back to debugging this issue:
2024-01-08 15:29:13,937 ERROR
[org.springframework.boot.web.servlet.support.ErrorPageFilter] (default
task-454) Forwarding to error page from request [/logout]
due to exception [Exception thrown executing
org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientLogoutAction@4120bab
in state 'terminateSession' of flow 'logout'
-- action execution attributes were 'map[[empty]]']:
org.springframework.webflow.execution.ActionExecutionException:
Exception thrown executing
org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientLogoutAction@4120bab
in state 'terminateSession' of
flow 'logout' -- action execution attributes were 'map[[empty]]'
.
.
.
Caused by: java.lang.ClassCastException: class java.lang.String cannot be
cast to class org.pac4j.core.profile.UserProfile (java.lang.String is in
module java.base of loader 'bootstrap';
org.pac4j.core.profile.UserProfile is in unnamed module of loader
'deployment.cas.war' @512a9b9)
at
deployment.cas.war//org.pac4j.core.profile.ProfileManager.removeOrRenewExpiredProfiles(ProfileManager.java:98)
at
deployment.cas.war//org.pac4j.core.profile.ProfileManager.retrieveAll(ProfileManager.java:89)
at
deployment.cas.war//org.pac4j.core.profile.ProfileManager.getProfile(ProfileManager.java:50)
Looks like pac4j v5.4.6 is at use,
Adding debug statements to ProfileManager class, the offending line 98 is
final var profile = entry.getValue();
Added debug statements, looks like value which should be the profile object
looks like an encrypted value instead.
key=AzureAdClient
value=rO0ABXNyAC1vcmcucGFjNGoub2lkYy5wcm9maWxlLmF6dXJlYWQuQXp1cmVBZFByb2ZpbGWH1PK86L/yagwAAHhyACJvcmcucGFjNGoub2lkYy5wcm9maWxlLk9pZGNQcm9maWxl/0Q3wiOQlNoMAAB4cgAtb3JnLnBhYzRqLmNvcmUucHJvZmlsZS5qd3QuQWJzdHJhY3RKd3RQcm9maWxlqrHrwjxwWTkMAAB4cgAkb3JnLnBhYzRqLmNvcmUucHJvZmlsZS5Db21tb25Qcm9maWxl5j2Ybq91JMsMAAB4cgAnb3JnLnBhYzRqLmNvcmUucHJvZmlsZS5CYXNpY1VzZXJQcm9maWxlfS3iU+YsltIMAAB4cHQAK3g5cDJBYmZkdHZISm5mTExLTk9EeC1hZV9ERUhEWmg2azB1b3ZTN2FNbzRzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAYdwgAAAAgAAAAGHQAA3ZlcnQAAzEuMHQAA2Fpb3QATEFUUUF5LzhXQUFBQWtiYnIvMHNEYWhVZ1o3SjkxanIxbE9XcjVhckRXMkE4MHJIVWc0dkRYZ2lZMkNhUkE0VlVSTnNVKzNuMk85cTR0AAZXQklfSUR0AAhueGEwODU3MnQAA2FtcnNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAABdwQAAAABdAADcHdkeHQACGlkX3Rva2VudAYkZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUlzSW5nMWRDSTZJbkV0TWpObVlXeGxkbHBvYUVRemFHMDVRMUZpYTFBMVRWRjVWU0lzSW10cFpDSTZJbkV0TWpObVlXeGxkbHBvYUVRemFHMDVRMUZpYTFBMVRWRjVWU0o5LmV5SmhkV1FpT2lKaU4yVXhZbUZqTWkwNVl6UTNMVFF3TjJFdE9EQmpOUzA0TVdZMFlUZGtOakJqT0dZaUxDSnBjM01pT2lKb2RIUndjem92TDNOMGN5NTNhVzVrYjNkekxtNWxkQzgyT0RabFlURmtNeTFpWXpKaUxUUmpObVl0WVRreVl5MWtPVGxqTldNek1ERTJNelV2SWl3aWFXRjBJam94TnpFek16a3hNalV4TENKdVltWWlPakUzTVRNek9URXlOVEVzSW1WNGNDSTZNVGN4TXpNNU5URTFNU3dpWVdsdklqb2lRVlJSUVhrdk9GZEJRVUZCYTJKaWNpOHdjMFJoYUZWbldqZEtPVEZxY2pGc1QxZHlOV0Z5UkZjeVFUZ3dja2hWWnpSMlJGaG5hVmt5UTJGU1FUUldWVkpPYzFVck0yNHlUemx4TkNJc0ltRnRjaUk2V3lKd2QyUWlYU3dpWm1GdGFXeDVYMjVoYldVaU9pSlFZV1JwYkd4aElpd2laMmwyWlc1ZmJtRnRaU0k2SWtwMVlXNGlMQ0pwYmw5amIzSndJam9pZEhKMVpTSXNJbWx3WVdSa2NpSTZJalF1TlRZdU1TNHlORFlpTENKdVlXMWxJam9pU25WaGJpQlFZV1JwYkd4aElpd2libTl1WTJVaU9pSlVObGxSZFhWUVpIaFZkRWczZVZORlowMWFabFZzWnpCcVUwMDVNR2RoYkVsTlZsSTNZWFZYY0Roeklpd2liMmxrSWpvaU1tWXlaR1ZoT1RRdE1EVmpOaTAwWldNeExXSm1aRGd0TjJVNU9XVTFNRGRqWW1RMklpd2liMjV3Y21WdFgzTnBaQ0k2SWxNdE1TMDFMVEl4TFRFNU1UVXlNRGN3TVRNdE1qWXhOVEEwTURNMk9DMHpNRGMyT1RJNU5EVTRMVFl4T0RFeE15SXNJbkpvSWpvaU1DNUJVVWxCTURaR2RXRkRkVGhpTUhsd1RFNXRZMWhFUVZkT1kwczJOR0prU0c1SWNFRm5UVmRDT1V0bVYwUkpPRU5CUW5NdUlpd2ljM1ZpSWpvaWVEbHdNa0ZpWm1SMGRraEtibVpNVEV0T1QwUjRMV0ZsWDBSRlNFUmFhRFpyTUhWdmRsTTNZVTF2TkNJc0luUnBaQ0k2SWpZNE5tVmhNV1F6TFdKak1tSXROR00yWmkxaE9USmpMV1E1T1dNMVl6TXdNVFl6TlNJc0luVnVhWEYxWlY5dVlXMWxJam9pYW5WaGJpNXdZV1JwYkd4aFFHNTRjQzVqYjIwaUxDSjFjRzRpT2lKcWRXRnVMbkJoWkdsc2JHRkFibmh3TG1OdmJTSXNJblYwYVNJNklrMVBRWE4yUVdSZlJtdDFSMk5wT1VWM1FrVjNRVUVpTENKMlpYSWlPaUl4TGpBaUxDSlhRa2xmU1VRaU9pSnVlR0V3T0RVM01pSjkubjNfd1lYVjk4ckRjSDlsZnc1aHVsaXJGV1JCZEpDNHpuS1Uwd1dyWkVCWHdqYnRRTkxNWnhNZHEyRDg5VTVfSTZfMTg2TXRibkp2WW8td0lrVGhKZ1JPT1lkc2tLMW9FZlR4SkR2MU5RSHAwUDZnX01Va3hSd0p2V0NEdmp2akY0azVmd3UtajcxbHJpcENZdW94WnlTMmhZY2NuRmtxY3NERlpUcnktSW45MldLMXRqUENuWW5Wajhqck1VZW1zaXRrVXhWWmFWby15VzFXSlFTem5Wcm9nTTNScVBNUW1FQnhvMi04aHdRNjZjLTdGdG80LVJuY2kydno3WGdBQ0hUMXp0bG9UOW12ZDFZaEozMC1PeHRhbHlaa2s0RzNLZ0dEZ2diR0xNWnU4YVpHdFpjVmVwVmNqMnNDbm9uLXprUWo3YW5QUk5mRDByUm1xRWU5VXhRdAADaXNzdAA9aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNjg2ZWExZDMtYmMyYi00YzZmLWE5MmMtZDk5YzVjMzAxNjM1L3QAB2luX2NvcnB0AAR0cnVldAAKb25wcmVtX3NpZHQAMFMtMS01LTIxLTE5MTUyMDcwMTMtMjYxNTA0MDM2OC0zMDc2OTI5NDU4LTYxODExM3QAA29pZHQAJDJmMmRlYTk0LTA1YzYtNGVjMS1iZmQ4LTdlOTllNTA3Y2JkNnQAA3V0aXQAFk1PQXN2QWRfRmt1R2NpOUV3QkV3QUF0AApnaXZlbl9uYW1ldAAESnVhbnQABW5vbmNldAArVDZZUXV1UGR4VXRIN3lTRWdNWmZVbGcwalNNOTBnYWxJTVZSN2F1V3A4c3QAA3RpZHQAJDY4NmVhMWQzLWJjMmItNGM2Zi1hOTJjLWQ5OWM1YzMwMTYzNXQAGHRva2VuX2V4cGlyYXRpb25fYWR2YW5jZXNyABFqYXZhLmxhbmcuSW50ZWdlchLioKT3gYc4AgABSQAFdmFsdWV4cgAQamF2YS5sYW5nLk51bWJlcoaslR0LlOCLAgAAeHAAAAAAdAADYXVkc3EAfgAQAAAAAXcEAAAAAXQAJGI3ZTFiYWMyLTljNDctNDA3YS04MGM1LTgxZjRhN2Q2MGM4Znh0AAt1bmlxdWVfbmFtZXQAFGp1YW4ucGFkaWxsYUBueHAuY29tdAADdXBudAAUanVhbi5wYWRpbGxhQG54cC5jb210AANuYmZzcgAOamF2YS51dGlsLkRhdGVoaoEBS1l0GQMAAHhwdwgAAAGO7hOuOHh0AAJyaHQANjAuQVFJQTA2RnVhQ3U4YjB5cExObWNYREFXTmNLNjRiZEhuSHBBZ01XQjlLZldESThDQUJzLnQABG5hbWV0AAxKdWFuIFBhZGlsbGF0AANleHBzcQB+ADF3CAAAAY7uTzCYeHQABmlwYWRkcnQACjQuNTYuMS4yNDZ0AANpYXRzcQB+ADF3CAAAAY7uE644eHQAC2ZhbWlseV9uYW1ldAAHUGFkaWxsYXhzcQB+AAc/QAAAAAAAAHcIAAAAEAAAAAB4dwEAc3IAEWphdmEudXRpbC5IYXNoU2V0ukSFlZa4tzQDAAB4cHcMAAAAED9AAAAAAAAAeHNxAH4AQHcMAAAAED9AAAAAAAAAeHQAEEF6dXJlQWRFbXBDbGllbnRweA==
