HiJerome, It appears that the token server cannot be reached directly but has to go via a proxy. Is there a property in cas to specify the proxy url and port ? or this has to be a network settings on the server ?
Thanks Joe On Tuesday, September 8, 2020 at 1:00:12 AM UTC-5 leleuj wrote: > Hi, > > During the authentication process, CAS via pac4j tries to directly contact > the identity provider to retrieve the access token. > The "connection timeout" means that the identity provider is not directly > reachable from the CAS server. Maybe a mismatch in the URL definition or a > proxy setting on the CAS server. > Thanks. > Best regards, > Jérôme > > > Le mar. 8 sept. 2020 à 03:34, Joe Manavalan <[email protected]> a > écrit : > >> Hi Jerome, >> >> For testing I set up the server name as the url. And now I have the >> redirect url coming correctly but its timing out when getting >> authentication Object. since the error is from pac4j, I also posted a >> message in pac4j group too.. >> >> Following is the trace from log. Would it help trying a different version >> of pac4j ? >> >> >> 2020-09-07 18:47:30,765 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login/a204264-CodesESSO_DevDomain?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8 >> >> reached end of additional filter chain; proceeding with original chain> >> 2020-09-07 18:47:30,772 DEBUG >> [org.springframework.web.servlet.DispatcherServlet] - <GET >> "/codesESSO/login/a204264-CodesESSO_DevDomain?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8", >> >> parameters={masked}> >> 2020-09-07 18:47:30,774 DEBUG >> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >> >> - <Mapped to >> org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String, >> >> HttpServletRequest, HttpServletResponse)> >> 2020-09-07 18:47:30,775 DEBUG >> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Received a >> response for client [a204264-CodesESSO_DevDomain], redirecting the login >> flow [ >> https://mycompanydomain.com:8445/codesESSO/login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> ]> >> 2020-09-07 18:47:30,786 DEBUG >> [org.springframework.web.servlet.view.RedirectView] - <View [RedirectView], >> model {}> >> 2020-09-07 18:47:30,787 DEBUG >> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >> >> - <SecurityContext is empty or contents are anonymous - context will not be >> stored in HttpSession.> >> 2020-09-07 18:47:30,787 DEBUG >> [org.springframework.web.servlet.DispatcherServlet] - <Completed 302 FOUND> >> 2020-09-07 18:47:30,787 DEBUG >> [org.springframework.security.web.access.ExceptionTranslationFilter] - >> <Chain processed normally> >> 2020-09-07 18:47:30,788 DEBUG >> [org.springframework.security.web.context.SecurityContextPersistenceFilter] >> - <SecurityContextHolder now cleared, as request processing completed> >> 2020-09-07 18:47:30,860 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 1 of 9 in additional filter chain; firing Filter: >> 'ChannelProcessingFilter'> >> 2020-09-07 18:47:30,860 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 2 of 9 in additional filter chain; firing Filter: >> 'WebAsyncManagerIntegrationFilter'> >> 2020-09-07 18:47:30,860 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 3 of 9 in additional filter chain; firing Filter: >> 'SecurityContextPersistenceFilter'> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >> >> - <No HttpSession currently exists> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >> >> - <No SecurityContext was available from the HttpSession: null. A new one >> will be created.> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 4 of 9 in additional filter chain; firing Filter: >> 'RequestCacheAwareFilter'> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - >> <saved request doesn't match> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 5 of 9 in additional filter chain; firing Filter: >> 'SecurityContextHolderAwareRequestFilter'> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 6 of 9 in additional filter chain; firing Filter: >> 'AnonymousAuthenticationFilter'> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >> >> - <Populated SecurityContextHolder with anonymous token: >> 'org.springframework.security.authentication.AnonymousAuthenticationToken@11ef9e01: >> >> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; >> Details: >> org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: >> >> RemoteIpAddress: 10.98.183.5; SessionId: null; Granted Authorities: >> ROLE_ANONYMOUS'> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 7 of 9 in additional filter chain; firing Filter: >> 