Hello, Did you figured out what is the root cause?
I have a similar problem with null as principal after versio upgrade. Thanks. Le jeudi 24 février 2022 à 11:29:04 UTC+1, [email protected] a écrit : > Hi, > > I am setting a new CAS server in order to replace our well working 3.5.1, > and I was I not able to have a working SPNEGO auth. > Of course, it was impossible to use the good old configuration files > because of so many changes in implementation. > > I have been following the instructions here : > https://apereo.github.io/cas/6.4.x/authentication/SPNEGO-Authentication.html > but it was not working and some informations were missing (how to configure > the JCIFS principal in the configuration file, as we only want to rely on > Kerberos, NTLM is not considered). > > It seems I had an almost working configuration for some times, but I > suspect a typo in the documentation. Here is why. > > If I use a JAAS configuration file like this one : > > jcifs.spnego.initiate { > com.sun.security.auth.module.Krb5LoginModule \ > required storeKey=true useKeyTab=true > keyTab="/home/cas/kerberos/myspnaccount.keytab";}; > jcifs.spnego.accept { > com.sun.security.auth.module.Krb5LoginModule \ > required storeKey=true useKeyTab=true > keyTab="/home/cas/kerberos/myspnaccount.keytab";}; > Authentication fails and I get the following exceptions : > > 2022-02-24 09:10:09,340 DEBUG > [org.springframework.webflow.engine.ActionState] - <Entering state 'spnego' > of flow 'login'> > 2022-02-24 09:10:09,342 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > [EvaluateAction@39f3f57b expression = spnego, resultExpression = [null]]> > 2022-02-24 09:10:09,342 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > org.apereo.cas.web.flow.SpnegoCredentialsAction@442151d1> > 2022-02-24 09:10:09,342 DEBUG > [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Available request > headers are [[host, connection, authorization, upgrade-insecure-requests, > user-agent, accept, sec-fetch-site, sec-fetch-mode, sec-fetch-user, > sec-fetch-dest, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, referer, > accept-encoding, accept-language]]> > 2022-02-24 09:10:09,342 DEBUG > [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization > header located as [Negotiate > YIID6QYGKwYBBQUCoIID3TCCA9mgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCA6MEggOfYIIDmwYJKoZIhvcSAQICAQBuggOKMIIDhqADAgEFoQMCAQ6iBwMFACAAAACjggHGYYIBwjCCAb6gAwIBBaEGGwRJTlNBoiwwKqADAgECoSMwIRsESFRUUBsZc3NvZGV2Lmluc2Etc3RyYXNib3VyZy5mcqOCAX8wggF7oAMCARKhAwIBAqKCAW0EggFpBwVuEHULzldlvQc0ht8tm9F9Ru4KWWVl8MQhnhMYVSIGAvm+GQh1G78M8zXxJghwQuMGXJFqkm3rQSGW6GXEIxxjgBO40Zp0WOope2olvTzDeBUgyq90cd1Avfc2+nwuBP68Qa+ZGNyf7Ui67X11zUo8fYF7OtUQDe88b91aRlFadg83TumdJr72aCQPS6N91obS4EjT3bNiJ1aNcIHEW+Gi+nylpuBBaJQACGUpYHkqNdk8WOM7Owyz9SMcfC5kJalT223yD3ttQVLIWrzc/ywaZ/MKCPadXYkh7C83gsBysSqSvOHx0/36quarooiPl96MkpX5eX3oXrGFuSt/y6/8UXILyIOcBapQc3ujWih/lCzExTMg4mw3N76QuIQFT4dfVSULrm2U17EJxwe0eA0PbYCAnMXCv7WWThXBGiIcVpPCm2kVQS1LAYyXE3cS+hx/nqPmMBujeWlThmFMNl4fQJDAjAF7jKSCAaUwggGhoAMCARKiggGYBIIBlCzBGl6XPSjVIt4+Q8KyQSX94JyANIY8NJSDHiWf1iDUyKoSxmKtABMYvO0uSZid6DvL5JcJeCjr3f1FI3S8N6wOV0l0riwsIYOY9xLsvFdgXS2Gu3hFdYrK1DpoHZvRMYQ2rjLTN0kOrtc3HS2M2vssxsebm6477e8Q/jYBN3q1VuHE936i9OwNl2jP51wCoj06Mjnh9b65AQ47QqE1puFeD+FHj/JFLBtkYHk2ChsrNEbNZDJgszNcaCPHDnciRUAcWNEJAO14xS5PJw8rwRtvBTqF8ab298fOfLS5d6xsh5SKb7EU+9329CjvrvMcxfcTz4OVz7r2d6IuMFy8tvoFHwu9ZIyya8mRp71CwCKrGLyR4kturq4FkIGWMsVUf+8IuEw1FB7M6vFlnFpX5jrjz6juwYbOswemDSXHok4Tkj21mwN+fkJ/jI2OBq+YcH673zfGtuhZreQ5Nd/kMepmo7R09C7Ye95LwLhvUlq4c2iqukI8N9bTn6IusHcO8TXGExvf4qb7g2OWmDeCnmP5Zhy8]> > 2022-02-24 09:10:09,342 DEBUG > [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization > header found with [1340] bytes> > 2022-02-24 09:10:09,343 DEBUG > [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Obtained token: > [`��+���0�٠00. *�H�� *�H�� > +�7 > +�7 > �����`�� *�H��n��0����� > ���a��0����NSA�,0*��#0!TTPsodev.my.domain�0�{����m�inu > > �We�4��-��}F� > Yee��!�U"�u▒▒ > �<o�ZFQZv7N�&��h$K�}ֆ��H�ݳb'V�p��[��|���Ahe)`y*5�<X�;;��}u�J<}�{:� > ��#|.d%�S�m�{mAR�Z���,g� > > ��]�!�/7��r�*��������櫢���ތ���y}�^���˯�Qr > ȃ��Ps{�Z�,��3 �l77����O�_U% > m����¿��N�"V��iA-K��w���0▒▒yiS�aL6^@���{����0��������,�^�=(�"�>C²A%����4�<4��%�� > �Ȫ�b���.I���;�� > x(���E#t�7�WIt�,,!����W`]-��xEu���h��\�=:29����;B�5��^�G��E,`y67z�V���~��� > F�d2`�3\h#�w"E@X� �x�.O'+�:������|��w�l���o�����(����σ�Ϻ�w�.0\��� > %ǢN�=��~~�����p~��7ƶ�Y��95��1�f��t�.�{�K��oRZ�sh��B<7�ӟ�.�w�5�▒▒���c��7��c�f�]. > Creating credential...