Hello, after upgrade to 4.1.8 (from 4.1.6) we have problems with x509 authentication.
---- 2016-05-23 19:15:28,546 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] - Certificate found in request. 2016-05-23 19:15:28,575 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - Evaluating [[email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>, CN=x, OU=x, O=x, L=x, ST=x, C=x,serialNumber=x] 2016-05-23 19:15:28,579 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - .* matches [email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>, CN=x, OU=x, O=x, L=x, ST=x, C=x == true 2016-05-23 19:15:28,581 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - Checking certificate keyUsage extension 2016-05-23 19:15:28,583 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - KeyUsage extension is marked critical or required by configuration. 2016-05-23 19:15:28,589 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - EMAILADDRESS=yy@zz <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>, CN=[^,]*, OU=x, O=x, L=x, ST=x, C=x matches EMAILADDRESS=yy@zz <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>, CN=x, OU=x, O=x, L=x, ST=x, C=x == true 2016-05-23 19:15:28,591 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - Found valid client certificate 2016-05-23 19:15:28,593 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - X509CredentialsAuthenticationHandler successfully authenticated [ [email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>, CN=x, OU=x, O=x, L=x, ST=x, C=x,serialNumber=x] 2016-05-23 19:15:28,594 DEBUG [org.jasig.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver] - Attempting to resolve a principal... 2016-05-23 19:15:28,612 DEBUG [org.jasig.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver] - Resolving principal for [ [ Version: V3 Subject: [email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>, CN=x, OU=x, O=x, L=x, ST=x, C=x ... ] 2016-05-23 19:15:28,630 DEBUG [org.jasig.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver] - Creating SimplePrincipal for [[email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>] 2016-05-23 19:15:28,631 DEBUG [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - Created seed map='{username=[[email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>]}' for uid='[email protected]' 2016-05-23 19:15:28,631 DEBUG [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - Adding attribute 'username' with value '[[email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>]' to query builder 'null' 2016-05-23 19:15:28,632 DEBUG [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - Constructed LDAP search query [(|([email protected])([email protected]))] 2016-05-23 19:15:28,637 DEBUG [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - Generated query builder '[org.ldaptive.SearchFilter@-1951432215 <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>::filter=(|(mail={0})(uid={0})), parameters={[email protected]}]' from query Map {username=[[email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>]}. 2016-05-23 19:15:28,681 DEBUG [org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - Converted ldap DN entry [cn=x,ou=x,o=x,c=x] to attribute map {uid=[xx], employeeType=[xx], mail=[[email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>], businessCategory=[x], displayName=[x], destinationIndicator=[x]} 2016-05-23 19:15:28,684 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [X509CertificateCredential] for audit 2016-05-23 19:15:28,685 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: [[email protected] <https://www.b-tu.de/webmail/imp/dynamic.php?page=mailbox#>, CN=x, OU=x, O=x, L=x, ST=x, C=x,serialNumber=x] WHAT: 'principal' cannot be null. Check the correctness of @Audit annotation at the following audit point: execution(public abstract transient org.jasig.cas.authentication.Authentication org.jasig.cas.authentication.AuthenticationManager.authenticate(org.jasig.cas.authentication.Credential[])) ACTION: TICKET_GRANTING_TICKET_NOT_CREATED ---- Any suggestions? K-D Krannich -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d424e70-d5be-41e3-a0d7-dc89855a5be4%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
