File an issue please; include all details.
From: "kaphael" <[email protected]> To: "CAS Community" <[email protected]> Sent: Tuesday, October 18, 2016 6:27:01 PM Subject: [cas-user] SAML2 support Hi, I'm using CAS 5.0.0.RC3-SNAPSHOT with SAML2 support. Since this version I got an issue with authentication (authentication works with RC1). I think the issue comes from these lines(cas/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/web/idp/profile/builders/enc/SamlObjectSigner.java) : l.409 : if (!overrideBlackListedSignatureAlgorithms.isEmpty()) { and l.414 : if (!overrideWhiteListedAlgorithms.isEmpty()) { Should it be : l.409 : if (this.overrideBlackListedSignatureAlgorithms != null && !this.overrideBlackListedSignatureAlgorithms.isEmpty()) { and l.414 : if (this.overrideWhiteListedAlgorithms != null && !overrideWhiteListedAlgorithms.isEmpty()) { Or is there a properties to set this 2 list to empty ones? I got the following stackTrace (full stacktrace in attachment) : 2016-10-18 16:02:24,943 INFO [org.apereo.cas.support.saml.services.idp.metadata.cache.ChainingMetadataResolverCacheLoader] - <Initialized metadata resolver from [ http://cas.sp.test.fr/metadata ]> 2016-10-18 16:02:25,053 ERROR [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to error page from request [/idp/profile/SAML2/Redirect/SSO] due to exception [null]> java.lang.NullPointerException at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner.verifySamlProfileRequestIfNeeded(SamlObjectSigner.java:409) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner$$FastClassBySpringCGLIB$$84e9b1fd.invoke(<generated>) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655) ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner$$EnhancerBySpringCGLIB$$cc188ec1.verifySamlProfileRequestIfNeeded(<generated>) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] at org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController.initiateAuthenticationRequest(AbstractSamlProfileHandlerController.java:408) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] at org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileHandlerController.handleSsoPostProfileRequest(SSOPostProfileHandlerController.java:71) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] at org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileHandlerController.handleSaml2ProfileSsoRedirectRequest(SSOPostProfileHandlerController.java:43) ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] [...] My cas.properties : server.contextPath=/ cas server.port=8443 server.ssl.keyStore=file:C:\\workspace\\ cas -server\\etc\\ cas \\ thekeystore server.ssl.keyStorePassword= changeit server.ssl.keyPassword= changeit server.tomcat.basedir=build/ tomcat server.tomcat.accesslog.enabled=true server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms ) server.tomcat.accesslog.suffix=.log server.tomcat.maxHttpHeaderSize=20971520 server.tomcat.maxThreads=5 server.tomcat.portHeader=X-Forwarded-Port server.tomcat.protocolHeader=X-Forwarded- Proto server.tomcat.protocolHeaderHttpsValue= https server.tomcat.remoteIpHeader=X-FORWARDED-FOR server.tomcat.uriEncoding=UTF-8 server.useForwardHeaders=true server.name = http://cas.idp.test.fr:8080 server.prefix=${ server.name }/ cas host.name = cas.idp.test.fr cas.server.name = http://cas.idp.test.fr:8080 cas.server.prefix=${ server.name }/ cas cas.host.name = cas.idp.test.fr cas.adminPagesSecurity.ip=127\.0\.0\.1 logging.config:file:C:\\workspace\\ cas -server\\etc\\ cas \\ config \\log4j2. xml ## SERVICES cas.serviceRegistry.config.location= classpath :/services cas.serviceRegistry.watcherEnabled=true cas.serviceRegistry.repeatInterval=10000 cas.serviceRegistry.startDelay=15000 cas.serviceRegistry.initFromJson=true ## AUTHENTICATION cas.authn.shiro.config.location=file:C:\\workspace\\ cas -server\\etc\\ cas \\ config \\shiro.ini cas.authn.accept.users= ## SAML IDP cas.authn.samlIdp.entityId= http://cas.idp.test.fr:8080/cas/idp cas.authn.samlIdp.hostName= cas.idp.test.fr cas.authn.samlIdp.scope= cas.idp.test.fr cas.authn.samlIdp.metadata.cacheExpirationMinutes=30 cas.authn.samlIdp.metadata.failFast=true cas.authn.samlIdp.metadata.location=C:/workspace/ cas -server/etc/ cas / config / saml cas.authn.samlIdp.metadata.privateKeyAlgName=RSA cas.authn.samlIdp.metadata.requireValidMetadata=true cas.authn.samlIdp.logout.forceSignedLogoutRequests=true cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false cas.authn.samlIdp.response.skewAllowance=0 cas.authn.samlIdp.response.signError=false cas.authn.samlIdp.response.overrideSignatureCanonicalizationAlgorithm= cas.authn.samlIdp.response.useAttributeFriendlyName=true ## CAS components mappings primaryAuthenticationHandler=shiroAuthenticationHandler ## CAS SSO Cookie Generation & Security tgc.cipherEnabled=true tgc.encryption.key=cTuglkjtEwRkpHuF tgc.signing.key=I5k4Ydbnv4y14c_c8VwAkMCjOCQez-txtRXOUjnRIYeOq7zpiNb8rokfT12-IH5QJvXldhtaIH_InGahR5dUtQ # Indicates whether SAML ticket id generation should be saml2-compliant. cas.saml.ticketid.saml2=true My pom.xml : <?xml version="1.0" encoding="UTF-8"?