File an issue please; include all details. 

From: "kaphael" <kapha...@gmail.com> 
To: "CAS Community" <cas-user@apereo.org> 
Sent: Tuesday, October 18, 2016 6:27:01 PM 
Subject: [cas-user] SAML2 support 



Hi, 



I'm using CAS 5.0.0.RC3-SNAPSHOT with SAML2 support. 




Since this version I got an issue with authentication (authentication works 
with RC1). 

I think the issue comes from these 
lines(cas/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/web/idp/profile/builders/enc/SamlObjectSigner.java)
 : 

l.409 : if (!overrideBlackListedSignatureAlgorithms.isEmpty()) { 

and 

l.414 : if (!overrideWhiteListedAlgorithms.isEmpty()) { 



Should it be : 

l.409 : if (this.overrideBlackListedSignatureAlgorithms != null && 
!this.overrideBlackListedSignatureAlgorithms.isEmpty()) { 

and 

l.414 : if (this.overrideWhiteListedAlgorithms != null && 
!overrideWhiteListedAlgorithms.isEmpty()) { 



Or is there a properties to set this 2 list to empty ones? 




I got the following stackTrace (full stacktrace in attachment) : 



2016-10-18 16:02:24,943 INFO 
[org.apereo.cas.support.saml.services.idp.metadata.cache.ChainingMetadataResolverCacheLoader]
 - <Initialized metadata resolver from [ http://cas.sp.test.fr/metadata ]> 

2016-10-18 16:02:25,053 ERROR 
[org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to error 
page from request [/idp/profile/SAML2/Redirect/SSO] due to exception [null]> 

java.lang.NullPointerException 

at 
org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner.verifySamlProfileRequestIfNeeded(SamlObjectSigner.java:409)
 ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] 

at 
org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner$$FastClassBySpringCGLIB$$84e9b1fd.invoke(<generated>)
 ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] 

at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
~[spring-core-4.3.3.RELEASE.jar:4.3.3.RELEASE] 

at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720)
 ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 

at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 

at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
 ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 

at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
 ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 

at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 

at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
 ~[spring-aop-4.3.3.RELEASE.jar:4.3.3.RELEASE] 

at 
org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner$$EnhancerBySpringCGLIB$$cc188ec1.verifySamlProfileRequestIfNeeded(<generated>)
 ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] 

at 
org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController.initiateAuthenticationRequest(AbstractSamlProfileHandlerController.java:408)
 ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] 

at 
org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileHandlerController.handleSsoPostProfileRequest(SSOPostProfileHandlerController.java:71)
 ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] 

at 
org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileHandlerController.handleSaml2ProfileSsoRedirectRequest(SSOPostProfileHandlerController.java:43)
 ~[cas-server-support-saml-idp-5.0.0.RC3-SNAPSHOT.jar:5.0.0.RC3-SNAPSHOT] 

[...] 




My cas.properties : 

server.contextPath=/ cas 

server.port=8443 

server.ssl.keyStore=file:C:\\workspace\\ cas -server\\etc\\ cas \\ thekeystore 

server.ssl.keyStorePassword= changeit 

server.ssl.keyPassword= changeit 




server.tomcat.basedir=build/ tomcat 

server.tomcat.accesslog.enabled=true 

server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms ) 

server.tomcat.accesslog.suffix=.log 

server.tomcat.maxHttpHeaderSize=20971520 

server.tomcat.maxThreads=5 

server.tomcat.portHeader=X-Forwarded-Port 

server.tomcat.protocolHeader=X-Forwarded- Proto 

server.tomcat.protocolHeaderHttpsValue= https 

server.tomcat.remoteIpHeader=X-FORWARDED-FOR 

server.tomcat.uriEncoding=UTF-8 



server.useForwardHeaders=true 



server.name = http://cas.idp.test.fr:8080 

server.prefix=${ server.name }/ cas 

host.name = cas.idp.test.fr 



cas.server.name = http://cas.idp.test.fr:8080 

cas.server.prefix=${ server.name }/ cas 

cas.host.name = cas.idp.test.fr 



cas.adminPagesSecurity.ip=127\.0\.0\.1 



logging.config:file:C:\\workspace\\ cas -server\\etc\\ cas \\ config \\log4j2. 
xml 




