I have a similar case like Florian - login-webflow.xml is modified exactly like his, and the actual problem is similar too: It seems that the login-flow loops with SPNEGO, and client gets back HTTP-500 (not 401 as it should. Please see the log sniplet in the first post in this thread.
On Mon, 2016-07-11 at 09:49 -0700, Misagh Moayyed wrote: > I am not sure I follow. With your changes SPNEGO works, is what > you’re saying? > > If so, review: https://apereo.github.io/cas/4.2.x/installation/SPNEGO > -Authentication.html#webflow-configuration ; > -- > Misagh > > From: itshorty AT <[email protected]> > Reply: itshorty AT <[email protected]> > Date: July 11, 2016 at 9:39:19 AM > To: CAS Community <[email protected]> > Cc: [email protected] <[email protected]> > Subject: [cas-user] Re: CAS 4.2.3 + SPNEGO setup > > > I think there is maybe a error in the changed login-webflow.xml. > > > > I changed 2 occurences of viewLoginForm with > > startSpnegoAuthenticate. > > File is attached. > > > > > > > > Am Montag, 11. Juli 2016 10:28:29 UTC+2 schrieb itshorty AT: > > > Hi again, > > > > > > missed that a request returns HTTP500 instead of HTTP401 Auth. > > > Required. > > > But the HTTP500 response contains the WWW-Authenticate: > > > Neogotiate header. > > > > > > Greetings Florian > > > > > > Am Montag, 11. Juli 2016 10:26:13 UTC+2 schrieb itshorty AT: > > > > Hi, > > > > > > > > I'm also trying to setup CAS 4.2.3 + SPNEGO + LDAP against > > > > Microsoft AD. > > > > > > > > I have the same problem - seems like it's looping in the > > > > webflow as it dies in a StackOverflowException: > > > > > > > > 2016-07-11 10:20:33,845 DEBUG > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > state 'startSpnegoAuthenticate' of flow 'login'> > > > > 2016-07-11 10:20:33,845 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing [EvaluateAction@33ddde4 expression = > > > > negociateSpnego, resultExpression = [null]]> > > > > 2016-07-11 10:20:33,845 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing org.jasig.cas.support.spnego.web.flow.SpnegoNegociat > > > > eCredentialsAction@127a33d7> > > > > 2016-07-11 10:20:33,845 DEBUG > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentia > > > > lsAction] - <Authorization header [null], User Agent header > > > > [Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 > > > > Firefox/38.0 OWASMIME/4.0500]> > > > > 2016-07-11 10:20:33,847 DEBUG > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentia > > > > lsAction] - <Authorization header not found or does not match > > > > the message prefix [Negotiate ]. Sending [WWW-Authenticate] > > > > header [Negotiate]> > > > > 2016-07-11 10:20:33,848 DEBUG > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentia > > > > lsAction] - <Mixed-mode authentication is disabled. Executing > > > > completion of response> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Finished executing org.jasig.cas.support.spnego.web.flow.Spneg > > > > oNegociateCredentialsAction@127a33d7; result = success> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Finished executing [EvaluateAction@33ddde4 expression = > > > > negociateSpnego, resultExpression = [null]]; result = success> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Executing [ > > > > Transition@5cf1b6b2 on = success, to = spnego]> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > state 'startSpnegoAuthenticate'> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > state 'spnego' of flow 'login'> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing [EvaluateAction@7b568a3c expression = spnego, > > > > resultExpression = [null]]> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing org.jasig.cas.support.spnego.web.flow.SpnegoCredenti > > > > alsAction@37510309> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Finished executing org.jasig.cas.support.spnego.web.flow.Spneg > > > > oCredentialsAction@37510309; result = error> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Finished executing [EvaluateAction@7b568a3c expression = > > > > spnego, resultExpression = [null]]; result = error> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Executing [ > > > > Transition@1118fca on = error, to = ticketGrantingTicketCheck]> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > state 'spnego'> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > state 'ticketGrantingTicketCheck' of flow 'login'> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing [EvaluateAction@28c02a7d expression = > > > > ticketGrantingTicketCheckAction, resultExpression = [null]]> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > <Putting action execution attributes map[[empty]]> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing > > > > org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@16c24b14 > > > > > > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Finished executing > > > > org.jasig.cas.web.flow.TicketGrantingTicketCheckAction@16c24b14 > > > > ; result = notExists> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > <Clearing action execution attributes map[[empty]]> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Finished executing [EvaluateAction@28c02a7d expression = > > > > ticketGrantingTicketCheckAction, resultExpression = [null]]; > > > > result = notExists> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Executing [ > > > > Transition@60258971 