'SessionManagementFilter'> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 8 of 9 in additional filter chain; firing Filter: >> 'ExceptionTranslationFilter'> >> 2020-09-07 18:47:30,861 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> at position 9 of 9 in additional filter chain; firing Filter: >> 'FilterSecurityInterceptor'> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying >> to match using Ant [pattern='/null/**']> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/null/**'> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <No >> matches found> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying >> to match using Ant [pattern='/css/**']> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/css/**'> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying >> to match using Ant [pattern='/js/**']> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/js/**'> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying >> to match using Ant [pattern='/images/**']> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/images/**'> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying >> to match using Ant [pattern='/webjars/**']> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/webjars/**'> >> 2020-09-07 18:47:30,864 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <Trying >> to match using Ant [pattern='/**/favicon.ico']> >> 2020-09-07 18:47:30,867 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/**/favicon.ico'> >> 2020-09-07 18:47:30,868 DEBUG >> [org.springframework.security.web.util.matcher.OrRequestMatcher] - <No >> matches found> >> 2020-09-07 18:47:30,868 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/resources/**'> >> 2020-09-07 18:47:30,868 DEBUG >> [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - >> <Checking match of request : '/login'; against '/static/**'> >> 2020-09-07 18:47:30,869 DEBUG >> [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] >> >> - <Public object - authentication not attempted> >> 2020-09-07 18:47:30,869 DEBUG >> [org.springframework.security.web.FilterChainProxy] - >> </login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain >> >> reached end of additional filter chain; proceeding with original chain> >> 2020-09-07 18:47:30,870 DEBUG >> [org.springframework.web.servlet.DispatcherServlet] - <GET >> "/codesESSO/login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain", >> >> parameters={masked}> >> 2020-09-07 18:47:30,872 DEBUG >> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >> request with URI '/codesESSO/login' to flow with id 'login'> >> 2020-09-07 18:47:30,873 DEBUG >> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapped to >> [FlowHandlerMapping.DefaultFlowHandler@5687bc9e]> >> 2020-09-07 18:47:30,875 DEBUG >> [org.springframework.webflow.executor.FlowExecutorImpl] - <Launching new >> execution of flow 'login' with input map['client_name' -> >> 'a204264-CodesESSO_DevDomain', 'code' -> >> 'Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse', 'state' -> >> 'TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8']> >> 2020-09-07 18:47:30,875 DEBUG >> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >> - <Getting FlowDefinition with id 'login'> >> 2020-09-07 18:47:30,875 DEBUG >> [org.springframework.webflow.engine.impl.FlowExecutionImplFactory] - >> <Creating new execution of 'login'> >> 2020-09-07 18:47:30,876 DEBUG >> [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Starting in >> org.springframework.webflow.mvc.servlet.MvcExternalContext@68d39ed8 with >> input map['client_name' -> 'a204264-CodesESSO_DevDomain', 'code' -> >> 'Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse', 'state' -> >> 'TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8']> >> 2020-09-07 18:47:30,876 DEBUG [org.springframework.webflow.engine.Flow] - >> <Creating [FlowVariable@511bfc1c name = 'credential', valueFactory = >> [BeanFactoryVariableValueFactory@42331ab3 type = >> UsernamePasswordCredential]]> >> 2020-09-07 18:47:30,878 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> [EvaluateAction@4bf00528 expression = initialFlowSetupAction, >> resultExpression = [null]]> >> 2020-09-07 18:47:30,879 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> org.apereo.cas.web.flow.login.InitialFlowSetupAction@7befab70> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Finished >> executing org.apereo.cas.web.flow.login.InitialFlowSetupAction@7befab70; >> result = success> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Finished >> executing [EvaluateAction@4bf00528 expression = initialFlowSetupAction, >> resultExpression = [null]]; result = success> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> [EvaluateAction@68329dba