Michael Ströder wrote:
> I'd like to upgrade from 3.4.8 to 3.4.10. My CAS 3.4.8 successfully uses LDAP
> and SPNEGO/Kerberos with a customized login-webflow.xml for SPNEGO/Kerberos.
> It does not work with 3.4.10 though.
>
> It seems some configuration items were dropped from
> https://wiki.jasig.org/display/CASUM/SPNEGO
One has to enable Javascript to read the simple text. :-(
This was not necessary in former times.
> Especially I wonder how the correct XML snippet in login-webflow.xml for
> SPNEGO with 3.4.10 should look like since there's a new state
> "generateLoginTicket".
I now tried with the attached login-webflow.xml. But it does not work (see
logs excerpts below).
Ciao, Michael.
2011-08-24 15:16:10,403 DEBUG
[org.springframework.webflow.execution.AnnotatedAction] - <Clearing action
execution attributes map[[empty]]>
2011-08-24 15:16:10,403 DEBUG
[org.springframework.webflow.execution.ActionExecutor] - <Finished executing
[EvaluateAction@1561437 expression = negociat
eSpnego, resultExpression = [null]]; result = success>
2011-08-24 15:16:10,403 DEBUG [org.springframework.webflow.engine.Transition]
- <Executing [Transition@b6b2a5 on = success, to = spnego]>
2011-08-24 15:16:10,403 DEBUG [org.springframework.webflow.engine.Transition]
- <Exiting state 'startAuthenticate'>
2011-08-24 15:16:10,403 DEBUG [org.springframework.webflow.engine.ActionState]
- <Entering state 'spnego' of flow 'login'>
2011-08-24 15:16:10,403 DEBUG
[org.springframework.webflow.execution.ActionExecutor] - <Executing
[EvaluateAction@8a9d2a expression = spnego, resultExpr
ession = [null]]>
2011-08-24 15:16:10,404 DEBUG
[org.springframework.webflow.execution.AnnotatedAction] - <Putting action
execution attributes map[[empty]]>
2011-08-24 15:16:10,404 DEBUG
[org.springframework.webflow.execution.ActionExecutor] - <Executing
org.jasig.cas.support.spnego.web.flow.SpnegoCredential
sAction@5438e1>
2011-08-24 15:16:10,404 DEBUG
[org.springframework.webflow.execution.ActionExecutor] - <Finished executing
org.jasig.cas.support.spnego.web.flow.SpnegoC
redentialsAction@5438e1; result = error>
2011-08-24 15:16:10,404 DEBUG
[org.springframework.webflow.execution.AnnotatedAction] - <Clearing action
execution attributes map[[empty]]>
2011-08-24 15:16:10,404 DEBUG
[org.springframework.webflow.execution.ActionExecutor] - <Finished executing
[EvaluateAction@8a9d2a expression = spnego, r
esultExpression = [null]]; result = error>
2011-08-24 15:16:10,404 DEBUG [org.springframework.webflow.engine.Transition]
- <Executing [Transition@1627b8b on = error, to = generateLoginTicket]>
2011-08-24 15:16:10,404 DEBUG [org.springframework.webflow.engine.Transition]
- <Exiting state 'spnego'>
2011-08-24 15:16:10,404 DEBUG [org.springframework.webflow.engine.ActionState]
- <Entering state 'generateLoginTicket' of flow 'login'>
2011-08-24 15:16:10,404 DEBUG
[org.springframework.webflow.execution.ActionExecutor] - <Executing
[EvaluateAction@9d22fc expression = generateLoginTicke
tAction.generate(flowRequestContext), resultExpression = [null]]>
2011-08-24 15:16:10,404 DEBUG
[org.springframework.webflow.execution.AnnotatedAction] - <Putting action
execution attributes map[[empty]]>
2011-08-24 15:16:10,410 DEBUG
[org.springframework.webflow.execution.AnnotatedAction] - <Clearing action
execution attributes map[[empty]]>
2011-08-24 15:16:10,410 DEBUG
[org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Attempting to
handle [org.springframework.webflow.execution
.ActionExecutionException: Exception thrown executing [AnnotatedAction@96e599
targetAction = [EvaluateAction@9d22fc expression = generateLoginTicketActi
on.generate(flowRequestContext), resultExpression = [null]], attributes =
map[[empty]]] in state 'generateLoginTicket' of flow 'login' -- action executi
on attributes were 'map[[empty]]'] with root cause
[ognl.NoSuchPropertyException:
org.springframework.webflow.engine.impl.RequestControlContextImpl.gene
rateLoginTicketAction]>
2011-08-24 15:16:10,410 DEBUG
[org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Rethrowing
unhandled flow execution exception>
2011-08-24 15:16:10,413 ERROR
[org.apache.catalina.core.ContainerBase.[Catalina].[cas-server.stroeder.local].[/mycasad].[cas]]
- <Servlet.service() for
servlet cas threw exception>
ognl.NoSuchPropertyException:
org.springframework.webflow.engine.impl.RequestControlContextImpl.generateLoginTicketAction
at
ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:151)
at
org.springframework.webflow.expression.WebFlowOgnlExpressionParser$RequestContextPropertyAccessor.getProperty(WebFlowOgnlExpressionParser.jav
a:118)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2210)
at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.ASTChain.getValueBody(ASTChain.java:141)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.Ognl.getValue(Ognl.java:494)
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user<?xml version="1.0" encoding="UTF-8"?>
<flow xmlns="http://www.springframework.org/schema/webflow";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/webflow
http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd";>
<var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
<on-start>
<evaluate expression="initialFlowSetupAction" />
</on-start>
<decision-state id="ticketGrantingTicketExistsCheck">
<if test="flowScope.ticketGrantingTicketId neq null" then="hasServiceCheck" else="gatewayRequestCheck" />
</decision-state>
<decision-state id="gatewayRequestCheck">
<if test="externalContext.requestParameterMap['gateway'] neq '' && externalContext.requestParameterMap['gateway'] neq null && flowScope.service neq null" then="gatewayServicesManagementCheck" else="startAuthenticate" />
</decision-state>
<decision-state id="hasServiceCheck">
<if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" />
</decision-state>
<decision-state id="renewRequestCheck">
<if test="externalContext.requestParameterMap['renew'] neq '' && externalContext.requestParameterMap['renew'] neq null" then="generateLoginTicket" else="startAuthenticate" />
</decision-state>
<!--
The "warn" action makes the determination of whether to redirect directly to the requested
service or display the "confirmation" page to go back to the server.
