I think there is maybe a error in the changed login-webflow.xml. I changed 2 occurences of viewLoginForm with startSpnegoAuthenticate. File is attached.
Am Montag, 11. Juli 2016 10:28:29 UTC+2 schrieb itshorty AT: > > Hi again, > > missed that a request returns HTTP500 instead of HTTP401 Auth. Required. > But the HTTP500 response contains the WWW-Authenticate: Neogotiate header. > > Greetings Florian > > Am Montag, 11. Juli 2016 10:26:13 UTC+2 schrieb itshorty AT: >> >> Hi, >> >> I'm also trying to setup CAS 4.2.3 + SPNEGO + LDAP against Microsoft AD. >> >> I have the same problem - seems like it's looping in the webflow as it >> dies in a StackOverflowException: >> >> 2016-07-11 10:20:33,845 DEBUG [org.springframework.webflow.engine. >> ActionState] - <Entering state 'startSpnegoAuthenticate' of flow 'login'> >> 2016-07-11 10:20:33,845 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing [EvaluateAction@33ddde4 expression = >> negociateSpnego, resultExpression = [null]]> >> 2016-07-11 10:20:33,845 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow. >> SpnegoNegociateCredentialsAction@127a33d7> >> 2016-07-11 10:20:33,845 DEBUG [org.jasig.cas.support.spnego.web.flow. >> SpnegoNegociateCredentialsAction] - <Authorization header [null], User >> Agent header [Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 >> Firefox/38.0 OWASMIME/4.0500]> >> 2016-07-11 10:20:33,847 DEBUG [org.jasig.cas.support.spnego.web.flow. >> SpnegoNegociateCredentialsAction] - <Authorization header not found or >> does not match the message prefix [Negotiate ]. Sending [WWW-Authenticate >> ] header [Negotiate]> >> 2016-07-11 10:20:33,848 DEBUG [org.jasig.cas.support.spnego.web.flow. >> SpnegoNegociateCredentialsAction] - <Mixed-mode authentication is >> disabled. Executing completion of response> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web. >> flow.SpnegoNegociateCredentialsAction@127a33d7; result = success> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Finished executing [EvaluateAction@33ddde4 expression >> = negociateSpnego, resultExpression = [null]]; result = success> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> Transition] - <Executing [Transition@5cf1b6b2 on = success, to = spnego]> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> Transition] - <Exiting state 'startSpnegoAuthenticate'> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> ActionState] - <Entering state 'spnego' of flow 'login'> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing [EvaluateAction@7b568a3c expression = spnego >> , resultExpression = [null]]> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing org.jasig.cas.support.spnego.web.flow. >> SpnegoCredentialsAction@37510309> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Finished executing org.jasig.cas.support.spnego.web. >> flow.SpnegoCredentialsAction@37510309; result = error> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Finished executing [EvaluateAction@7b568a3c >> expression = spnego, resultExpression = [null]]; result = error> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> Transition] - <Executing [Transition@1118fca on = error, to = >> ticketGrantingTicketCheck]> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> Transition] - <Exiting state 'spnego'> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> ActionState] - <Entering state 'ticketGrantingTicketCheck' of flow >> 'login'> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing [EvaluateAction@28c02a7d expression = >> ticketGrantingTicketCheckAction, resultExpression = [null]]> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> AnnotatedAction] - <Putting action execution attributes map[[empty]]> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing org.jasig.cas.web.flow. >> TicketGrantingTicketCheckAction@16c24b14> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Finished executing org.jasig.cas.web.flow. >> TicketGrantingTicketCheckAction@16c24b14; result = notExists> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> AnnotatedAction] - <Clearing action execution attributes map[[empty]]> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Finished executing [EvaluateAction@28c02a7d >> expression = ticketGrantingTicketCheckAction, resultExpression = [null]]; >> result = notExists> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> Transition] - <Executing [Transition@60258971 on = notExists, to = >> gatewayRequestCheck]> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> Transition] - <Exiting state 'ticketGrantingTicketCheck'> >> 2016-07-11 10:20:33,849 DEBUG [org.springframework.webflow.engine. >> DecisionState] - <Entering state 