expression = verifyRequiredServiceAction, >> resultExpression = [null]]> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> org.apereo.cas.web.flow.login.VerifyRequiredServiceAction@4f7a057a> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Finished >> executing >> org.apereo.cas.web.flow.login.VerifyRequiredServiceAction@4f7a057a; result >> = success> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Finished >> executing [EvaluateAction@68329dba expression = >> verifyRequiredServiceAction, resultExpression = [null]]; result = success> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> org.apereo.cas.pm.web.flow.PasswordManagementWebflowConfigurer$$Lambda$892/0x0000000100f99840@51e913b3> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Finished >> executing >> org.apereo.cas.pm.web.flow.PasswordManagementWebflowConfigurer$$Lambda$892/0x0000000100f99840@51e913b3; >> >> result = null> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.engine.ActionState] - <Entering state >> 'delegatedAuthenticationAction' of flow 'login'> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> [EvaluateAction@7780b35 expression = delegatedAuthenticationAction, >> resultExpression = [null]]> >> 2020-09-07 18:47:30,885 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f> >> 2020-09-07 18:47:30,887 DEBUG >> [org.apereo.cas.web.DelegatedClientWebflowManager] - <Client identifier >> could not found as part of the request parameters. Looking at state for the >> OAuth2/Oidc client> >> 2020-09-07 18:47:30,888 DEBUG >> [org.apereo.cas.web.DelegatedClientWebflowManager] - <Located delegated >> client identifier for this request as >> [Optional[TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8]]> >> 2020-09-07 18:47:30,895 DEBUG >> [org.apereo.cas.web.DelegatedClientWebflowManager] - <Located delegated >> client identifier as [TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8]> >> 2020-09-07 18:47:30,898 DEBUG >> [org.apereo.cas.web.DelegatedClientWebflowManager] - <Removing delegated >> client identifier [TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8] from registry> >> 2020-09-07 18:47:30,904 DEBUG >> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket >> [TransientSessionTicketImpl(super=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8, >> service=null, properties={targetService=null, method=, service=null, >> theme=, locale=})] from the registry.> >> 2020-09-07 18:47:30,912 DEBUG >> [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <Delegated >> authentication client is [#GenericOAuth20Client# | name: >> a204264-CodesESSO_DevDomain | callbackUrl: >> https://mycompanydomain.com:8445/codesESSO/login | callbackUrlResolver: >> org.pac4j.core.http.callback.PathParameterCallbackUrlResolver@10eaf59b | >> ajaxRequestResolver: >> org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@283128c7 | >> redirectionActionBuilder: >> org.pac4j.oauth.redirect.OAuth20RedirectionActionBuilder@1a90d8b6 | >> credentialsExtractor: >> org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor@4e0ba4c6 >> | authenticator: >> org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator@4555b8e7 | >> profileCreator: >> org.pac4j.oauth.profile.creator.OAuth20ProfileCreator@6483d79a | >> configuration: #OAuth20Configuration# | key: dc-EzviE8N74pZ4EoQ8lZDLLX | >> secret: [protected] | tokenAsHeader: false | responseType: code | scope: >> null | api: org.pac4j.scribe.builder.api.GenericApi20@78caf6d4 | >> hasBeenCancelledFactory: >> org.pac4j.oauth.config.OAuthConfiguration$$Lambda$946/0x0000000100fe9c40@3674ffcb >> >> | profileDefinition: >> org.pac4j.oauth.profile.generic.GenericOAuth20ProfileDefinition@6b74509f | >> httpClientConfig: null | |] with service [null]> >> 2020-09-07 18:47:30,913 DEBUG >> [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <Fetching >> credentials from delegated client [#GenericOAuth20Client# | name: >> a204264-CodesESSO_DevDomain | callbackUrl: >> https://mycompanydomain.com:8445/codesESSO/login | callbackUrlResolver: >> org.pac4j.core.http.callback.PathParameterCallbackUrlResolver@10eaf59b | >> ajaxRequestResolver: >> org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@283128c7 | >> redirectionActionBuilder: >> org.pac4j.oauth.redirect.OAuth20RedirectionActionBuilder@1a90d8b6 | >> credentialsExtractor: >> org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor@4e0ba4c6 >> | authenticator: >> org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator@4555b8e7 | >> profileCreator: >> org.pac4j.oauth.profile.creator.OAuth20ProfileCreator@6483d79a | >> configuration: #OAuth20Configuration# | key: dc-EzviE8N74pZ4EoQ8lZDLLX | >> secret: [protected] | tokenAsHeader: false | responseType: code | scope: >> null | api: org.pac4j.scribe.builder.api.GenericApi20@78caf6d4 | >> hasBeenCancelledFactory: >> org.pac4j.oauth.config.OAuthConfiguration$$Lambda$946/0x0000000100fe9c40@3674ffcb >> >> | profileDefinition: >> org.pac4j.oauth.profile.generic.GenericOAuth20ProfileDefinition@6b74509f | >> httpClientConfig: null | |]> >> 2020-09-07 18:47:30,941 DEBUG >> [org.apereo.cas.ticket.registry.JpaTicketRegistry] - <Updated ticket >> [TransientSessionTicketImpl(super=TST-dc0a2fe1-45b6-400e-84ff-8b3563ef0882, >> service=null, properties={})].