I have same error, i imported ADFS signing.cer to keystore and configure certificate file to ADFS (C:/Keystore/signing.cer). Please help me and thank every help or idea help solved this error (sorry, i speak english not well).
Vào 02:39:00 UTC+7 Thứ Sáu, ngày 08 tháng 4 năm 2016, david.abney đã viết: > > Well it turns out that I copied the ADFS settings into the cas.properties > file twice, so it must have been using classpath:adfs-signing.crt instead > of the setting that was above it that actually pointed to my adfs > certificate. I removed the extra ADFS settings in the cas.properties > file and I got a new error message: > > > > 15:34:34.692 [http-bio-8443-exec-2] ERROR > org.jasig.cas.support.wsfederation.web.flow.WsFederationAction - WS > Requested Security Token is blank or the signature is not valid. > > > > So, I assume I grabbed the incorrect certificate from ADFS. I will make > sure to grab the signing certificate and try again and see what happens. > > > > Thanks, > > > > –––––––––––––––––––– > > *David Abney* > > ITS Web Developer/Programmer > > > > 600 West Walnut Street > > Danville, Kentucky 40422 > > 859.238.5761 > > > > [image: email_logo] > > www.centre.edu > > > > *From:* John Gasper [mailto:[email protected] <javascript:>] > *Sent:* Thursday, April 07, 2016 10:17 AM > *To:* David Abney <[email protected] <javascript:>>; [email protected] > <javascript:> > *Subject:* Re: [cas-user] ADFS and CAS Issue > > > > Hi David, > > > > The null validation credential appears to be the signature credential. Did > you copy the ADFS signing key over to CAS and point the config at the > exported cert? > > > > John > > > > -- > > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > > > > > *From: *<[email protected] <javascript:>> on behalf of David Abney < > [email protected] <javascript:>> > *Date: *Thursday, April 7, 2016 at 7:30 AM > *To: *"[email protected] <javascript:>" <[email protected] > <javascript:>> > *Subject: *[cas-user] ADFS and CAS Issue > > > > I have updated to CAS 4.2.0 and I am trying to setup the integration > between CAS and ADFS 2.0. I believe I have the cas.properties file setup > correctly with my information about our ADFS server. I believe I have > setup the ADFS relying party information correctly. When I go to the CAS > server I get redirected to the ADFS login page and I am authenticated by > ADFS (so far so good), but I am redirected back to a blank CAS login page. > It doesn’t appear to be in a redirect loop, I am sent back to the CAS > login page url, but the page is just blank. Any thoughts on why this > problem is occurring? Could it be how I setup my claims being sent from > ADFS? > > > > The cataline.out file has this error message in it: > > 09:14:33.148 [http-bio-8443-exec-5] ERROR > org.jasig.cas.support.wsfederation.web.flow.WsFederationAction - Validation > credential cannot be null > > net.shibboleth.utilities.java.support.logic.ConstraintViolationException: > Validation credential cannot be null > > at > net.shibboleth.utilities.java.support.logic.Constraint.isNotNull(Constraint.java:227) > > at > org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl.validate(ApacheSantuarioSignatureValidationProviderImpl.java:51) > > at > org.opensaml.xmlsec.signature.support.SignatureValidator.validate(SignatureValidator.java:54) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.verifySignature(BaseSignatureTrustEngine.java:242) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.validate(BaseSignatureTrustEngine.java:198) > > at > org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine.doValidate(ExplicitKeySignatureTrustEngine.java:108) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.validate(BaseSignatureTrustEngine.java:105) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.validate(BaseSignatureTrustEngine.java:62) > > at > org.jasig.cas.support.wsfederation.WsFederationHelper.validateSignature_aroundBody4(WsFederationHelper.java:179) > > at > org.jasig.cas.support.wsfederation.WsFederationHelper$AjcClosure5.run(WsFederationHelper.java:1) > > at > org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) > > at > org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44) > > at > org.jasig.cas.support.wsfederation.WsFederationHelper.validateSignature(WsFederationHelper.java:157) > > at > org.jasig.cas.support.wsfederation.web.flow.WsFederationAction.doExecute(WsFederationAction.java:107) > > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > > at > org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) > > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) > > at org.springframework.webflow.engine.State.enter(State.java:194) > > at org.springframework.webflow.engine.Flow.start(Flow.java:527) > > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) > > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) > > at > org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) > > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238) > > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) > > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) > > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) > > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) > > at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.jasig.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:227) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.jasig.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:250) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) > > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) > > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041) > > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) > > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > > at java.lang.Thread.run(Thread.java:745) > > > > I am sending back the UPN from ADFS and we have ADFS working with other > systems, so the UPN is not blank. I did skip the part of the CAS setup > where you can manipulate the claims coming from ADFS. > > > > –––––––––––––––––––– > > *David Abney* > > ITS Web Developer/Programmer > > > > 600 West Walnut Street > > Danville, Kentucky 40422 > > 859.238.5761 > > > > [image: email_logo] > > www.centre.edu > > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/938486a38f3d424ca218e63fa6bb43f0%40Exchange-MB2.centre.edu > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/938486a38f3d424ca218e63fa6bb43f0%40Exchange-MB2.centre.edu?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4f5b919b-ab6a-4e14-963c-5162362bb38a%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