>ZW�:�Ϩ���γ� > PuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTY2022-02-24 > 09:10:09,369 DEBUG > [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] > - <User agent [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Edg/98.0.1108.56] is > authorized to proceed> > 2022-02-24 09:10:09,369 DEBUG > [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] > - <Adaptive authentication policy has authorized client [10.1.254.67] to > proceed.> > 2022-02-24 09:10:09,370 DEBUG > [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] > - <Request is not eligible to be issued service tickets just yet> > 2022-02-24 09:10:09,392 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationManager] - > <Authentication credentials provided for this transaction are > [[SpnegoCredential(principal=null, isNtlm=false)]]> > 2022-02-24 09:10:09,398 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - > <Candidate/Registered authentication handlers for this transaction are > [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@f54a90b2, > > org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@d29257f5, > org.apereo.cas.authentication.LdapAuthenticationHandler@75836f9f]]> > 2022-02-24 09:10:09,399 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - > <Authentication handler resolvers for this transaction are > [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@33bf2602]]> > 2022-02-24 09:10:09,401 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - > <Authentication handler resolvers produced no candidate authentication > handler. Using the default handler resolver instead...> > 2022-02-24 09:10:09,403 DEBUG > [org.apereo.cas.authentication.AuthenticationHandlerResolver] - <Default > authentication handlers used for this transaction are > [HttpBasedServiceCredentialsAuthenticationHandler,JcifsSpnegoAuthenticationHandler,Corporate > LDAP]> > 2022-02-24 09:10:09,403 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - > <Resolved and finalized authentication handlers to carry out this > authentication transaction are > [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@33bf2602]]> > 2022-02-24 09:10:09,404 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Candidate > resolved authentication handlers for this transaction are > [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@f54a90b2, > > org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@d29257f5, > org.apereo.cas.authentication.LdapAuthenticationHandler@75836f9f]]> > 2022-02-24 09:10:09,404 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting to > authenticate credential [SpnegoCredential(principal=null, isNtlm=false)]> > 2022-02-24 09:10:09,405 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationManager] - > <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] > does not support the credential type [SpnegoCredential(principal=null, > isNtlm=false)].> > 2022-02-24 09:10:09,406 DEBUG > [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting > authentication of [unknown] using [JcifsSpnegoAuthenticationHandler]> > 2022-02-24 09:10:09,407 DEBUG > [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] > - <Processing SPNEGO authentication> > 2022-02-24 09:10:09,602 DEBUG > [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] > - <Processing SPNEGO authentication failed with exception> > 2022-02-24 09:10:09,615 INFO > [org.apereo.cas.authentication.DefaultAuthenticationManager] - > <[JcifsSpnegoAuthenticationHandler] exception details: [Error performing > Kerberos authentication: java.lang.reflect.InvocationTargetException].> > > So the token was provided but no valid principal could be obtained. Strange > ... > > But a deep inspection in the stacktrace showed this : > > 2022-02-24 09:10:09,602 DEBUG > [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] > - <Processing SPNEGO authentication failed with exception> > jcifs.spnego.AuthenticationException: Error performing Kerberos > authentication: java.lang.reflect.InvocationTargetException > at > jcifs.spnego.Authentication.processKerberos(Authentication.java:447) > ~[jcifs-ext.jar!/:?] > at jcifs.spnego.Authentication.processSpnego(Authentication.java:346) > ~[jcifs-ext.jar!/:?] > at jcifs.spnego.Authentication.process(Authentication.java:235) > ~[jcifs-ext.jar!/:?] > at > org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler.doAuthentication(JcifsSpnegoAuthenticationHandler.java:72) > ~[cas-server-support-spnego-6.4.5.jar!/:6.4.5] > at > org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:44) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) > ~[spring-cloud-context-3.0.3.jar!/:3.0.3] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at com.sun.proxy.