## SERVICES 



cas.serviceRegistry.config.location= classpath :/services 

cas.serviceRegistry.watcherEnabled=true 

cas.serviceRegistry.repeatInterval=10000 

cas.serviceRegistry.startDelay=15000 

cas.serviceRegistry.initFromJson=true 



## AUTHENTICATION 



cas.authn.shiro.config.location=file:C:\\workspace\\ cas -server\\etc\\ cas \\ 
config \\shiro.ini 

cas.authn.accept.users= 



## SAML IDP 



cas.authn.samlIdp.entityId= http://cas.idp.test.fr:8080/cas/idp 

cas.authn.samlIdp.hostName= cas.idp.test.fr 

cas.authn.samlIdp.scope= cas.idp.test.fr 



cas.authn.samlIdp.metadata.cacheExpirationMinutes=30 

cas.authn.samlIdp.metadata.failFast=true 

cas.authn.samlIdp.metadata.location=C:/workspace/ cas -server/etc/ cas / config 
/ saml 






cas.authn.samlIdp.metadata.privateKeyAlgName=RSA 

cas.authn.samlIdp.metadata.requireValidMetadata=true 



cas.authn.samlIdp.logout.forceSignedLogoutRequests=true 

cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false 



cas.authn.samlIdp.response.skewAllowance=0 

cas.authn.samlIdp.response.signError=false 

cas.authn.samlIdp.response.overrideSignatureCanonicalizationAlgorithm= 

cas.authn.samlIdp.response.useAttributeFriendlyName=true 





## CAS components mappings 



primaryAuthenticationHandler=shiroAuthenticationHandler 



## CAS SSO Cookie Generation & Security 



tgc.cipherEnabled=true 

tgc.encryption.key=cTuglkjtEwRkpHuF 

tgc.signing.key=I5k4Ydbnv4y14c_c8VwAkMCjOCQez-txtRXOUjnRIYeOq7zpiNb8rokfT12-IH5QJvXldhtaIH_InGahR5dUtQ
 



# Indicates whether SAML ticket id generation should be saml2-compliant. 

cas.saml.ticketid.saml2=true 





My pom.xml : 

<?xml version="1.0" encoding="UTF-8"?> 

<project xmlns=" http://maven.apache.org/POM/4.0.0 " 

xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance " 

xsi:schemaLocation=" http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd "> 

<modelVersion>4.0.0</modelVersion> 

<groupId>org.apereo.cas</groupId> 

<artifactId>cas-overlay</artifactId> 

<packaging>war</packaging> 

<version>1.0</version> 



<build> 

<plugins> 

<plugin> 

<groupId>com.rimerosolutions.maven.plugins</groupId> 

<artifactId>wrapper-maven-plugin</artifactId> 

<version>0.0.4</version> 

<configuration> 

<verifyDownload>true</verifyDownload> 

<checksumAlgorithm>MD5</checksumAlgorithm> 

</configuration> 

</plugin> 

<plugin> 

<groupId>org.apache.maven.plugins</groupId> 

<artifactId>maven-war-plugin</artifactId> 

<version>2.6</version> 

<configuration> 

<warName>cas</warName> 

<failOnMissingWebXml>false</failOnMissingWebXml> 

<recompressZippedFiles>false</recompressZippedFiles> 

<archive> 

<compress>false</compress> 

<manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp/META-INF/MANIFEST.MF</manifestFile>
 

</archive> 

<overlays> 

<overlay> 

<groupId>org.apereo.cas</groupId> 

<artifactId>cas-server-webapp</artifactId> 

</overlay> 

</overlays> 

</configuration> 

</plugin> 

<plugin> 

<groupId>org.apache.maven.plugins</groupId> 

<artifactId>maven-compiler-plugin</artifactId> 

<version>3.3</version> 

</plugin> 

<plugin> 

<groupId>org.eclipse.jetty</groupId> 

<artifactId>jetty-maven-plugin</artifactId> 

<version>${maven-jetty-plugin.version}</version> 

<configuration> 

<jettyXml>${basedir}/etc/jetty/jetty.xml,${basedir}/etc/jetty/jetty-ssl.xml,${basedir}/etc/jetty/jetty-https.xml</jettyXml>
 

