Since upgrading CAS to 5.3.9, we are now seeing various WsFederation errors
in logs.
2019-04-19 11:55:43,708 ERROR [org.apereo.cas.web.flow.WsFederationAction]
- <null>
java.lang.NullPointerException: null
at
org.apereo.cas.support.wsfederation.web.WsFederationCookieManager.retrieve(WsFederationCookieManager.java:60)
~[cas-server-support-wsfederation-5.3.9.jar:5.3.9]
at
org.apereo.cas.web.flow.WsFederationResponseValidator.validateWsFederationAuthenticationRequest(WsFederationResponseValidator.java:45)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at sun.reflect.GeneratedMethodAccessor314.invoke(Unknown Source)
~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191]
at
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.apereo.cas.web.flow.WsFederationResponseValidator$$EnhancerBySpringCGLIB$$636f8757.validateWsFederationAuthenticationRequest(<generated>)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at
org.apereo.cas.web.flow.WsFederationAction.doExecute(WsFederationAction.java:57)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
2019-04-19 12:29:07,926 ERROR
[org.apereo.cas.support.wsfederation.web.WsFederationCookieManager] - <No
cookie value could be retrieved to determine the state of the delegated
authentication session>
2019-04-19 12:29:07,926 ERROR [org.apereo.cas.web.flow.WsFederationAction]
- <No cookie could be found to determine session state>
java.lang.IllegalArgumentException: No cookie could be found to determine
session state
at
org.apereo.cas.support.wsfederation.web.WsFederationCookieManager.retrieve(WsFederationCookieManager.java:64)
~[cas-server-support-wsfederation-5.3.9.jar:5.3.9]
at
org.apereo.cas.web.flow.WsFederationResponseValidator.validateWsFederationAuthenticationRequest(WsFederationResponseValidator.java:45)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at sun.reflect.GeneratedMethodAccessor314.invoke(Unknown Source)
~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191]
at
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.apereo.cas.web.flow.WsFederationResponseValidator$$EnhancerBySpringCGLIB$$636f8757.validateWsFederationAuthenticationRequest(<generated>)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at
org.apereo.cas.web.flow.WsFederationAction.doExecute(WsFederationAction.java:57)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown Source)
~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191]
at
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at com.sun.proxy.$Proxy161.execute(Unknown Source) ~[?:?]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:527)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at sun.reflect.GeneratedMethodAccessor263.invoke(Unknown Source)
~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191]
2019-04-19 15:07:31,840 WARN
[org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential]
- <Ticket is issued before the allowed drift. Issued on
[2019-04-19T19:02:40.427Z] while allowed$
2019-04-19 15:07:31,841 ERROR
[org.apereo.cas.web.flow.WsFederationResponseValidator] - <SAML assertions
are blank or no longer valid based on RP identifier [urn:federation:cas]
and identity provider identifier $
2019-04-19 15:07:31,841 ERROR
[org.apereo.cas.web.flow.WsFederationResponseValidator] - <Could not
validate the provided assertion>
java.lang.IllegalArgumentException: Could not validate the provided
assertion
at
org.apereo.cas.web.flow.WsFederationResponseValidator.buildCredentialsFromAssertion(WsFederationResponseValidator.java:95)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at
org.apereo.cas.web.flow.WsFederationResponseValidator.validateWsFederationAuthenticationRequest(WsFederationResponseValidator.java:68)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at sun.reflect.GeneratedMethodAccessor314.invoke(Unknown Source)
~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191]
at
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.apereo.cas.web.flow.WsFederationResponseValidator$$EnhancerBySpringCGLIB$$636f8757.validateWsFederationAuthenticationRequest(<generated>)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at
org.apereo.cas.web.flow.WsFederationAction.doExecute(WsFederationAction.java:57)
~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown Source)
~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191]
at
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE]
at com.sun.proxy.$Proxy161.execute(Unknown Source) ~[?:?]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:527)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139)
~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE]
at sun.reflect.GeneratedMethodAccessor263.invoke(Unknown Source)
~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_191]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191]
Any idea what would cause these to occur or how we can fix them?
Thanks, Dan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c064b88a-ef8b-4596-b450-0389f1eb8f3d%40apereo.org.
