[cas-user] Re: CAS 5.2.1 - Error loading ShibbolethAttributeResolverConfiguration

[Oscar del Pozo]

OK, 

I think I have a workaround.

I excluded the ShibbolethAttributeResolverConfiguration adding to my 
application.yml the following

> spring:
>     autoconfigure:

        exclude: 
> org.apereo.cas.config.ShibbolethAttributeResolverConfiguration


Then, I make my own AttributeResolverConfiguration class (a copy of 
ShibbolethAttributeResolverConfiguration) where I set a dependency 
with OpenSamlConfigBean to ensure that that bean is loaded before my config 
bean and, finally, I added my new bean to spring.factories file.

Anyway, I think that the ShibbolethAttributeResolverConfiguration should 
include the dependency with the samlConfigBean, shouldn't it?


El viernes, 26 de enero de 2018, 14:14:47 (UTC+1), Oscar del Pozo escribió:
>
> Hi!
>
> I'm trying to configure CAS to act as an identity provider. I have 
> configured my service, metadata, etc... but I'm having troubles with my 
> attribute-resolver.xml and it seems to be a problem with the bean 
> initialization order.
>
> The problem is creating the bean attributeRepository 
> at ShibbolethAttributeResolverConfiguration 
> (cas-server-support-shibboleth-attributes dependency, following the 
> https://apereo.github.io/cas/5.2.x/integration/Attribute-Resolution.html#shibboleth
>  
> doc)
>
> When the Bean is being created an exception is thrown because 
> the XMLObjectProviderRegistry has not been initialized yet (it is 
> initialized with OpenSamlConfigBean). Here the exception:
>
> 2018-01-26 14:05:01,616 WARN 
>> [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext] - 
>> <Exception encountered during context initialization - cancelling refresh 
>> attempt: org.springframework.beans.factory.BeanCreationException: Error 
>> creating bean with name 
>> 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder#0':
>>  
>> Instantiation of bean failed; nested exception is 
>> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
>> [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]:
>>  
>> Constructor threw exception; nested exception is 
>> java.lang.NullPointerException>
>> 2018-01-26 14:05:05,615 WARN 
>> [org.apereo.cas.config.ShibbolethAttributeResolverConfiguration] - <Error 
>> creating bean with name 
>> 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder#0':
>>  
>> Instantiation of bean failed; nested exception is 
>> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
>> [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]:
>>  
>> Constructor threw exception; nested exception is 
>> java.lang.NullPointerException>
>> org.springframework.beans.factory.BeanCreationException: Error creating 
>> bean with name 
>> 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder#0':
>>  
>> Instantiation of bean failed; nested exception is 
>> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
>> [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]:
>>  
>> Constructor threw exception; nested exception is 
>> java.lang.NullPointerException
>> at 
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1155)
>>  
>> ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>         [...]
>> Caused by: org.springframework.beans.BeanInstantiationException: Failed 
>> to instantiate 
>> [net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringAttributeEncoder]:
>>  
>> Constructor threw exception; nested exception is 
>> java.lang.NullPointerException
>> at 
>> org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:154) 
>> ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>> at 
>> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:89)
>>  
>> ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>> at 
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1147)
>>  
>> ~[spring-beans-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>> ... 108 more
>> Caused by: java.lang.NullPointerException
>> at 
>> org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport.getBuilderFactory(XMLObjectProviderRegistrySupport.java:107)
>>  
>> ~[opensaml-core-3.3.0.jar:?]
>> at 
>> net.shibboleth.idp.saml.attribute.encoding.AbstractSAML2AttributeEncoder.<init>(AbstractSAML2AttributeEncoder.java:61)
>>  
>> ~[idp-saml-api-3.3.1.jar:?]
>
>
> The NPE point:
>     public static XMLObjectBuilderFactory getBuilderFactory() {
>         return *ConfigurationService.get(XMLObjectProviderRegistry.class)*
> .getBuilderFactory();
>     }
>
>
>
>
> My configuration:
>
> cas.properties
>
>> cas.authn.samlIdp.entityId=entityId
>> cas.authn.samlIdp.hostName=HOST
>> cas.authn.samlIdp.scope=HOST
>> cas.authn.samlIdp.metadata.cacheExpirationMinutes=60
>> cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
>> cas.authn.samlIdp.metadata.requireValidMetadata=true
>> cas.authn.samlIdp.response.signError=false
>> cas.authn.samlIdp.response.useAttributeFriendlyName=true
>> #cas.authn.samlIdp.metadata.failFast=true
>> #cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
>> #cas.authn.samlIdp.response.skewAllowance=0
>>
>> cas.shibAttributeResolver.resources=file:/etc/cas/saml/attribute-resolver.xml
>
>
> attribute-resolver.xml
>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <AttributeResolver
>>         xmlns="urn:mace:shibboleth:2.0:resolver"
>>         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>>         xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver 
>> http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd";> 
>
>     <!-- ========================================== -->
>>     <!--      Attribute Definitions                 -->
>>     <!-- ========================================== -->
>>     <!-- Schema: Core schema attributes-->
>>     <AttributeDefinition id="FirstName" xsi:type="Simple" 
>> sourceAttributeID="firstname">
>>     <Dependency ref="vdp" />
>>         <AttributeEncoder xsi:type="SAML2String" 
>> name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="FirstName" 
>>         encodeType="false" 
>> nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
>>     </AttributeDefinition>
>>     
>>     <AttributeDefinition id="LastName" xsi:type="Simple" 
>> sourceAttributeID="lastname">
>>     <Dependency ref="vdp" />
>>         <AttributeEncoder xsi:type="SAML2String" 
>> name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="LastName" 
>>         encodeType="false" 
>> nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
>>     </AttributeDefinition>
>>     
>>     <AttributeDefinition id="Email" xsi:type="Simple" 
>> sourceAttributeID="email">
>>     <Dependency ref="vdp" />
>>     <AttributeEncoder xsi:type="SAML2String" 
>> name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="Email" 
>>     encodeType="false" 
>> nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" />
>>     </AttributeDefinition>
>>     <!-- Name Identifier related attributes -->
>>     <AttributeDefinition id="NameID" xsi:type="PrincipalName">
>>         <AttributeEncoder xsi:type="SAML2StringNameID" 
>> nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" 
>>         nameQualifier="NameID" encodeType="false" 
>> name="urn:oid:0.9.2342.19200300.100.1.1"/>
>>     </AttributeDefinition>
>>     
>>     <!-- JNDI JDBC Connector -->
>>     <DataConnector id="vdp" xsi:type="RelationalDatabase" 
>> readOnlyConnection="true" queryTimeout="10000">
>>     <ContainerManagedConnection 
>> resourceName="java:comp/env/jdbc/mydatabase" />
>>     <QueryTemplate>
>>     <![CDATA[
>> select * from user_table where login_input = 
>> '$requestContext.principalName' limit 1
>>             ]]>
>>     </QueryTemplate>
>>         <Column columnName="login_input" attributeID="NameID"/>
>>         <Column columnName="firstname" attributeID="firstname" />
>>         <Column columnName="lastname" attributeID="lastname" />
>>         <Column columnName="email" attributeID="email" />
>>     </DataConnector>
>> </AttributeResolver>
>
>
>  
> When I access to CAS through a service provider request, the redirections 
> work fine and I'm able to log in, but when it tries to retrieve the 
> attributes for the principal, there's nothing because the created attribute 
> repository is not the one configured in my attribute-resolver.xml.
>
> Can anyone suggest me where the problem is?
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/58407f45-cba8-406c-957e-6cfac51c2dce%40apereo.org.