DEBUG [net.unicon.cas.support.wsfederation.authentication.principal.WsFederationCredentialsToPrincipalResolver] - <Attempting to resolve a principal...> 2016-04-20 11:58:31,129 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <net.unicon.cas.support.wsfederation.authentication.principal.WsFederationCredentialsToPrincipalResolver@509cf131 failed to resolve principal from ID: _d9fdfc33-6787-4bd9-8b4f-eb7b5c25d704 Issuer: http://adfs.ict-toulouse.fr/adfs/services/trust Audience: urn:federation:cas Audience Method: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Issued On: 2016-04-20T09:58:31.246Z Valid After: 2016-04-20T09:58:31.239Z Valid Before: 2016-04-20T10:58:31.239Z Attributes: UPN: yves.moya Email: [email protected] FirstName: Yves Groups: [ict\oSecretariats, ict\Utilisa. du domaine, ict\oDES-SG, ict\Groupe Projet Aurion, ict\Utilisateurs Info, ict\oAdministratif, ict\Utilisateurs ICT, ict\oDES-SG-SystemesDInformations] LastName: MOYA > java.lang.NullPointerException at net.unicon.cas.support.wsfederation.authentication.principal.WsFederationCredentialsToPrincipalResolver.extractPrincipalId(WsFederationCredentialsToPrincipalResolver.java:49) [truncated] 2016-04-20 11:58:31,130 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: supplied credentials: [ID: _d9fdfc33-6787-4bd9-8b4f-eb7b5c25d704 Issuer: http://adfs.ict-toulouse.fr/adfs/services/trust Audience: urn:federation:cas Audience Method: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Issued On: 2016-04-20T09:58:31.246Z Valid After: 2016-04-20T09:58:31.239Z Valid Before: 2016-04-20T10:58:31.239Z Attributes: UPN: yves.moya Email: [email protected] FirstName: Yves Groups: [ict\oSecretariats, ict\Utilisa. du domaine, ict\oDES-SG, ict\Groupe Projet Aurion, ict\Utilisateurs Info, ict\oAdministratif, ict\Utilisateurs ICT, ict\oDES-SG-SystemesDInformations] LastName: MOYA ] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Wed Apr 20 11:58:31 CEST 2016 CLIENT IP ADDRESS: 172.21.10.106 SERVER IP ADDRESS: 192.168.254.113 ============================================================= > 2016-04-20 11:58:31,138 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: No resolver produced a principal. ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Wed Apr 20 11:58:31 CEST 2016 CLIENT IP ADDRESS: 172.21.10.106 SERVER IP ADDRESS: 192.168.254.113 ============================================================= > 2016-04-20 11:58:31,138 ERROR [net.unicon.cas.support.wsfederation.web.flow.WsFederationAction] - <No resolver produced a principal.> org.jasig.cas.authentication.UnresolvedPrincipalException: No resolver produced a principal. [truncated] avr. 20, 2016 11:58:34 AM org.apache.catalina.startup.HostConfig checkResources PRÉCIS: Checking context[/cas] redeploy resource /var/lib/tomcat8/webapps/cas.war Can you help me to solve this ? Best regards Yves -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d28a1e7b-f7b1-4bbe-91d1-62f2a2905ce9%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