> >> 2020-09-07 18:47:30,947 DEBUG >> [org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor] - >> <sessionState: TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8 / stateParameter: >> Optional[TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8]> >> 2020-09-07 18:47:30,947 DEBUG >> [org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor] - >> <code: Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse> >> 2020-09-07 18:47:30,947 DEBUG >> [org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator] - <code: >> Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse> >> 2020-09-07 18:47:43,647 WARN >> [org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry] - >> <[registry.json] does not match the recommended pattern >> [(\w+)-(\d+)\.json]. While CAS tries to be forgiving as much as possible, >> it's recommended that you rename the file to match the requested pattern to >> avoid issues with duplicate service loading. Future CAS versions may try to >> strictly force the naming syntax, refusing to load the file.> >> 2020-09-07 18:47:43,651 DEBUG >> [org.apereo.cas.services.AbstractServicesManager] - <Adding registered >> service [^(https|http|imaps)://.*] with name [HTTPS and IMAPS] and internal >> identifier [10000001]> >> 2020-09-07 18:47:43,651 INFO >> [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) >> from [JsonServiceRegistry].> >> 2020-09-07 18:47:54,568 DEBUG >> [org.apereo.cas.ticket.registry.support.JpaLockingStrategy] - >> <[c892txdctool1] trying to acquire [cas-ticket-registry-cleaner] lock.> >> 2020-09-07 18:47:54,590 DEBUG >> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Cleaning >> up expired ticket [TST-f8c798e3-dbd1-4a00-981a-f430b891b36a]> >> 2020-09-07 18:47:54,591 DEBUG >> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket >> [TransientSessionTicketImpl(super=TST-f8c798e3-dbd1-4a00-981a-f430b891b36a, >> service=null, properties={})] from the registry.> >> 2020-09-07 18:47:54,600 INFO >> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[1] >> expired tickets removed.> >> 2020-09-07 18:47:54,601 DEBUG >> [org.apereo.cas.ticket.registry.support.JpaLockingStrategy] - <Releasing >> [cas-ticket-registry-cleaner] lock held by [c892txdctool1].> >> 2020-09-07 18:47:54,602 DEBUG >> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished >> ticket cleanup.> >> 2020-09-07 18:48:43,656 WARN >> [org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry] - >> <[registry.json] does not match the recommended pattern >> [(\w+)-(\d+)\.json]. While CAS tries to be forgiving as much as possible, >> it's recommended that you rename the file to match the requested pattern to >> avoid issues with duplicate service loading. Future CAS versions may try to >> strictly force the naming syntax, refusing to load the file.> >> 2020-09-07 18:48:43,660 DEBUG >> [org.apereo.cas.services.AbstractServicesManager] - <Adding registered >> service [^(https|http|imaps)://.*] with name [HTTPS and IMAPS] and internal >> identifier [10000001]> >> 2020-09-07 18:48:43,661 INFO >> [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) >> from [JsonServiceRegistry].> >> 2020-09-07 18:49:38,301 DEBUG >> [org.pac4j.oauth.client.GenericOAuth20Client] - <Credentials validation >> took: 127354 ms> >> 2020-09-07 18:49:38,302 DEBUG >> [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Attempting >> to handle [org.springframework.webflow.execution.ActionExecutionException: >> Exception thrown executing >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in >> state 'delegatedAuthenticationAction' of flow 'login' -- action execution >> attributes were 'map[[empty]]'] with root cause >> [org.pac4j.core.exception.HttpCommunicationException: Error getting >> token:Connection timed out (Connection timed out)]> >> 2020-09-07 18:49:38,302 DEBUG >> [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Rethrowing >> unhandled flow execution exception> >> 2020-09-07 18:49:38,302 DEBUG >> [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the >> received exception >> [org.springframework.webflow.execution.ActionExecutionException: Exception >> thrown executing >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in >> state 'delegatedAuthenticationAction' of flow 'login' -- action execution >> attributes were 'map[[empty]]'] due to a type mismatch with handler >> [[FlowHandlerMapping.DefaultFlowHandler@5687bc9e]]> >> 2020-09-07 18:49:38,302 DEBUG >> [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the >> received exception >> [org.springframework.webflow.execution.ActionExecutionException: Exception >> thrown executing >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in >> state 'delegatedAuthenticationAction' of flow 'login' -- action execution >> attributes were 'map[[empty]]'] due to a type mismatch with handler >> [[FlowHandlerMapping.DefaultFlowHandler@5687bc9e]]> >> 2020-09-07 18:49:38,303 DEBUG >> [org.springframework.web.servlet.DispatcherServlet] - <Failed to complete >> request: org.springframework.webflow.execution.ActionExecutionException: >> Exception thrown executing >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in >> state 'delegatedAuthenticationAction' of flow 'login' -- action execution >> attributes were 'map[[empty]]'> >> 2020-09-07 18:49:38,304 DEBUG >> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >> >> - <SecurityContext is empty or contents are anonymous - context will not be >> stored in HttpSession.> >> 2020-09-07 18:49:38,304 DEBUG >> [org.springframework.security.web.context.SecurityContextPersistenceFilter] >> - <SecurityContextHolder now cleared, as request processing completed> >> 2020-09-07 18:49:38,304 ERROR >> [org.springframework.boot.web.servlet.support.ErrorPageFilter] - >> <Forwarding to error page from request [/login] due to exception [Exception >> thrown executing >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in >> state 'delegatedAuthenticationAction' of flow 'login' -- action execution >> attributes were 'map[[empty]]']> >> org.springframework.webflow.execution.ActionExecutionException: Exception >> thrown executing >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@3d08fc1f in >> state 'delegatedAuthenticationAction' of flow 'login' -- action execution >> attributes were 'map[[empty]]' >> at >> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at org.springframework.webflow.engine.State.enter(State.java:194) >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at org.springframework.webflow.engine.Flow.start(Flow.java:527) >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> ~[?:?] >> at >> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> ~[?:?] >> at >> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> ~[?:?] >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] >> at >> org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) >> >> ~[spring-core-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) >> >> ~[spring-cloud-context-2.2.0.RC1.jar:2.2.0.RC1] >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) >> >> ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) >> >> ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at com.sun.proxy.$Proxy241.launchExecution(Unknown Source) ~[?:?] >> at >> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) >> >> ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) >> >> ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) >> >> ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) >> >> ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) >> ~[servlet-api.jar:?] >> at >> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) >> >> ~[spring-webmvc-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) >> ~[servlet-api.jar:?] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) >> ~[tomcat-websocket.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) >> >> ~[cas-server-core-web-api-6.1.7.jar:6.1.7] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:411) >> >> ~[cas-server-core-web-api-6.1.7.jar:6.1.7] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:216) >> >> ~[cas-server-core-web-api-6.1.7.jar:6.1.7] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:67) >> >> ~[cas-server-core-web-api-6.1.7.jar:6.1.7] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) >> >> ~[spring-security-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:128) >> >> ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE] >> at >> org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66) >> >> ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE] >> at >> org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:103) >> >> ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:121) >> >> ~[spring-boot-2.2.0.RELEASE.jar:2.2.0.