Hi,
When testing with function of to surrogate to users not authorized, CAS
gets below error. Normal surrogate function works.
CAS is unable to process this request: "500:Internal Server Error"
It failed to display the error message with is set up in the
message.properties:
authenticationFailure.SurrogateAuthenticationException=You are not
authorized to impersonate the indicated user at this time.
Stack trace is:
2020-07-17 20:52:11,523 ERROR
[org.springframework.boot.web.servlet.support.ErrorPageFilter] -
<Forwarding to error page from request [/login] due to exception [Exception
thrown executing
org.apereo.cas.web.flow.action.LoadSurrogatesListAction@18ebab7c in state
'loadSurrogatesAction' of flow 'login' -- action execution attributes were
'map[[empty]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception
thrown executing
org.apereo.cas.web.flow.action.LoadSurrogatesListAction@18ebab7c in state
'loadSurrogatesAction' of flow 'login' -- action execution attributes were
'map[[empty]]'
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
....
Caused by: org.apereo.cas.authentication.SurrogateAuthenticationException:
Unable to authorize surrogate authentication request for XXXX
at
org.apereo.cas.authentication.SurrogatePrincipalBuilder.buildSurrogateAuthenticationResult(SurrogatePrincipalBuilder.java:90)
~[cas-server-support-surrogate-authentication-6.2.0.jar:6.2.0]
at
org.apereo.cas.web.flow.action.LoadSurrogatesListAction.doExecute(LoadSurrogatesListAction.java:50)
~[cas-server-support-surrogate-webflow-6.2.0.jar:6.2.0]
When checked CAS code more closely, it throwed
SurrogateAuthenticationException correctly, but the exception was not
handled properly.
And the audit log displayed AUTHENTICATION_SUCCESS, but the login actually
failed.
2020-07-17 20:52:10,583 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit
trail record BEGIN
=============================================================
WHO: (Primary User: [XXXX], Surrogate User: [XXXX])
WHAT: Supplied credentials:
[SurrogateUsernamePasswordCredential(super=RememberMeUsernamePasswordCredential(super=UsernamePasswordCredential(username=XXXX
, source=null, customFields={}), rememberMe=false), surrogateUsername=XXXX)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Fri Jul 17 20:52:10 AEST 2020
CLIENT IP ADDRESS: XXXX
SERVER IP ADDRESS: XXXX
=============================================================
Appreciated your help.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/83a5f672-1508-4974-8729-58b9c631f936o%40apereo.org.