-->
<decision-state id="warn">
<if test="flowScope.warnCookieValue" then="showWarningView" else="redirect" />
</decision-state>
<!--
<action-state id="startAuthenticate">
<action bean="x509Check" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="warn" to="warn" />
<transition on="error" to="generateLoginTicket" />
</action-state>
-->
<action-state id="startAuthenticate">
<evaluate expression="negociateSpnego" />
<transition on="success" to="spnego" />
</action-state>
<action-state id="spnego">
<evaluate expression="spnego" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="generateLoginTicket" />
</action-state>
<action-state id="generateLoginTicket">
<evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
<transition on="success" to="viewLoginForm" />
</action-state>
<view-state id="viewLoginForm" view="casLoginView" model="credentials">
<binder>
<binding property="username" />
<binding property="password" />
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credentials'" />
</on-entry>
<transition on="submit" bind="true" validate="true" to="realSubmit">
<evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" />
</transition>
</view-state>
<action-state id="realSubmit">
<evaluate expression="authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext)" />
<transition on="warn" to="warn" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="generateLoginTicket" />
</action-state>
<action-state id="sendTicketGrantingTicket">
<evaluate expression="sendTicketGrantingTicketAction" />
<transition to="serviceCheck" />
</action-state>
<decision-state id="serviceCheck">
<if test="flowScope.service neq null" then="generateServiceTicket" else="viewGenericLoginSuccess" />
</decision-state>
<action-state id="generateServiceTicket">
<evaluate expression="generateServiceTicketAction" />
<transition on="success" to ="warn" />
<transition on="error" to="generateLoginTicket" />
<transition on="gateway" to="gatewayServicesManagementCheck" />
</action-state>
<action-state id="gatewayServicesManagementCheck">
<evaluate expression="gatewayServicesManagementCheck" />
<transition on="success" to="redirect" />
</action-state>
<action-state id="redirect">
<evaluate expression="flowScope.service.getResponse(requestScope.serviceTicketId)" result-type="org.jasig.cas.authentication.principal.Response" result="requestScope.response" />
<transition to="postRedirectDecision" />
</action-state>
<decision-state id="postRedirectDecision">
<if test="requestScope.response.responseType.name() eq 'POST'" then="postView" else="redirectView" />
</decision-state>
<!--
the "viewGenericLogin" is the end state for when a user attempts to login without coming directly from a service.
They have only initialized their single-sign on session.
-->
<end-state id="viewGenericLoginSuccess" view="casLoginGenericSuccessView" />
<!--
The "showWarningView" end state is the end state for when the user has requested privacy settings (to be "warned") to be turned on. It delegates to a
view defines in default_views.properties that display the "Please click here to go to the service." message.
-->
<end-state id="showWarningView" view="casLoginConfirmView" />
<end-state id="postView" view="postResponseView">
<on-entry>
<set name="requestScope.parameters" value="requestScope.response.attributes" />
<set name="requestScope.originalUrl" value="flowScope.service.id" />
</on-entry>
</end-state>
<!--
The "redirect" end state allows CAS to properly end the workflow while still redirecting
the user back to the service required.
-->
<end-state id="redirectView" view="externalRedirect:${requestScope.response.url}" />
<end-state id="viewServiceErrorView" view="viewServiceErrorView" />
<end-state id="viewServiceSsoErrorView" view="viewServiceSsoErrorView" />
<global-transitions>
<transition to="viewServiceErrorView" on-exception="org.springframework.webflow.execution.repository.NoSuchFlowExecutionException" />
<transition to="viewServiceSsoErrorView" on-exception="org.jasig.cas.services.UnauthorizedSsoServiceException" />
<transition to="viewServiceErrorView" on-exception="org.jasig.cas.services.UnauthorizedServiceException" />
</global-transitions>
</flow>
