My application has a number of client organisations that want their users
to use their Active Directory through a SAML2 Identity Provider (IdP).
No problem, CAS supports this by being able to define multiple sets of
properties using cas.authn.pac4j.saml[0], cas.authn.pac4j.saml[1],
cas.authn.pac4j.saml[2], etc.
Yesterday, I got a nasty surprise when one of those external IdPs went
down. This affected my application, because other users started getting
errors when trying to log in.
2018-08-29 01:13:26,917 ERROR
[net.shibboleth.utilities.java.support.xml.BasicParserPool] - <XML Parsing
Error>
org.xml.sax.SAXParseException: The element type "br" must be terminated by
the matching end-tag "</br>".
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
~[?:1.8.0_171]
I had to edit cas.properties, comment out all the config options for the
misbehaving IdP and restart CAS. That was the only way to isolate the
problem and let the functioning parts of the system continue working.
But this shouldn't have been necessary. Shouldn't CAS be able to isolate a
misbehaving IdP and merely suppress the display of its link on the login
page?
Ganesh
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2508ec8d-1316-4e85-924d-971c960fe3d2%40apereo.org.
