Hi, Flow processing complains about a missing "authenticationFailure" transition, I suspect that's a side effect of a recent modification made to get SPENGO working with MFA (Yubikey in our test case).
As SPNEGO transition is no more handled in XML file, I think you need a change in Configuration class. Regards. Le 05/10/2016 à 12:39, Felix Schumacher a écrit : > Hi all, > > I have updated my test environment from 5.0.0-RC2 to 5.0.0-RC3 and > noticed, that the SPNEGO workflow is broken, when a wrong kerberos > ticket is send. > > With RC2 I got the LDAP backed Login form, while RC3 shows me an error > page with the following error snippet on it: > > Error: No transition was matched on the event(s) signaled by the [1] > action(s) that executed in this action state 'spnego' of flow 'login'; > transitions must be defined to handle action result outcomes -- > possible flow configuration error? Note: the eventIds signaled were: > 'array<String>['authenticationFailure']', while the supported set of > transitional criteria for this action state is > 'array<TransitionCriteria>[success, error]' > > The browser gets the first 401 response as it should and responds with > a request containing the Negotiate header. That triggers the 500 > response with the snippet above. > > If I call the login webflow with a browser, that is not issuing > kerberos tickets, I can use the login form successfully. > > If I call the login webflow with a correct kerberos ticket, I get > logged in OK, too. > > My workflows only modification is: > > @@ -25,7 +25,7 @@ > > <action-state id="initializeLoginForm"> > <evaluate expression="initializeLoginAction" /> > - <transition on="success" to="startSpnegoAuthenticate"/> > + <transition on="success" to="viewLoginForm"/> > </action-state> > > <view-state id="viewLoginForm" view="casLoginView" > model="credential"> > > > Any ideas? > > Felix > -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c5aee78-49df-d197-fa2b-48933d86dc30%40ch-poitiers.fr. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
smime.p7s
Description: Signature cryptographique S/MIME