<systemProperties> 

<systemProperty> 

<name>org.eclipse.jetty.annotations.maxWait</name> 

<value>240</value> 

</systemProperty> 

</systemProperties> 

<webApp> 

<contextPath>/cas</contextPath> 

<overrideDescriptor>${basedir}/etc/jetty/web.xml</overrideDescriptor> 

</webApp> 

<webAppConfig> 

<allowDuplicateFragmentNames>true</allowDuplicateFragmentNames> 

</webAppConfig> 

<jvmArgs>-Dlogging.config=/etc/cas/log4j2.xml -Xdebug 
-Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n</jvmArgs> 

</configuration> 

</plugin> 

</plugins> 

<finalName>cas</finalName> 

</build> 



<dependencies> 

<dependency> 

<groupId>org.apereo.cas</groupId> 

<artifactId>cas-server-webapp</artifactId> 

<version>${cas.version}</version> 

<type>war</type> 

<scope>runtime</scope> 

</dependency> 

<dependency> 

<groupId>org.apereo.cas</groupId> 

<artifactId>cas-server-support-saml</artifactId> 

<version>${cas.version}</version> 

</dependency> 

<dependency> 

<groupId>org.apereo.cas</groupId> 

<artifactId>cas-server-support-saml-idp</artifactId> 

<version>${cas.version}</version> 

</dependency> 

<dependency> 

<groupId>org.apereo.cas</groupId> 

<artifactId>cas-server-support-generic</artifactId> 

<version>${cas.version}</version> 

</dependency> 

<dependency> 

<groupId>org.apereo.cas</groupId> 

<artifactId>cas-server-support-jdbc</artifactId> 

<version>${cas.version}</version> 

</dependency> 

<dependency> 

<groupId>org.apereo.inspektr</groupId> 

<artifactId>inspektr-aspects</artifactId> 

<version> 1.5.GA </version> 

</dependency> 



</dependencies> 



<properties> 

<cas.version>5.0.0.RC3-SNAPSHOT</cas.version> 

<maven-jetty-plugin.version>9.3.6.v20151106</maven-jetty-plugin.version> 

<maven.compiler.source>1.8</maven.compiler.source> 

<maven.compiler.target>1.8</maven.compiler.target> 

<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> 

</properties> 



<repositories> 

<repository> 

<id>sonatype-releases</id> 

<url> http://oss.sonatype.org/content/repositories/releases/ </url> 

<snapshots> 

<enabled>false</enabled> 

</snapshots> 

<releases> 

<enabled>true</enabled> 

</releases> 

</repository> 

<repository> 

<id>sonatype-snapshots</id> 

<url> https://oss.sonatype.org/content/repositories/snapshots/ </url> 

<snapshots> 

<enabled>true</enabled> 

</snapshots> 

<releases> 

<enabled>false</enabled> 

</releases> 

</repository> 

<repository> 

<id>shibboleth-releases</id> 

<url> https://build.shibboleth.net/nexus/content/repositories/releases </url> 

</repository> 

<repository> 

<id>spring-milestones</id> 

<url> https://repo.spring.io/milestone </url> 

</repository> 

</repositories> 



<profiles> 

<profile> 

<activation> 

<activeByDefault>false</activeByDefault> 

</activation> 

<id>pgp</id> 

<build> 

<plugins> 

<plugin> 

<groupId>com.github.s4u.plugins</groupId> 

<artifactId>pgpverify-maven-plugin</artifactId> 

<version>1.1.0</version> 

<executions> 

<execution> 

<goals> 

<goal>check</goal> 

</goals> 

</execution> 

</executions> 

<configuration> 

<pgpKeyServer>hkp:// pool.sks-keyservers.net </pgpKeyServer> 

<pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath> 

<scope>test</scope> 

<verifyPomFiles>true</verifyPomFiles> 

<failNoSignature>false</failNoSignature> 

</configuration> 

</plugin> 

</plugins> 

</build> 

</profile> 

</profiles> 

</project> 





Regards. 


-- 
CAS gitter chatroom: https://gitter.im/apereo/cas 
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
CAS documentation website: https://apereo.github.io/cas 
CAS project website: https://github.com/apereo/cas 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To post to this group, send email to cas-user@apereo.org . 
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CADopUgxyW4cvHYPQYk7KyqTy174oRifm-vrVT2_16u-8uBJfow%40mail.gmail.com
 . 
For more options, visit https://groups.google.com/a/apereo.org/d/optout . 

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1220242042.4019817.1476803314775.JavaMail.zimbra%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Reply via email to