'gatewayRequestCheck' of flow 'login'> >> 2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.engine. >> Transition] - <Executing [Transition@2f02c45 on = *, to = >> serviceAuthorizationCheck]> >> 2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.engine. >> Transition] - <Exiting state 'gatewayRequestCheck'> >> 2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.engine. >> ActionState] - <Entering state 'serviceAuthorizationCheck' of flow >> 'login'> >> 2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing [EvaluateAction@65ea6784 expression = >> serviceAuthorizationCheck, resultExpression = [null]]> >> 2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution. >> AnnotatedAction] - <Putting action execution attributes map[[empty]]> >> 2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution. >> ActionExecutor] - <Executing org.jasig.cas.web.flow. >> ServiceAuthorizationCheck@62b99ff8> >> 2016-07-11 10:20:33,850 DEBUG [org.springframework.webflow.execution. >> AnnotatedAction] - <Clearing action execution attributes map[[empty]]> >> 2016-07-11 10:20:33,852 DEBUG [org.springframework.web.servlet. >> DispatcherServlet] - <Could not complete request> >> org.springframework.web.util.NestedServletException: Handler processing >> failed; nested exception is java.lang.StackOverflowError >> at org.springframework.web.servlet.DispatcherServlet. >> triggerAfterCompletionWithError(DispatcherServlet.java:1303) ~[ >> DispatcherServlet.class:4.2.3.RELEASE] >> at org.springframework.web.servlet.DispatcherServlet.doDispatch( >> DispatcherServlet.java:977) ~[DispatcherServlet.class:4.2.3.RELEASE] >> at org.springframework.web.servlet.DispatcherServlet.doService( >> DispatcherServlet.java:893) ~[DispatcherServlet.class:4.2.3.RELEASE] >> at org.springframework.web.servlet.FrameworkServlet. >> processRequest(FrameworkServlet.java:970) ~[FrameworkServlet.class:4.2. >> 3.RELEASE] >> at org.springframework.web.servlet.FrameworkServlet.doGet( >> FrameworkServlet.java:861) ~[FrameworkServlet.class:4.2.3.RELEASE] >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:618) >> ~[tomcat8-servlet-api-8.0.14.jar:?] >> at org.springframework.web.servlet.FrameworkServlet.service( >> FrameworkServlet.java:846) ~[FrameworkServlet.class:4.2.3.RELEASE] >> >> >> Greetings Florian >> >> >> Am Montag, 11. Juli 2016 09:20:31 UTC+2 schrieb Antti Sirviö: >>> >>> Hello, >>> >>> I'm currently exprimenting with CAS 4.2.3 + SPNEGO setup, and run into >>> some problems. I followed the wiki instructions of setting up SPNEGO, >>> but it seems that I've missed something or didn't understand something >>> correctly. >>> >>> Currently, I have working kerberos setup with AD (keytab is ok, and >>> kinit is working as it should), and login.conf located in /etc/cas/ >>> (the location is specified inside the cas.properties file). Also >>> modifications to the login-webflow.xml are done (replaced >>> to=viewLoginForm actions with to=startSpnegoAuthenticate) >>> >>> Now, when I try to authenticate, I get 500 internal server error. Logs >>> show following behaviour: >>> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.ActionState] - <Entering state >>> 'ticketGrantingTicketCheck' of flow 'login'> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> [EvaluateAction@3bf69b2b expression = ticketGrantingTicketCheckAction, >>> resultExpression = [null]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.AnnotatedAction] - <Putting action >>> execution attributes map[[empty]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@26573ce1> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@26573ce1; >>> result = notExists> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action >>> execution attributes map[[empty]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing [EvaluateAction@3bf69b2b expression = >>> ticketGrantingTicketCheckAction, resultExpression = [null]]; result = >>> notExists> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Executing >>> [Transition@7ae23c26 on = notExists, to = gatewayRequestCheck]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Exiting state >>> 'ticketGrantingTicketCheck'> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.DecisionState] - <Entering state >>> 'gatewayRequestCheck' of flow 'login'> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Executing >>> [Transition@43fd721f on = *, to = serviceAuthorizationCheck]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Exiting state >>> 'gatewayRequestCheck'> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.ActionState] - <Entering state >>> 'serviceAuthorizationCheck' of flow 'login'> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> [EvaluateAction@20aff67 