Looking at debug statement for
2024-04-17 15:05:53,429 DEBUG [org.pac4j.core.profile.ProfileManager]
(default task-1901) Saving profiles (session) ... I see values which look
to be related to profile (azure ad user info).
Anyone dealt with this? Looks either to be a pac4j code issue or I'm
missing a setting in my oidc config.
-psv
On Wednesday, January 10, 2024 at 10:28:32 PM UTC-6 Pablo Vidaurri wrote:
> CAS 6.6.8
>
> A couple of problems with Azure AD delegated login via pac4j ODIC out of
> the box button click feature.
> 1) Two TGC cookies are being created, the 2nd with an empty value. This is
> causing the TGC not being available and my session is not being created.
> actuator/sso even returns back a 400. To get around this I commented a line
> of code from InitialFlowSetupAction.java. That seems to get around this
> issue but I'm not certain if I'm causing other issues.
>
> 2) I see a DISSESSION cookie being created at login. I don't recall seeing
> this cookie before enabling delegated login to Azure AD. The problem that
> I'm seeing with this is that I get a 500 error when logging out.
>
> 2024-01-08 15:29:13,937 ERROR
> [org.springframework.boot.web.servlet.support.ErrorPageFilter] (default
> task-454) Forwarding to error page from request [/logout]
> due to exception [Exception thrown executing
> org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientLogoutAction@4120bab
>
> in state 'terminateSession' of flow 'logout'
> -- action execution attributes were 'map[[empty]]']:
> org.springframework.webflow.execution.ActionExecutionException:
> Exception thrown executing
> org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientLogoutAction@4120bab
>
> in state 'terminateSession' of
> flow 'logout' -- action execution attributes were 'map[[empty]]'
> .
> .
> .
> Caused by: java.lang.ClassCastException: class java.lang.String cannot be
> cast to class org.pac4j.core.profile.UserProfile (java.lang.String is in
> module java.base of loader 'bootstrap';
> org.pac4j.core.profile.UserProfile is in unnamed module of loader
> 'deployment.cas.war' @512a9b9)
> at
> deployment.cas.war//org.pac4j.core.profile.ProfileManager.removeOrRenewExpiredProfiles(ProfileManager.java:98)
> at
> deployment.cas.war//org.pac4j.core.profile.ProfileManager.retrieveAll(ProfileManager.java:89)
> at
> deployment.cas.war//org.pac4j.core.profile.ProfileManager.getProfile(ProfileManager.java:50)
>
> If I manually delete the cookie after login, I see my session is still
> active, actuator/sso returns 200 with session info, and logout is not an
> issue.
>
> -psv
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8fd951ad-d92e-4c31-b766-1cff21c641e7n%40apereo.org.
