Hi Andrew, any luck with this? I am having the same issue. I have tried 6.3, 6.4 and 6.5. Thanks.
On Thursday, July 22, 2021 at 8:01:34 AM UTC-5 Andrew Marker wrote: > > Sorry little typo: > > > https://login.test.ku.edu/cas/clientredirect?client_name=Delegate%20Test&service=https%3A%2F%2Flogin.test.ku.edu%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dtouchnet-test-tbp%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwczovL3Rlc3Quc2VjdXJlLnRvdWNobmV0Lm5ldDo4NDQzL0MyMTU4MXRlc3RfdHNhL3dlYi9jYXNsb2dpbi5qc3AiIEZvcmNlQXV0aG49ImZhbHNlIiBJc3N1ZUluc3RhbnQ9IjIwMjEtMDItMThUMjI6NTU6MzEuNDMzWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sMjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPnRvdWNobmV0LXRlc3QtdGJwPC9zYW1sMjpJc3N1ZXI%252BPHNhbWwycDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWwycDpBdXRoblJlcXVlc3Q%252B%26RelayState&locale=en > On Thursday, July 22, 2021 at 6:37:19 AM UTC-5 Andrew Marker wrote: > >> Hi all, >> >> I'm trying to make the jump to 6.3 and everything is working as I had >> hoped excepting one item. I was asked to provide a way for a specific >> routing that leveraged delegate auth for a given service (Touchnet Payment >> Gateway). I initially tried many variations of routing through >> https://login.test.ku.edu/cas/idp/profile/SAML2/Unsolicited/SSO?providerId=touchnet-test-tbp >> >> but ultimately I needed the user authenticated to CAS prior to routing >> through the delegate and I came up with the following solution. >> >> The CAS Delegate auth provider passes the following parameters to the >> client redirect endpoint and the auth is routed through CAS and on into >> Touchnet. Essentially the request is routed back to the same instance of >> CAS with info to initiate the auth for a IDP initiated auth. At this point >> the user already has a session in cas and the IDP will validate the user >> once the user is routed to the SP. >> >> >> https://login.test.ku.edu/clientredirect?client_name=Delegate%20Test&service=https%3A%2F%2Flogin.test.ku.edu%2Fcas%2Fidp%2Fprofile%2FSAML2%2FCallback%3FentityId%3Dtouchnet-test-tbp%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwczovL3Rlc3Quc2VjdXJlLnRvdWNobmV0Lm5ldDo4NDQzL0MyMTU4MXRlc3RfdHNhL3dlYi9jYXNsb2dpbi5qc3AiIEZvcmNlQXV0aG49ImZhbHNlIiBJc3N1ZUluc3RhbnQ9IjIwMjEtMDItMThUMjI6NTU6MzEuNDMzWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sMjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPnRvdWNobmV0LXRlc3QtdGJwPC9zYW1sMjpJc3N1ZXI%252BPHNhbWwycDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiLz48L3NhbWwycDpBdXRoblJlcXVlc3Q%252B%26RelayState&locale=en >> >> ------- >> My delegate settings, below are the updated name to match the settings in >> 6.3. >> >> cas.authn.pac4j.cas[1].login-url=https://beakem.test.ku.edu/tn/login >> cas.authn.pac4j.cas[1].principal-attribute-id=uid >> cas.authn.pac4j.cas[1].protocol=CAS30 >> cas.authn.pac4j.cas[1].client-name=Delegate Test >> cas.authn.pac4j.cas[1].callback-url-type=QUERY_PARAMETER >> >> idp settings >> cas.authn.saml-idp.entity-id=https://login.test.ku.edu/cas/idp/metadata >> cas.samlCore.skew-allowance=15 >> cas.authn.saml-idp.metadata.location=file:/etc/cas/config/saml-idp/ >> cas.authn.saml-idp.metadata.cache-expiration-minutes=120 >> # replicate sessions by default is false >> cas.authn.saml-idp.replicate-sessions=true >> # default attribute-query-profile-endabled is false >> cas.authn.saml-idp.attribute-query-profile-enabled=false >> cas.authn.saml-idp.logout.force-signed-logout-requests=false >> cas.authn.saml-idp.response.default-attribute-name-format=uri >> ---- >> This is the error in 6.3.5. and I did not see it in any of the 5.3.x >> versions this has been configure with. >> >> java.lang.IllegalArgumentException: SAML request could not be determined >> from the authentication request at >> org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController.retrieveSamlAuthenticationRequestFromHttpRequest(AbstractSamlIdPProfileHandlerController.java:183) >> >> at >> org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlIdPProfileCallbackHandlerController.java:45) >> >> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native >> Method) at >> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> at >> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> at java.base/java.lang.reflect.Method.invoke(Method.java:566) at >> org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) >> >> at >> org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) >> >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) >> >> at >> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749) >> >> at >> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691) >> >> at >> org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$3c67a8bb.handleCallbackProfileRequest(<generated>) >> >> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native >> Method) at >> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> at >> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> at java.base/java.lang.reflect.Method.invoke(Method.java:566) at >> org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) >> >> at >> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) >> >> at >> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105) >> >> at >> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:878) >> >> at >> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:792) >> >> at >> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) >> >> at >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) >> >> at >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) >> >> at >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) >> >> at >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) >> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) at >> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) >> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:228) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:64) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204) >> >> at >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) >> >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) >> >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) >> >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) >> >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93) >> >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) >> >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) >> >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) >> >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) >> >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) >> >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) >> >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) >> >> at >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) >> >> at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) >> at >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) >> at >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) >> >> at >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) >> >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723) >> >> at >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) >> >> at >> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) >> >> at >> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> at java.base/java.lang.Thread.run(Thread.java:829) >> >> Any insight would be appreciated. >> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/33785649-3666-41e5-a057-875ffe6b7d9dn%40apereo.org.
