Sorry little typo: https://login.test.ku.edu/cas/clientredirect?client_name=Delegate%20Test&service=https%3A%2F%2Flogin.test.ku.edu%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dtouchnet-test-tbp%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwczovL3Rlc3Quc2VjdXJlLnRvdWNobmV0Lm5ldDo4NDQzL0MyMTU4MXRlc3RfdHNhL3dlYi9jYXNsb2dpbi5qc3AiIEZvcmNlQXV0aG49ImZhbHNlIiBJc3N1ZUluc3RhbnQ9IjIwMjEtMDItMThUMjI6NTU6MzEuNDMzWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sMjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPnRvdWNobmV0LXRlc3QtdGJwPC9zYW1sMjpJc3N1ZXI%252BPHNhbWwycDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWwycDpBdXRoblJlcXVlc3Q%252B%26RelayState&locale=en On Thursday, July 22, 2021 at 6:37:19 AM UTC-5 Andrew Marker wrote:
> Hi all, > > I'm trying to make the jump to 6.3 and everything is working as I had > hoped excepting one item. I was asked to provide a way for a specific > routing that leveraged delegate auth for a given service (Touchnet Payment > Gateway). I initially tried many variations of routing through > https://login.test.ku.edu/cas/idp/profile/SAML2/Unsolicited/SSO?providerId=touchnet-test-tbp > > but ultimately I needed the user authenticated to CAS prior to routing > through the delegate and I came up with the following solution. > > The CAS Delegate auth provider passes the following parameters to the > client redirect endpoint and the auth is routed through CAS and on into > Touchnet. Essentially the request is routed back to the same instance of > CAS with info to initiate the auth for a IDP initiated auth. At this point > the user already has a session in cas and the IDP will validate the user > once the user is routed to the SP. > > > https://login.test.ku.edu/clientredirect?client_name=Delegate%20Test&service=https%3A%2F%2Flogin.test.ku.edu%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dtouchnet-test-tbp%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwczovL3Rlc3Quc2VjdXJlLnRvdWNobmV0Lm5ldDo4NDQzL0MyMTU4MXRlc3RfdHNhL3dlYi9jYXNsb2dpbi5qc3AiIEZvcmNlQXV0aG49ImZhbHNlIiBJc3N1ZUluc3RhbnQ9IjIwMjEtMDItMThUMjI6NTU6MzEuNDMzWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sMjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPnRvdWNobmV0LXRlc3QtdGJwPC9zYW1sMjpJc3N1ZXI%252BPHNhbWwycDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWwycDpBdXRoblJlcXVlc3Q%252B%26RelayState&locale=en > > ------- > My delegate settings, below are the updated name to match the settings in > 6.3. > > cas.authn.pac4j.cas[1].login-url=https://beakem.test.ku.edu/tn/login > cas.authn.pac4j.cas[1].principal-attribute-id=uid > cas.authn.pac4j.cas[1].protocol=CAS30 > cas.authn.pac4j.cas[1].client-name=Delegate Test > cas.authn.pac4j.cas[1].callback-url-type=QUERY_PARAMETER > > idp settings > cas.authn.saml-idp.entity-id=https://login.test.ku.edu/cas/idp/metadata > cas.samlCore.skew-allowance=15 > cas.authn.saml-idp.metadata.location=file:/etc/cas/config/saml-idp/ > cas.authn.saml-idp.metadata.cache-expiration-minutes=120 > # replicate sessions by default is false > cas.authn.saml-idp.replicate-sessions=true > # default attribute-query-profile-endabled is false > cas.authn.saml-idp.attribute-query-profile-enabled=false > cas.authn.saml-idp.logout.force-signed-logout-requests=false > cas.authn.saml-idp.response.default-attribute-name-format=uri > ---- > This is the error in 6.3.5. and I did not see it in any of the 5.3.x > versions this has been configure with. > > java.lang.IllegalArgumentException: SAML request could not be determined > from the authentication request at > org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController.retrieveSamlAuthenticationRequestFromHttpRequest(AbstractSamlIdPProfileHandlerController.java:183) > > at > org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlIdPProfileCallbackHandlerController.java:45) > > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.base/java.lang.reflect.Method.invoke(Method.java:566) at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) > > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) > > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691) > > at > org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$3c67a8bb.handleCallbackProfileRequest(<generated>) > > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.base/java.lang.reflect.Method.invoke(Method.java:566) at > org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) > > at > org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) > > at > org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105) > > at > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:878) > > at > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:792) > > at > org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) > > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) > > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) > > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) > > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:228) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:64) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204) > > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) > > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) > > at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) > > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) > > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723) > > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > > at > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) > > at > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.base/java.lang.Thread.run(Thread.java:829) > > Any insight would be appreciated. > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f2d631c2-5ccd-49e4-a462-6f82ed18d64fn%40apereo.org.