on = notExists, to = gatewayRequestCheck]> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > state 'ticketGrantingTicketCheck'> > > > > 2016-07-11 10:20:33,849 DEBUG > > > > [org.springframework.webflow.engine.DecisionState] - <Entering > > > > state 'gatewayRequestCheck' of flow 'login'> > > > > 2016-07-11 10:20:33,850 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Executing [ > > > > Transition@2f02c45 on = *, to = serviceAuthorizationCheck]> > > > > 2016-07-11 10:20:33,850 DEBUG > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > state 'gatewayRequestCheck'> > > > > 2016-07-11 10:20:33,850 DEBUG > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > state 'serviceAuthorizationCheck' of flow 'login'> > > > > 2016-07-11 10:20:33,850 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing [EvaluateAction@65ea6784 expression = > > > > serviceAuthorizationCheck, resultExpression = [null]]> > > > > 2016-07-11 10:20:33,850 DEBUG > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > <Putting action execution attributes map[[empty]]> > > > > 2016-07-11 10:20:33,850 DEBUG > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > <Executing > > > > org.jasig.cas.web.flow.ServiceAuthorizationCheck@62b99ff8> > > > > 2016-07-11 10:20:33,850 DEBUG > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > <Clearing action execution attributes map[[empty]]> > > > > 2016-07-11 10:20:33,852 DEBUG > > > > [org.springframework.web.servlet.DispatcherServlet] - <Could > > > > not complete request> > > > > org.springframework.web.util.NestedServletException: Handler > > > > processing failed; nested exception is > > > > java.lang.StackOverflowError > > > > at > > > > org.springframework.web.servlet.DispatcherServlet.triggerAfterC > > > > ompletionWithError(DispatcherServlet.java:1303) > > > > ~[DispatcherServlet.class:4.2.3.RELEASE] > > > > at > > > > org.springframework.web.servlet.DispatcherServlet.doDispatch(Di > > > > spatcherServlet.java:977) > > > > ~[DispatcherServlet.class:4.2.3.RELEASE] > > > > at > > > > org.springframework.web.servlet.DispatcherServlet.doService(Dis > > > > patcherServlet.java:893) > > > > ~[DispatcherServlet.class:4.2.3.RELEASE] > > > > at > > > > org.springframework.web.servlet.FrameworkServlet.processRequest > > > > (FrameworkServlet.java:970) > > > > ~[FrameworkServlet.class:4.2.3.RELEASE] > > > > at > > > > org.springframework.web.servlet.FrameworkServlet.doGet(Framewor > > > > kServlet.java:861) ~[FrameworkServlet.class:4.2.3.RELEASE] > > > > at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:618) > > > > ~[tomcat8-servlet-api-8.0.14.jar:?] > > > > at > > > > org.springframework.web.servlet.FrameworkServlet.service(Framew > > > > orkServlet.java:846) ~[FrameworkServlet.class:4.2.3.RELEASE] > > > > > > > > > > > > Greetings Florian > > > > > > > > > > > > Am Montag, 11. Juli 2016 09:20:31 UTC+2 schrieb Antti Sirviö: > > > > > Hello, > > > > > > > > > > I'm currently exprimenting with CAS 4.2.3 + SPNEGO setup, and > > > > > run into > > > > > some problems. I followed the wiki instructions of setting up > > > > > SPNEGO, > > > > > but it seems that I've missed something or didn't understand > > > > > something > > > > > correctly. > > > > > > > > > > Currently, I have working kerberos setup with AD (keytab is > > > > > ok, and > > > > > kinit is working as it should), and login.conf located in > > > > > /etc/cas/ > > > > > (the location is specified inside the cas.properties file). > > > > > Also > > > > > modifications to the login-webflow.xml are done (replaced > > > > > to=viewLoginForm actions with to=startSpnegoAuthenticate) > > > > > > > > > > Now, when I try to authenticate, I get 500 internal server > > > > > error. Logs > > > > > show following behaviour: > > > > > > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > > state 'ticketGrantingTicketCheck' of flow 'login'> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing [EvaluateAction@3bf69b2b expression = > > > > > ticketGrantingTicketCheckAction, resultExpression = [null]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > > <Putting action execution attributes map[[empty]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing org.jasig.cas.web.flow.TicketGrantingTicketCheckAc > > > > > tion@26573ce1> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing org.jasig.cas.web.flow.TicketGrantingTick > > > > > etCheckAction@26573ce1; result = notExists> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > > <Clearing action execution attributes map[[empty]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing [EvaluateAction@3bf69b2b expression = > > > > > ticketGrantingTicketCheckAction, resultExpression = [null]]; > > > > > result = notExists> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Executing > > > > > [Transition@7ae23c26 on = notExists, to = > > > > > gatewayRequestCheck]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > > state 'ticketGrantingTicketCheck'> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.DecisionState] - > > > > > <Entering state 'gatewayRequestCheck' of flow 'login'> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Executing > > > > > [Transition@43fd721f on = *, to = serviceAuthorizationCheck]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > > state 'gatewayRequestCheck'> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > > state 