Hello, Can u suggest how to delegate saml 2 in cas idp?
Thanks and regards Vikash Chandra +918567019627 Kindly ping me on WhatsApp, really need ur help. On Fri 22 Nov, 2019, 12:05 Raheem Shaik, <[email protected]> wrote: > I have successfully configured the CAS 5.3.10 overlay to delegate > authentication to a SAML IDP and I can successfully authenticate with the > IDP using the CAS login page default CASTEST button provided ( > https://test1.<domain>/cas/login), However, after authentication is > successful, I am redirected to > https://test2.<domain>/cas/login?client_name=CASTEST > which is the client_name in the metadata generated by CAS. After > "SAML2_RESPONSE_CREATED"The page displayed has message "CAS is unable to > process this request: "500:Internal Server Error" and below is the error > > Can somebody help me on this issue, let me know if i have missing any > config or json setup . > > org.springframework.webflow.execution.ActionExecutionException: Exception > thrown executing > org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3dfd83d7 in > state 'clientAction' of flow 'login' -- action execution attributes were > 'map[[empty]]' > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) > at > org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) > at org.springframework.webflow.engine.State.enter(State.java:194) > at org.springframework.webflow.engine.Flow.start(Flow.java:527) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) > at > org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) > at com.sun.proxy.$Proxy168.launchExecution(Unknown Source) > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:30) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:240) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) > at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:679) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.IllegalArgumentException: Delegated authentication > has failed with client CASTEST > at > org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.handleException(DelegatedClientAuthenticationAction.java:223) > at > org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.doExecute(DelegatedClientAuthenticationAction.java:185) > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) > at com.sun.proxy.$Proxy170.execute(Unknown Source) > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > ... 95 more > > *CAS Config properties for both CAS servers* > > *1. > https://apereo.github.io/cas/5.2.x/installation/Configuring-SAML2-Authentication.html > <https://apereo.github.io/cas/5.2.x/installation/Configuring-SAML2-Authentication.html> > - As Identity provider * > > #CAS Properties > cas.authn.samlIdp.entityId=https://test1.<domain>/cas/idp > cas.authn.samlIdp.scope=<domain> > cas.authn.samlIdp.metadata.location=file:/etc/cas/saml > cas.authn.samlIdp.metadata.privateKeyAlgName=RSA > cas.authn.samlIdp.metadata.requireValidMetadata=true > > cas.authn.accept.users=casuser::Mellon > > #1SAMLServices-123456788.json > > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "https://test2.<domain>/*.*", > "name" : "SAMLService", > "id" : 123456788, > "evaluationOrder" : 10, > "metadataLocation": "file://sp-metadata.xml" > } > > > #2SAMLServices-123456789.json > { > "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", > "serviceId" : "urn:mace:saml:pac4j.org", > "name" : "SAMLService", > "id" : 123456789, > "evaluationOrder" : 10, > "metadataLocation": "/etc/cas/config/sp-metadata.xml" > } > > > > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > *2. > https://apereo.github.io/cas/5.2.x/integration/Delegate-Authentication.htm > <https://apereo.github.io/cas/5.2.x/integration/Delegate-Authentication.htm>*l > - *As Service provider * > > #CAS Properties > cas.authn.pac4j.saml[0].keystorePassword=pac4j-demo-passwd > cas.authn.pac4j.saml[0].privateKeyPassword=pac4j-demo-passwd > cas.authn.pac4j.saml[0].keystorePath=/etc/cas/config/samlKeystore.jks > cas.authn.pac4j.saml[0].serviceProviderEntityId=urn:mace:saml:pac4j.org > > cas.authn.pac4j.saml[0].serviceProviderMetadataPath=/etc/cas/config/sp-metadata.xml > cas.authn.pac4j.saml[0].identityProviderMetadataPath=https://test1 > .<domain>/cas/idp/metadata > cas.authn.pac4j.saml[0].clientName=CASTEST > cas.authn.pac4j.saml[0].wantsAssertionsSigned=true > > > ******************************************** > > > > *Inmar Confidentiality Note*: This e-mail and any attachments are > confidential and intended to be viewed and used solely by the intended > recipient. If you are not the intended recipient, be aware that any > disclosure, dissemination, distribution, copying or use of this e-mail or > any attachment is prohibited. If you received this e-mail in error, please > notify us immediately by returning it to the sender and delete this copy > and all attachments from your system and destroy any printed copies. Thank > you for your cooperation. > > > > *Notice of Protected Rights*: The removal of any copyright, trademark, > or proprietary legend contained in this e-mail or any attachment is > prohibited without the express, written permission of Inmar, Inc. > Furthermore, the intended recipient must maintain all copyright notices, > trademarks, and proprietary legends within this e-mail and any attachments > in their original form and location if the e-mail or any attachments are > reproduced, printed or distributed. > > > > ******************************************** > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/227b1569-a30d-4313-9f43-48ff312d1778%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/227b1569-a30d-4313-9f43-48ff312d1778%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxgSvFKN8pnrdCC1REurcx8mwyPhNPHEPQa%3DxfTJhqdVNw%40mail.gmail.com.
