Hi! I'm trying to configure CAS to act as an identity provider. I have configured my service, metadata, etc... but I'm having troubles with my attribute-resolver.xml and it seems to be a problem with the bean initialization order.
The problem is creating the bean attributeRepository at ShibbolethAttributeResolverConfiguration (cas-server-support-shibboleth-attributes dependency, following the https://apereo.github.io/cas/5.2.x/integration/Attribute-Resolution.html#shibboleth doc) When the Bean is being created an exception is thrown because the XMLObjectProviderRegistry has not been initialized yet (it is initialized with OpenSamlConfigBean). Here the exception: 2018-01-26 14:05:01,616 WARN > [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext] - > <Exception encountered during context initialization - cancelling refresh > attempt: org.springframework.beans.factory.BeanCreationException: Error > creating bean with name > 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder#0': > > Instantiation of bean failed; nested exception is > org.springframework.beans.BeanInstantiationException: Failed to instantiate > [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]: > > Constructor threw exception; nested exception is > java.lang.NullPointerException> > 2018-01-26 14:05:05,615 WARN > [org.apereo.cas.config.ShibbolethAttributeResolverConfiguration] - <Error > creating bean with name > 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder#0': > > Instantiation of bean failed; nested exception is > org.springframework.beans.BeanInstantiationException: Failed to instantiate > [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]: > > Constructor threw exception; nested exception is > java.lang.NullPointerException> > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name > 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder#0': > > Instantiation of bean failed; nested exception is > org.springframework.beans.BeanInstantiationException: Failed to instantiate > [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]: > > Constructor threw exception; nested exception is > java.lang.NullPointerException > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1155) > > ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE] > [...] > Caused by: org.springframework.beans.BeanInstantiationException: Failed to > instantiate > [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]: > > Constructor threw exception; nested exception is > java.lang.NullPointerException > at > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:154) > ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE] > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:89) > > ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE] > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1147) > > ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE] > ... 108 more > Caused by: java.lang.NullPointerException > at > org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getBuilderFactory(XMLObjectProviderRegistrySupport.java:107) > > ~[opensaml-core-3.3.0.jar:?] > at > net.shibboleth.idp.saml.attribute.encoding.AbstractSAML2AttributeEncoder.<init>(AbstractSAML2AttributeEncoder.java:61) > > ~[idp-saml-api-3.3.1.jar:?] The NPE point: public static XMLObjectBuilderFactory getBuilderFactory() { return *ConfigurationService.get(XMLObjectProviderRegistry.class)* .getBuilderFactory(); } My configuration: cas.properties > cas.authn.samlIdp.entityId=entityId > cas.authn.samlIdp.hostName=HOST > cas.authn.samlIdp.scope=HOST > cas.authn.samlIdp.metadata.cacheExpirationMinutes=60 > cas.authn.samlIdp.metadata.location=file:/etc/cas/saml > cas.authn.samlIdp.metadata.requireValidMetadata=true > cas.authn.samlIdp.response.signError=false > cas.authn.samlIdp.response.useAttributeFriendlyName=true > #cas.authn.samlIdp.metadata.failFast=true > #cas.authn.samlIdp.metadata.privateKeyAlgName=RSA > #cas.authn.samlIdp.response.skewAllowance=0 > > cas.shibAttributeResolver.resources=file:/etc/cas/saml/attribute-resolver.xml attribute-resolver.xml > <?xml version="1.0" encoding="UTF-8"?> > <AttributeResolver > xmlns="urn:mace:shibboleth:2.0:resolver" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver > http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd";> <!-- ========================================== --> > <!-- Attribute Definitions --> > <!-- ========================================== --> > <!-- Schema: Core schema attributes--> > <AttributeDefinition id="FirstName" xsi:type="Simple" > sourceAttributeID="firstname"> > <Dependency ref="vdp" /> > <AttributeEncoder xsi:type="SAML2String" > name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="FirstName" > encodeType="false" > nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" /> > </AttributeDefinition> > > <AttributeDefinition id="LastName" xsi:type="Simple" > sourceAttributeID="lastname"> > <Dependency ref="vdp" /> > <AttributeEncoder xsi:type="SAML2String" > name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="LastName" > encodeType="false" > nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" /> > </AttributeDefinition> > > <AttributeDefinition id="Email" xsi:type="Simple" > sourceAttributeID="email"> > <Dependency ref="vdp" /> > <AttributeEncoder xsi:type="SAML2String" > name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="Email" > encodeType="false" > nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" /> > </AttributeDefinition> > <!-- Name Identifier related attributes --> > <AttributeDefinition id="NameID" xsi:type="PrincipalName"> > <AttributeEncoder xsi:type="SAML2StringNameID" > nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" > nameQualifier="NameID" encodeType="false" > name="urn:oid:0.9.2342.19200300.100.1.1"/> > </AttributeDefinition> > > <!-- JNDI JDBC Connector --> > <DataConnector id="vdp" xsi:type="RelationalDatabase" > readOnlyConnection="true" queryTimeout="10000"> > <ContainerManagedConnection > resourceName="java:comp/env/jdbc/mydatabase" /> > <QueryTemplate> > <![CDATA[ > select * from user_table where login_input = > '$requestContext.principalName' limit 1 > ]]> > </QueryTemplate> > <Column columnName="login_input" attributeID="NameID"/> > <Column columnName="firstname" attributeID="firstname" /> > <Column columnName="lastname" attributeID="lastname" /> > <Column columnName="email" attributeID="email" /> > </DataConnector> > </AttributeResolver> When I access to CAS through a service provider request, the redirections work fine and I'm able to log in, but when it tries to retrieve the attributes for the principal, there's nothing because the created attribute repository is not the one configured in my attribute-resolver.xml. Can anyone suggest me where the problem is? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/35e0d526-7c1a-4934-9b7a-b9cc9b068fed%40apereo.org.