'serviceAuthorizationCheck' of flow 'login'> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing [EvaluateAction@20aff67 expression = > > > > > serviceAuthorizationCheck, resultExpression = [null]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > > <Putting action execution attributes map[[empty]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing > > > > > org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing > > > > > org.jasig.cas.web.flow.ServiceAuthorizationCheck@7b8ba682; > > > > > result = success> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > > <Clearing action execution attributes map[[empty]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing [EvaluateAction@20aff67 expression = > > > > > serviceAuthorizationCheck, resultExpression = [null]]; result > > > > > = success> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Executing > > > > > [Transition@78e25983 on = *, to = generateLoginTicket]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > > state 'serviceAuthorizationCheck'> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > > state 'generateLoginTicket' of flow 'login'> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing [EvaluateAction@a6fdfbc expression = > > > > > generateLoginTicketAction.generate(flowRequestContext), > > > > > resultExpression = [null]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > > <Putting action execution attributes map[[empty]]> > > > > > 2016-07-11 10:06:54,755 DEBUG > > > > > [org.jasig.cas.web.flow.GenerateLoginTicketAction] - > > > > > <Generated login ticket LT-346-BXiKx6UYxpODpnR5Pcey > > > > > -xxxxxxxxxxx> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.springframework.webflow.execution.AnnotatedAction] - > > > > > <Clearing action execution attributes map[[empty]]> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing [EvaluateAction@a6fdfbc expression = > > > > > generateLoginTicketAction.generate(flowRequestContext), > > > > > resultExpression = [null]]; result = generated> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Executing > > > > > [Transition@692cd498 on = generated, to = > > > > > startSpnegoAuthenticate]> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > > state 'generateLoginTicket'> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > > state 'startSpnegoAuthenticate' of flow 'login'> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing [EvaluateAction@142933c8 expression = > > > > > negociateSpnego, resultExpression = [null]]> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing org.jasig.cas.support.spnego.web.flow.SpnegoNegoci > > > > > ateCredentialsAction@1abe21d0> > > > > > 2016-07-11 10:06:54,756 DEBUG > > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredent > > > > > ialsAction] - <Authorization header [null], User Agent header > > > > > [Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) > > > > > like Gecko]> > > > > > 2016-07-11 10:06:54,757 DEBUG > > > > > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredent > > > > > ialsAction] - <Authorization header not found or does not > > > > > match the message prefix [Negotiate ]. Sending [WWW > > > > > -Authenticate] header [Negotiate]> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing org.jasig.cas.support.spnego.web.flow.Spn > > > > > egoNegociateCredentialsAction@1abe21d0; result = success> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing [EvaluateAction@142933c8 expression = > > > > > negociateSpnego, resultExpression = [null]]; result = > > > > > success> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Executing > > > > > [Transition@1d6b7385 on = success, to = spnego]> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > > state 'startSpnegoAuthenticate'> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.engine.ActionState] - <Entering > > > > > state 'spnego' of flow 'login'> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing [EvaluateAction@2c49b6e2 expression = spnego, > > > > > resultExpression = [null]]> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Executing org.jasig.cas.support.spnego.web.flow.SpnegoCreden > > > > > tialsAction@31c7f7c5> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing org.jasig.cas.support.spnego.web.flow.Spn > > > > > egoCredentialsAction@31c7f7c5; result = error> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.execution.ActionExecutor] - > > > > > <Finished executing [EvaluateAction@2c49b6e2 expression = > > > > > spnego, resultExpression = [null]]; result = error> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Executing > > > > > [Transition@53ba1570 on = error, to = > > > > > ticketGrantingTicketCheck]> > > > > > 2016-07-11 10:06:54,758 DEBUG > > > > > [org.springframework.webflow.engine.Transition] - <Exiting > > > > > state 'spnego'> > > > > > > > > > > This is repeated about hundred times, and finally the client > > > > > sees an > > > > > error message from the cas server. So does anyone have an > > > > > idea what's > > > > > wrong with the configuration? > > > > > > > > > > And one another question, how to configure ldap fallback for > > > > > SPNEGO? > > > > > > > > > > -- > > > > > Antti Sirviö -- Antti Sirviö -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1468314317.4288.74.camel%40lut.fi. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
signature.asc
Description: This is a digitally signed message part