> <project xmlns=" http://maven.apache.org/POM/4.0.0 " xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance " xsi:schemaLocation=" http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd "> <modelVersion>4.0.0</modelVersion> <groupId>org.apereo.cas</groupId> <artifactId>cas-overlay</artifactId> <packaging>war</packaging> <version>1.0</version> <build> <plugins> <plugin> <groupId>com.rimerosolutions.maven.plugins</groupId> <artifactId>wrapper-maven-plugin</artifactId> <version>0.0.4</version> <configuration> <verifyDownload>true</verifyDownload> <checksumAlgorithm>MD5</checksumAlgorithm> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <warName>cas</warName> <failOnMissingWebXml>false</failOnMissingWebXml> <recompressZippedFiles>false</recompressZippedFiles> <archive> <compress>false</compress> <manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp/META-INF/MANIFEST.MF</manifestFile> </archive> <overlays> <overlay> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp</artifactId> </overlay> </overlays> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.3</version> </plugin> <plugin> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>${maven-jetty-plugin.version}</version> <configuration> <jettyXml>${basedir}/etc/jetty/jetty.xml,${basedir}/etc/jetty/jetty-ssl.xml,${basedir}/etc/jetty/jetty-https.xml</jettyXml> <systemProperties> <systemProperty> <name>org.eclipse.jetty.annotations.maxWait</name> <value>240</value> </systemProperty> </systemProperties> <webApp> <contextPath>/cas</contextPath> <overrideDescriptor>${basedir}/etc/jetty/web.xml</overrideDescriptor> </webApp> <webAppConfig> <allowDuplicateFragmentNames>true</allowDuplicateFragmentNames> </webAppConfig> <jvmArgs>-Dlogging.config=/etc/cas/log4j2.xml -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n</jvmArgs> </configuration> </plugin> </plugins> <finalName>cas</finalName> </build> <dependencies> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-saml</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-saml-idp</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-generic</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-jdbc</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>org.apereo.inspektr</groupId> <artifactId>inspektr-aspects</artifactId> <version> 1.5.GA </version> </dependency> </dependencies> <properties> <cas.version>5.0.0.RC3-SNAPSHOT</cas.version> <maven-jetty-plugin.version>9.3.6.v20151106</maven-jetty-plugin.version> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <repositories> <repository> <id>sonatype-releases</id> <url> http://oss.sonatype.org/content/repositories/releases/ </url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> <repository> <id>sonatype-snapshots</id> <url> https://oss.sonatype.org/content/repositories/snapshots/ </url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </repository> <repository> <id>shibboleth-releases</id> <url> https://build.shibboleth.net/nexus/content/repositories/releases </url> </repository> <repository> <id>spring-milestones</id> <url> https://repo.spring.io/milestone </url> </repository> </repositories> <profiles> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>pgp</id> <build> <plugins> <plugin> <groupId>com.github.s4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.1.0</version> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> <configuration> <pgpKeyServer>hkp:// pool.sks-keyservers.net </pgpKeyServer> <pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath> <scope>test</scope> <verifyPomFiles>true</verifyPomFiles> <failNoSignature>false</failNoSignature> </configuration> </plugin> </plugins> </build> </profile> </profiles> </project> Regards. -- CAS gitter chatroom: https://gitter.im/apereo/cas CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html CAS documentation website: https://apereo.github.io/cas CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] . To post to this group, send email to [email protected] . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CADopUgxyW4cvHYPQYk7KyqTy174oRifm-vrVT2_16u-8uBJfow%40mail.gmail.com . For more options, visit https://groups.google.com/a/apereo.org/d/optout . -- CAS gitter chatroom: https://gitter.im/apereo/cas CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html CAS documentation website: https://apereo.github.io/cas CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1220242042.4019817.1476803314775.JavaMail.zimbra%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
