Hi, I've just discovered an error present since CAS *6.5.0*, maybe it also relates to your problem:
It seems like by accident, in this commit <https://github.com/apereo/cas/commit/ba0929c6ab3147236ddf91b784127ebad6823748>, a call to *enforceRegisteredServiceAccess()* was removed from the *grantServiceTicket()* method (while being left in the other methods), which leads to *NullPointerException* from *ensureServiceSsoAccessIsAllowed()* (and 500 Internal Server Error) when an *authenticated* client asks for a service *which is not registered*. So maybe you've got problem in registering / matching service successfully, seeing this error as a result? Even though you write "*before user authentication*", so you say your flow is different? I wonder if CAS authors can fix this themselves, or is it better to create a PR for this seemingly trivial fix (i.e. put back the removed line) ourselves? On Thursday, 17 February 2022 at 18:06:58 UTC+1 wouldsmina wrote: > Hi, > > I'm trying to install CAS v6.5 to replace a v6.3. Authentication on the > CAS without service works, but with service=... in the url I get > "500:Internal Server Error" (before user authentication). > > Server : https://cas2-test.univ-lemans.fr/cas/ > Service example : > https://cas2-test.univ-lemans.fr/cas/login?service=https%3A%2F%2Fwebmail.univ-lemans.fr > > Log : > > org.springframework.webflow.execution.ActionExecutionException: Exception > thrown executing > org.apereo.cas.web.flow.login.InitialFlowSetupAction@748140c7 in state 'null' > of flow 'login' -- action execution attributes were 'map[[empty]]' > > the rest of the logs do not seem relevant to me but ask me if necessary. > > added dependencies before build : > implementation "org.apereo.cas:cas-server-support-x509-webflow" > implementation "org.apereo.cas:cas-server-core-api-configuration-model" > implementation "org.apereo.cas:cas-server-support-token-tickets" > implementation "org.apereo.cas:cas-server-support-discovery-profile" > implementation "org.apereo.cas:cas-server-webapp-init" > implementation "org.apereo.cas:cas-server-support-ldap" > implementation > "org.apereo.cas:cas-server-support-json-service-registry" > implementation "org.apereo.cas:cas-server-support-oidc" > implementation "org.apereo.cas:cas-server-support-saml-sp-integrations" > implementation "org.apereo.cas:cas-server-support-oauth-webflow" > > service file : > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "^(https|http|imaps|imap|smb|sftp)?://[-a-z0-9.:]*. > univ-lemans.fr(:[\\d]+)?/?.*", > "name": "UNIV-FR", > "informationUrl": null, > "privacyUrl": null, > "id": 1, > "description": "univ-fr", > "evaluationOrder":99, > "usernameAttributeProvider": > { > "@class": > "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider", > "canonicalizationMode": "LOWER", > "encryptUsername": "false", > "usernameAttribute": "uid" > }, > "ticketGrantingTicketExpirationPolicy": { > "@class": > "org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy", > "maxTimeToLiveInSeconds":7200 > }, > "proxyPolicy" : { > "@class" : > "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy", > "pattern" : "^(http|https|imaps)://.*" > }, > "proxyGrantingTicketExpirationPolicy": { > "@class": > "org.apereo.cas.services.DefaultRegisteredServiceProxyGrantingTicketExpirationPolicy", > "maxTimeToLiveInSeconds": 7200 > } > } > > can someone help me understand my mistake please? > > Thanks. > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f203dff8-02c1-4b25-9449-2e4aa30ce6f3n%40apereo.org.