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108) >> >> ~[spring-boot-actuator-2.2.0.RELEASE.jar:2.2.0.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99) >> >> ~[cas-server-core-logging-6.1.7.jar:6.1.7] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> ~[spring-web-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) >> >> ~[inspektr-common-1.8.6.GA.jar:1.8.6.GA] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) >> >> ~[log4j-web-2.12.1.jar:2.12.1] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:185) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) >> >> ~[catalina.jar:9.0.12] >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) >> ~[catalina.jar:9.0.12] >> at >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) >> ~[tomcat-coyote.jar:9.0.12] >> at >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) >> >> ~[tomcat-coyote.jar:9.0.12] >> at >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770) >> >> ~[tomcat-coyote.jar:9.0.12] >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) >> >> ~[tomcat-coyote.jar:9.0.12] >> at >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) >> >> ~[tomcat-coyote.jar:9.0.12] >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) >> >> ~[?:?] >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) >> >> ~[?:?] >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> ~[tomcat-util.jar:9.0.12] >> at java.lang.Thread.run(Thread.java:834) [?:?] >> Caused by: org.pac4j.core.exception.HttpCommunicationException: Error >> getting token:Connection timed out (Connection timed out) >> at >> org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.retrieveAccessToken(OAuth20Authenticator.java:36) >> >> ~[pac4j-oauth-4.0.3.jar:?] >> at >> org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:38) >> >> ~[pac4j-oauth-4.0.3.jar:?] >> at >> org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.validate(OAuth20Authenticator.java:20) >> >> ~[pac4j-oauth-4.0.3.jar:?] >> at >> org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:20) >> >> ~[pac4j-oauth-4.0.3.jar:?] >> at >> org.pac4j.core.client.BaseClient.lambda$retrieveCredentials$0(BaseClient.java:70) >> >> ~[pac4j-core-4.0.3.jar:?] >> at java.util.Optional.ifPresent(Optional.java:183) ~[?:?] >> at >> org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:67) >> ~[pac4j-core-4.0.3.jar:?] >> at >> org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:144) >> ~[pac4j-core-4.0.3.jar:?] >> at >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.getCredentialsFromDelegatedClient(DelegatedClientAuthenticationAction.java:254) >> >> ~[cas-server-support-pac4j-webflow-6.1.7.jar:6.1.7] >> at >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.populateContextWithClientCredential(DelegatedClientAuthenticationAction.java:240) >> >> ~[cas-server-support-pac4j-webflow-6.1.7.jar:6.1.7] >> at >> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.doExecute(DelegatedClientAuthenticationAction.java:213) >> >> ~[cas-server-support-pac4j-webflow-6.1.7.jar:6.1.7] >> at >> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> at jdk.internal.reflect.GeneratedMethodAccessor196.invoke(Unknown Source) >> ~[?:?] >> at >> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> ~[?:?] >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] >> at >> org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) >> >> ~[spring-core-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) >> >> ~[spring-cloud-context-2.2.0.RC1.jar:2.2.0.RC1] >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) >> >> ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at >> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) >> >> ~[spring-aop-5.2.0.RELEASE.jar:5.2.0.RELEASE] >> at com.sun.proxy.$Proxy228.execute(Unknown Source) ~[?:?] >> at >> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) >> >> ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] >> ... 119 more >> 2020-09-07 18:49:38,308 DEBUG >> [org.springframework.web.servlet.DispatcherServlet] - <"FORWARD" dispatch >> for GET >> "/codesESSO/error?