Hello,
I have a CAS 6.6.15 working in this configuration:
In general, users that via Spnego when they are in some ip range, if not
they go to the login form and that is configured with ldap.
For a determined url, we have a service json that redirects to a
Dualshield and returns when they are logged in.
The problem is when i try to configure a service json that pretends:
The user goes to extranet.company.com
If the user is in a test ip, it should go to Dualshield for authentication.
If the users is not in the test ip, it should go to the login form.
Pretty sure that should be configured with a
ChainingRegisteredServiceAccessStrategy but the criteria of the strategies
is not very clear at the Doc.
Like this testsite-1.json:
{
"@class": "org.apereo.cas.services.CasRegisteredService",
"serviceId": "https://extranet.company.com/.*";,
"name": "testsite",
"id": 1,
"evaluationOrder": 1,
"accessStrategy" :
{
"@class":
"org.apereo.cas.services.ChainingRegisteredServiceAccessStrategy",
"strategies": [ "java.util.ArrayList",
[ {
"@class" :
"org.apereo.cas.services.HttpRequestRegisteredServiceAccessStrategy",
"ipAddress" : "192.168.1.55",
"delegatedAuthenticationPolicy": {
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders": [ "java.util.ArrayList", [ "DualShield" ]
],
"permitUndefined": false,
"exclusive": true
}
},
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled": true
}
]
],
"operator": "OR"
}
}
This kind of json and some variants tested fails in two ways:
1) I recieve an error 500 on the cas/login screen and in the log says:
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] -
<Forwarding to error page from request [/login] due to exception [Exception
thrown executing
org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction@28a6a1b0
in state 'viewLoginForm' of flow 'login' -- action execution attributes
were 'map[[empty]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception
thrown executing
org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction@28a6a1b0
in state 'viewLoginForm' of flow 'login' -- action execution attributes
were 'map[[empty]]'
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.engine.ActionList.execute(ActionList.java:154)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.engine.ViewState.render(ViewState.java:291)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:185)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
...
Caused by: java.lang.NullPointerException
at
org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy.select(DefaultDelegatedClientIdentityProviderRedirectionStrategy.java:63)
~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at
org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.lambda$select$0(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:40)
~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at
java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
~[?:?]
at
java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1632)
~[?:?]
at
java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127)
~[?:?]
at
java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502)
~[?:?]
at
java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488) ~[?:?]
at
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
~[?:?]
at
java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) ~[?:?]
at
java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at
java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:543)
~[?:?]
at
org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.select(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:43)
~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at
org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer.produce(DefaultDelegatedClientIdentityProviderConfigurationProducer.java:64)
~[cas-server-support-pac4j-core-6.6.15.jar:6.6.15]
at
org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction.produceDelegatedAuthenticationClientsForContext(DelegatedAuthenticationGenerateClientsAction.java:45)
~[cas-server-support-pac4j-webflow-6.6.15.jar:6.6.15]
at
org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction.doExecute(DelegatedAuthenticationGenerateClientsAction.java:33)
~[cas-server-support-pac4j-webflow-6.6.15.jar:6.6.15]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
... 194 more
DEBUG
[org.apereo.cas.web.flow.error.DefaultDelegatedClientAuthenticationFailureEvaluator]
- <Delegation request has failed. Details are [{code=500}]>
2) Gives an error about policy is marked non-null but is null.
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] -
<Forwarding to error page from request [/login] due to exception [Exception
thrown executing
org.apereo.cas.web.flow.login.InitialFlowSetupAction@61ba9709 in state
'null' of flow 'login' -- action execution attributes were 'map[[empty]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception
thrown executing
org.apereo.cas.web.flow.login.InitialFlowSetupAction@61ba9709 in state
'null' of flow 'login' -- action execution attributes were 'map[[empty]]'
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.engine.ActionList.execute(ActionList.java:154)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:526)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264)
~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1070)
~[spring-webmvc-5.3.22.jar:5.3.22]
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
~[spring-webmvc-5.3.22.jar:5.3.22]
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
~[spring-webmvc-5.3.22.jar:5.3.22]
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
~[spring-webmvc-5.3.22.jar:5.3.22]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
~[tomcat9-servlet-api.jar:?]
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
~[spring-webmvc-5.3.22.jar:5.3.22]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
~[tomcat9-servlet-api.jar:?]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
~[tomcat9-catalina-9.0.16.jar:9.0.16]
...
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat9-util-9.0.16.jar:9.0.16]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: java.lang.NullPointerException: policy is marked non-null but is
null
at
org.apereo.cas.services.ChainingRegisteredServiceDelegatedAuthenticationPolicy.addStrategy(ChainingRegisteredServiceDelegatedAuthenticationPolicy.java:42)
~[cas-server-core-services-api-6.6.15.jar:6.6.15]
at
java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
~[?:?]
at
java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
~[?:?]
at
java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
~[?:?]
at
java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
at
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
~[?:?]
at
java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
~[?:?]
Has anyone tried to do something similar with the services?
Thanks for the time.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e837c9c1-938d-4ef9-af3e-4b9986f7a4f6n%40apereo.org.
