3.4.1 does not use OpenSAML. The problem is elsewhere. https://github.com/apereo/java-cas-client/issues/100
--Misagh From: [email protected] [mailto:[email protected]] On Behalf Of Manfredo Hopp Sent: Wednesday, November 23, 2016 1:57 PM To: Cas <[email protected]> Subject: [cas-user] Re: IO error sending HTTP request to /samlValidate Hi Misagh thank you for your reply, I made a mistake in the above pom artifact versions. I will write down the 2 versions we have beeing using: The new configuration pom (the one which throws that stacktrace) is: <org.springframework.version>4.3.3.RELEASE</org.springframework.version> <org.springframework.security.version>4.1.3.RELEASE</org.springframework.security.version> <org.jasig.cas.client.cas-client-support-saml.version>3.4.1</org.jasig.cas.client.cas-client-support-saml.version> <org.opensaml.opensaml.version>2.6.6</org.opensaml.opensaml.version> <commons-codec.commons-codec.version>1.10</commons-codec.commons-codec.version> <org.apache.santuario.xmlsec.version>1.5.7</org.apache.santuario.xmlsec.version> SAML has no dependency on cas-client so we put version 2.6.6 The older version (the one we have to use in order to avoid the problems) would be: <org.springframework.version>4.2.2.RELEASE</org.springframework.version> <org.springframework.security.version>4.0.3.RELEASE</org.springframework.security.version> <org.jasig.cas.client.cas-client-core.version>3.3.3</org.jasig.cas.client.cas-client-core.version> <org.opensaml.opensaml.version>1.1</org.opensaml.opensaml.version> <commons-codec.commons-codec.version>1.5</commons-codec.commons-codec.version> <org.apache.santuario.xmlsec.version>1.4.3</org.apache.santuario.xmlsec.version> Thank you again Manfredo 2016-11-22 21:25 GMT-03:00 Manfredo Hopp <[email protected] <mailto:[email protected]> >: Hi, we have cas client applications using SAML 1.1 which we recently upgraded to SAML 1.1 V2.6.6. With one of these applications (= front end) we are experiencing problems when access through cas. These intermitent problems make this application unavailabe and we end changing the SAML version to its prior jar version. (1.1) We have Cas 4.0.1 installed and the client application is under spring/spring security (with srping security cas) version. Following is pom artifacts versions: <org.springframework.version>4.2.2.RELEASE</org.springframework.version> <org.springframework.security.version>4.0.3.RELEASE</org.springframework.security.version> <org.jasig.cas.client.cas-client-core.version>3.2.1</org.jasig.cas.client.cas-client-core.version> <org.opensaml.opensaml.version>2.6.6</org.opensaml.opensaml.version> <commons-codec.commons-codec.version>1.5</commons-codec.commons-codec.version> <org.apache.santuario.xmlsec.version>1.4.3</org.apache.santuario.xmlsec.version> Cas 4.0.1 version has opensaml-2.5.1-1.jar version. Could this difference in version generate some problem with clients or is there any other known issue on this configuration. Cas is running on tomcat .8.5.5 and application is under tomcat 6.0.45. Any comments on this would be greatly appreciated! Manfredo Stacktrace of problem ======================================================= mensaje IO error sending HTTP request to /samlValidatedescripción El servidor encontró un error interno que hizo que no pudiera rellenar este requerimiento.excepciónjava.lang.RuntimeException: IO error sending HTTP request to /samlValidate org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:215) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:158) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:143) org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:270) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) causa raízjava.io.IOException: Server returned HTTP response code: 403 for URL: https://my.domain/cas/samlValidate?TARGET=http%3A%2F%2Fmy.domain%2Fauth%2Flogin%2Fcas <https://si.conicet.gov.ar/cas/samlValidate?TARGET=http%3A%2F%2Fsi.conicet.gov.ar%2Fauth%2Flogin%2Fcas> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1627) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:213) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:158) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:143) org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:270) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) nota La traza completa de la causa de este error se encuentra en los archivos de diario de Apache Tomcat/6.0.45. <http://6.0.45.> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAB623R-X_O%2BriauA_%3DLHDE1Zso6VYuT88BcaRsiU50ZFmE5szg%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAB623R-X_O%2BriauA_%3DLHDE1Zso6VYuT88BcaRsiU50ZFmE5szg%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/019901d245ce%24a004e2e0%24e00ea8a0%24%40unicon.net.