$Proxy175.authenticate(Unknown Source) ~[?:?] > at > org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateAndResolvePrincipal(DefaultAuthenticationManager.java:201) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at > org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:302) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at > org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:68) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at > org.apereo.cas.authentication.DefaultAuthenticationManager$$FastClassBySpringCGLIB$$5927c4b3.invoke(<generated>) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186) > ~[inspektr-audit-1.8.16.GA.jar!/:1.8.16.GA] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.apereo.cas.authentication.DefaultAuthenticationManager$$EnhancerBySpringCGLIB$$23139495.authenticate(<generated>) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) > ~[spring-cloud-context-3.0.3.jar!/:3.0.3] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at com.sun.proxy.$Proxy191.authenticate(Unknown Source) ~[?:?] > at > org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:33) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) > ~[spring-cloud-context-3.0.3.jar!/:3.0.3] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at com.sun.proxy.$Proxy192.handle(Unknown Source) ~[?:?] > at > org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:60) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at > org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleInitialAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:39) > ~[cas-server-core-authentication-api-6.4.5.jar!/:6.4.5] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) > ~[spring-cloud-context-3.0.3.jar!/:3.0.3] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > com.sun.proxy.$Proxy172.handleInitialAuthenticationTransaction(Unknown > Source) ~[?:?] > at > org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.resolveInternal(DefaultCasDelegatingWebflowEventResolver.java:64) > ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5] > at > org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:107) > ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5] > at > org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:112) > ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) > ~[spring-cloud-context-3.0.3.jar!/:3.0.3] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at com.sun.proxy.$Proxy305.resolveSingle(Unknown Source) ~[?:?] > at > org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecute(AbstractAuthenticationAction.java:64) > ~[cas-server-core-webflow-api-6.4.5.jar!/:6.4.5] > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at jdk.internal.reflect.GeneratedMethodAccessor138.invoke(Unknown > Source) ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) > ~[spring-cloud-context-3.0.3.jar!/:3.0.3] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at com.sun.proxy.$Proxy286.execute(Unknown Source) ~[?:?] > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at org.springframework.webflow.engine.Flow.start(Flow.java:527) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) > ~[spring-core-5.3.9.jar!/:5.3.9] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) > ~[spring-cloud-context-3.0.3.jar!/:3.0.3] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215) > ~[spring-aop-5.3.9.jar!/:5.3.9] > at com.sun.proxy.$Proxy307.launchExecution(Unknown Source) ~[?:?] > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) > ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1064) > ~[spring-webmvc-5.3.9.jar!/:5.3.9] > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) > ~[spring-webmvc-5.3.9.jar!/:5.3.9] > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) > ~[spring-webmvc-5.3.9.jar!/:5.3.9] > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) > ~[spring-webmvc-5.3.9.jar!/:5.3.9] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) > ~[javax.servlet-api-4.0.1.jar!/:4.0.1] > at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) > ~[spring-webmvc-5.3.9.jar!/:5.3.9] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) > ~[javax.servlet-api-4.0.1.jar!/:4.0.1] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) > ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401) > ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200) > ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62) > ~[cas-server-core-web-api-6.4.5.jar!/:6.4.5] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204) > ~[spring-security-web-5.5.2.jar!/:5.5.2] > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) > ~[spring-security-web-5.5.2.jar!