[cas-user] Error "403 Forbidden" on "CAS management => Administration => Release Attributes" (CAS server 665 + CAS management 662)

Fri, 21 Apr 2023 08:47:45 -0700 

Hello,


I've recently installed "CAS server 665 and "CAS management 662".

I've configured all of CAS server actuators to be available with ANONYMOUS 
access (for initial testing purposes).

I think I've included all the needed dependencies in both "CAS server and 
"CAS managment.

I'm using JSON service registry for testing purposes, and I have one 
service configured, which is correctly recognized by CAS management.

CAS management is apparently working well on almoust all options i've 
tested, as an example, I can change my service JSON file configs with CAS 
management.

I've also been able to successefully test "CAS management => Administration 
=> RESOLVE Attributes".


I'm having the following error when testing option "CAS management => 
Administration => RELEASE Attributes" with the above configured service:


CAS management log:

2023-04-19 18:46:52,618 [https-jsse-nio-8445-exec-2] ERROR: 403 : 
"<Map><timestamp>2023-04-19T17:46:52.365+00:00</timestamp><status>403</status><error>Forbidden</error><trace>org.apereo.cas.services.UnauthorizedSsoServiceException:
 

service.not.authorized.sso<EOL>?
at 
org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver.supports(RegisteredServiceAuthenticationHandlerResolver.java:122)<EOL>?
at 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan.lambda$getAuthenticationHandlers$4(DefaultAuthenticationEventExecutionPlan.java:161)<EOL>?
(...)
at 
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)<EOL>?at
 
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)<EOL>?
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<EOL>?at
 
java.base/java.lang.Thread.run(Thread.java:833)<EOL></trace><path>/sso/actuator/releaseAttributes</path></Map>"
at 
org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:109)
at 
org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:168)
(...)
2023-04-19 18:46:52,654 [https-jsse-nio-8445-exec-2] ERROR: 
Servlet.service() for servlet [dispatcherServlet] in context with path 
[/cas-management] threw exception
java.lang.RuntimeException: 
org.springframework.web.util.NestedServletException: Request processing 
failed; nested exception is java.lang.NullPointerException: Cannot invoke 
"org.apereo.cas.mgmt.domain.Attributes.getAttributes()" because the return 
value of "org.apereo.cas.mgmt.DashboardController.callCasServer(String, 
Object, org.springframework.core.ParameterizedTypeReference)" is null
at 
org.pac4j.core.engine.AbstractExceptionAwareLogic.runtimeException(AbstractExceptionAwareLogic.java:64)
at 
org.pac4j.core.engine.AbstractExceptionAwareLogic.handleException(AbstractExceptionAwareLogic.java:49)
at 
org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:163)
(...)
Caused by: org.springframework.web.util.NestedServletException: Request 
processing failed; nested exception is java.lang.NullPointerException: 
Cannot invoke "org.apereo.cas.mgmt.domain.Attributes.getAttributes()" 
because the return value of 
"org.apereo.cas.mgmt.DashboardController.callCasServer(String, Object, 
org.springframework.core.ParameterizedTypeReference)" is null
at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
at 
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:517)
Caused by: java.lang.NullPointerException: Cannot invoke 
"org.apereo.cas.mgmt.domain.Attributes.getAttributes()" because the return 
value of "org.apereo.cas.mgmt.DashboardController.callCasServer(String, 
Object, org.springframework.core.ParameterizedTypeReference)" is null
at 
org.apereo.cas.mgmt.DashboardController.release(DashboardController.java:170)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
(...)


CAS server log:

2023-04-20 18:04:53,974 [https-jsse-nio-8443-exec-3] WARN : Service 
[AbstractWebApplicationService(id=casdemo665, originalUrl=casdemo665, 
artifactId=null, principal=null, source=service, loggedOutAlready=false, 
format=XML, attributes={service=[casdemo665], username=[ABExyz]})] is not 
allowed to use SSO.

2023-04-20 18:04:53,975 [https-jsse-nio-8443-exec-3] INFO : Audit trail 
record BEGIN
=============================================================
WHO: ABE001731
WHAT: [UsernamePasswordCredential(username=ABE001731, source=null, 
customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Apr 20 18:04:53 WEST 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================


If I try to call the actuator like this (don't know if it's the right way),

https://localhost:8443/cas/actuator/releaseAttributes?username=ABExyz&password=somepassword&service=casdemo665

I get the following information on CAS server log:

2023-04-21 15:11:09,619 [https-jsse-nio-8443-exec-2] ERROR: Service 
unauthorized
RegisteredServiceAccessStrategyAuditableEnforcer.java:lambda$execute$6:200
Optional.java:orElseGet:364
RegisteredServiceAccessStrategyAuditableEnforcer.java:execute:194


I've tried to use "CAS server 665 and "CAS management 661", which I think, 
looking at "CAS management 661" dependencies, makes more sense,
but with this configuration, CAS management gets worse, for example, I 
can't manage by service JSON file base configs (get a blank screen),
so I've got back to "CAS server 665 and "CAS management 662", on which my 
only problem so far is with "CAS management => Administration => RESOLVE 
Attributes".


My questions:
-Am I missing some configuration on properties files of CAS server and/or 
CAS management?
-Am I missing some configuration on JSON file of my casdemo665 service?
-Is there a known issue with "CAS server 665 + CAS management 6.6.2" on 
"CAS management => Administration => RESOLVE Attributes"?


Can anybody help me with this issue, please?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ec74d68-8d72-41a5-b1cb-3321bdd0e347n%40apereo.org.

Reply via email to