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain", >> >> parameters={masked}> >> 2020-09-07 18:49:38,310 DEBUG >> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >> >> - <Mapped to >> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, >> >> HttpServletResponse)> >> 2020-09-07 18:49:38,432 DEBUG >> [org.springframework.web.servlet.view.ContentNegotiatingViewResolver] - >> <Selected 'text/html' given [text/html, text/html;q=0.8]> >> >> >> >> Thanks >> >> On Friday, September 4, 2020 at 3:07:18 AM UTC-5 leleuj wrote: >> >>> Hi, >>> >>> I would have expected the *val url = httpUrl.replace("http", "https");* >>> solution to work. >>> >>> You may also try to set the "secure" flag in the Tomcat connector. >>> >>> Thanks. >>> Best regards, >>> Jérôme >>> >>> >>> Le jeu. 3 sept. 2020 à 18:48, Joe Manavalan <[email protected]> a >>> écrit : >>> >>>> I was told there is BIG-IP which counts as reverse proxy in front of >>>> tomcat. Are there any specific settings to resolve this ? >>>> FYI : We have CAS war deployed in tomcat 8.5 [Not in embedded tomcat] >>>> >>>> Thanks >>>> Joe >>>> >>>> >>>> On Monday, August 31, 2020 at 6:01:46 PM UTC-5 Joe Manavalan wrote: >>>> >>>>> Thanks Jerome for the response. >>>>> >>>>> I am checking with the network team about the reverse proxy.. >>>>> request.getRequestURL() is coming in as "http " >>>>> >>>>> Following is the log >>>>> >>>>> >>>>> 2020-08-31 17:45:43,157 DEBUG >>>>> [org.springframework.security.web.FilterChainProxy] - >>>>> </login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s >>>>> >>>>> reached end of additional filter chain; proceeding with original chain> >>>>> 2020-08-31 17:45:43,164 DEBUG >>>>> [org.springframework.web.servlet.DispatcherServlet] - <GET >>>>> "/codesESSO/login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s", >>>>> >>>>> parameters={masked}> >>>>> 2020-08-31 17:45:43,167 DEBUG >>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>> >>>>> - <Mapped to >>>>> org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String, >>>>> >>>>> HttpServletRequest, HttpServletResponse)> >>>>> 2020-08-31 17:45:43,201 DEBUG >>>>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Response >>>>> for >>>>> client [http://<domain>:8445/codesESSO/login/CodesESSO_Dev],> >>>>> >>>>> >>>>> I manually added a http to https replace here in >>>>> BaseDelegatedAuthenticationController for testing >>>>> val url = httpUrl.replace("http", "https"); >>>>> >>>>> >>>>> 2020-08-31 17:45:43,204 DEBUG >>>>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Received a >>>>> response for client [a204264-CodesESSO_Dev], redirecting the login flow >>>>> [https://<domain>:8445/codesESSO/login?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s&client_name=CodesESSO_Dev]> >>>>> >>>>> Ended up throwing an error [Which I believe is expected due to the >>>>> manipulation] >>>>> org.springframework.webflow.execution.ActionExecutionException: >>>>> Exception thrown executing >>>>> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@40e79dec in >>>>> state 'delegatedAuthenticationAction' of flow 'login' -- action execution >>>>> attributes were 'map[[empty]]' >>>>> at >>>>> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62) >>>>> at >>>>> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) >>>>> >>>>> On Mon, Aug 31, 2020 at 1:52 AM Jérôme LELEU <[email protected]> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> This redirection relies on: request.getRequestURL() >>>>>> Do you have some reverse proxy in front of your Tomcat? >>>>>> Thanks. >>>>>> Best regards, >>>>>> Jérôme >>>>>> >>>>>> >>>>>> Le jeu. 27 août 2020 à 17:20, Joe Manavalan <[email protected]> a >>>>>> écrit : >>>>>> >>>>>>> I have cas6.1 deployed and working with cas.authn.pac4j.oauth2. The >>>>>>> app works fine in my local windows machine on an https port >>>>>>> When deployed in unix with the same setting [except the url has >>>>>>> domain name instead of server name] the app after authenticating with >>>>>>> the >>>>>>> external oauth2 provider redirects the url to an http port as shown >>>>>>> below >>>>>>> This is the redirect url configured and get successfully redirected >>>>>>> after authentication and authorization based on the browser trace >>>>>>> >>>>>>> https://<domain>:<port>/cas/login/<clientName>?code=<code>&state=<state>&client_name=<clientName> >>>>>>> It then gets redirected to the below http port instead of the >>>>>>> expected https port >>>>>>> >>>>>>> http//<domain>:<port>/cas/login?code=<code>&state=<state>&client_name=<clientName> >>>>>>> >>>>>>> Is this some configuration in CAS or need to be investigated on the >>>>>>> network side ? >>>>>>> Any help appreciated >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org >>>>>>> >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> >>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com >>>>>> >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f20905c-771f-457c-8dce-2c29e792364an%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f20905c-771f-457c-8dce-2c29e792364an%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cbb5acf-1a82-459d-a294-6c6c02f21be0n%40apereo.org.