expression = serviceAuthorizationCheck, >>> resultExpression = [null]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.AnnotatedAction] - <Putting action >>> execution attributes map[[empty]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682; result >>> = success> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action >>> execution attributes map[[empty]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing [EvaluateAction@20aff67 expression = serviceAuthorizationCheck, >>> resultExpression = [null]]; result = success> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Executing >>> [Transition@78e25983 on = *, to = generateLoginTicket]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Exiting state >>> 'serviceAuthorizationCheck'> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.engine.ActionState] - <Entering state >>> 'generateLoginTicket' of flow 'login'> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> [EvaluateAction@a6fdfbc expression = >>> generateLoginTicketAction.generate(flowRequestContext), resultExpression = >>> [null]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.springframework.webflow.execution.AnnotatedAction] - <Putting action >>> execution attributes map[[empty]]> >>> 2016-07-11 10:06:54,755 DEBUG >>> [org.jasig.cas.web.flow.GenerateLoginTicketAction] - <Generated login >>> ticket LT-346-BXiKx6UYxpODpnR5Pcey-xxxxxxxxxxx> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action >>> execution attributes map[[empty]]> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing [EvaluateAction@a6fdfbc expression = >>> generateLoginTicketAction.generate(flowRequestContext), resultExpression = >>> [null]]; result = generated> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Executing >>> [Transition@692cd498 on = generated, to = startSpnegoAuthenticate]> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Exiting state >>> 'generateLoginTicket'> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.springframework.webflow.engine.ActionState] - <Entering state >>> 'startSpnegoAuthenticate' of flow 'login'> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> [EvaluateAction@142933c8 expression = negociateSpnego, resultExpression = >>> [null]]> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@1abe21d0> >>> >>> >>> 2016-07-11 10:06:54,756 DEBUG >>> [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - >>> <Authorization header [null], User Agent header [Mozilla/5.0 (Windows NT >>> 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko]> >>> 2016-07-11 10:06:54,757 DEBUG >>> [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - >>> <Authorization header not found or does not match the message prefix >>> [Negotiate ]. Sending [WWW-Authenticate] header [Negotiate]> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing >>> org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction@1abe21d0; >>> >>> result = success> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing [EvaluateAction@142933c8 expression = negociateSpnego, >>> resultExpression = [null]]; result = success> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Executing >>> [Transition@1d6b7385 on = success, to = spnego]> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Exiting state >>> 'startSpnegoAuthenticate'> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.engine.ActionState] - <Entering state 'spnego' >>> of flow 'login'> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> [EvaluateAction@2c49b6e2 expression = spnego, resultExpression = [null]]> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@31c7f7c5> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing >>> org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction@31c7f7c5; >>> result = error> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing [EvaluateAction@2c49b6e2 expression = spnego, resultExpression = >>> [null]]; result = error> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Executing >>> [Transition@53ba1570 on = error, to = ticketGrantingTicketCheck]> >>> 2016-07-11 10:06:54,758 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Exiting state 'spnego'> >>> >>> This is repeated about hundred times, and finally the client sees an >>> error message from the cas server. So does anyone have an idea what's >>> wrong with the configuration? >>> >>> And one another question, how to configure ldap fallback for SPNEGO? >>> >>> -- >>> Antti Sirviö >>> >>> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b0f41012-c101-4c33-ac02-316e0b4902d4%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
login-webflow.xml
Description: XML document