/:5.5.2] > at > org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90) > ~[spring-security-web-5.5.2.jar!/:5.5.2] > at > org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:78) > ~[spring-security-web-5.5.2.jar!/:5.5.2] > at > org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:67) > ~[spring-security-web-5.5.2.jar!/:5.5.2] > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) > ~[spring-boot-actuator-2.5.4.jar!/:2.5.4] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99) > ~[cas-server-core-logging-6.4.5.jar!/:6.4.5] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) > ~[inspektr-common-1.8.16.GA.jar!/:1.8.16.GA] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) > ~[spring-web-5.3.9.jar!/:5.3.9] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:769) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) > ~[tomcat-catalina-9.0.56.jar!/:9.0.56] > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) > ~[tomcat-coyote-9.0.56.jar!/:9.0.56] > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) > ~[tomcat-coyote-9.0.56.jar!/:9.0.56] > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895) > ~[tomcat-coyote-9.0.56.jar!/:9.0.56] > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1732) > ~[tomcat-coyote-9.0.56.jar!/:9.0.56] > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > ~[tomcat-coyote-9.0.56.jar!/:9.0.56] > at > org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) > ~[tomcat-util-9.0.56.jar!/:9.0.56] > at > org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) > ~[tomcat-util-9.0.56.jar!/:9.0.56] > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > ~[tomcat-util-9.0.56.jar!/:9.0.56] > at java.lang.Thread.run(Thread.java:829) [?:?] > Caused by: java.lang.reflect.InvocationTargetException > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > jcifs.spnego.Authentication$ServerAction.run(Authentication.java:511) > ~[jcifs-ext.jar!/:?] > at > jcifs.spnego.Authentication.processKerberos(Authentication.java:430) > ~[jcifs-ext.jar!/:?] > ... 245 more > Caused by: java.lang.SecurityException: java.io.IOException: Erreur de > configuration : > Ligne 2 : attendu [controlFlag], trouvé [null] > at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) > ~[?:?] > > And I started to look for JAAS configuration samples (intuition, it's the > only configuration file mentioning JCFIS options) in order to compare. > > > It seems the culpirt was just the backslash after "Krb5LoginModule". BASH > would have been fine with that, but what about JAVA related configuration > files ? I don't know. > > So with this JAAS connfiguration file (I ahve put several principals in > the keytab, one for the host itself and one for the CAS service principal, > just in case) it is now working : > > jcifs.spnego.initiate { > com.sun.security.auth.module.Krb5LoginModule required > storeKey=true > useKeyTab=true > keyTab="/etc/krb5.keytab" > principal="HTTP/ssodev.my.domain@MY_REALM"; > }; > jcifs.spnego.accept { > com.sun.security.auth.module.Krb5LoginModule required > storeKey=true > useKeyTab=true > keyTab="/etc/krb5.keytab" > principal="HTTP/ssodev.my.domain@MY_REALM"; > }; > > The relevant part of the "cas.properties" file : > ########## > # SPNEGO # > ########## > cas.authn.spnego.order=0 > cas.authn.spnego.system.login-conf=file:////etc/jaas.conf > cas.authn.spnego.system.kerberos-conf=file:////etc/krb5.conf > cas.authn.spnego.system.kerberos-realm=MY_REALM > cas.authn.spnego.system.kerberos-kdc=krb-master.my.domain > > cas.authn.spnego.properties[0].jcifs-service-principal=HTTP/ssodev.my.domain@MY_REALM > cas.authn.spnego.system.kerberos-debug=true > cas.authn.spnego.mixed-mode-authentication=true > cas.authn.spnego.send401OnAuthenticationFailure=false > cas.authn.spnego.ips-to-check-pattern=.+ > cas.authn.spnego.ntlm-allowed=false > cas.authn.spnego.ntlm=false > cas.authn.spnego.spnego-attribute-name=sAMAccountName > > And the related "krb5.conf" file : > [libdefaults] > default_realm = MY_REALM > default_keytab_name = /etc/krb5.keytab > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > fcc-mit-ticketflags = true > dns_lookup_realm = false > dns_lookup_kdc = false > [realms] > MY_REALM = { > kdc = krb-master.my.domain > kdc = krb-slave.my.domain > admin_server = krb-master.my.domain > kpasswd_server = krb-master.my.domain > } > [domain_realm] > .my.domain = MY_REALM > my.domain = MY_REALM > > Maybe this can help somebody facing the same problem, as it was quite time > consuming to debug. > > Regards > > > > ------------------------------ > FreeMail powered by mail.fr -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/db1495d0-13c5-44f3-8fae-33769e637464n%40apereo.org.
