When i access /cas/login page then CAS works successfully - it's identify user automatically.
But when i access application (cas client https://some-apps.domen.com) then 500 error happens: https://cas01-test.apps.domen.com/cas/login?service=https%3A%2F%2Fsome-apps.domen.com 2018-03-26 17:46:57,211 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch> org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@38fcaa83 targetAction = [EvaluateAction@3f587030 expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]' ...... Caused by: org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'flowScope.service.getResponse(requestScope.serviceTicketId)' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl] ... 133 more Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1004E: Method call: Method getResponse(java.lang.String) cannot be found on org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl type ... 133 more 2018-03-26 17:46:57,211 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch> org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@38fcaa83 targetAction = [EvaluateAction@3f587030 expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]' Could you please advise how to fix it? MY CONFIGURATION: 1. I added this into pom.xml to use maven overlay to build cas.war: #TO ENABLE SPNEGO IN CAS <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-spnego-webflow</artifactId> <version>${cas.version}</version> </dependency> #TO ENABLE JSON REGISTRY TO BE ABLE GRANT ACCESS FOR CAS CLIENTS (some applications) <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-json-service-registry</artifactId> <version>${cas.version}</version> </dependency> 2. my cas.properties cas.server.name=https://cas01-test.apps.domen.com cas.server.prefix=https://cas01-test.apps.domen.com/cas server.context-path=/cas server.port=8443 server.max-http-header-size=2097152 server.max-http-post-size=2097152 server.use-forward-headers=true server.tomcat.basedir=build/tomcat server.tomcat.accesslog.enabled=true server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms) server.tomcat.accesslog.suffix=.log server.tomcat.max-threads=5 server.tomcat.port-header=X-Forwarded-Port server.tomcat.protocol-header=X-Forwarded-Proto server.tomcat.protocol-header-https-value=https server.tomcat.remote-ip-header=X-FORWARDED-FOR server.tomcat.uri-encoding=UTF-8 server.error.include-stacktrace=ALWAYS spring.http.encoding.charset=UTF-8 spring.http.encoding.enabled=true spring.http.encoding.force=true endpoints.enabled=true endpoints.sensitive=true management.context-path=/status endpoints.restart.enabled=false endpoints.shutdown.enabled=false ## # CAS Web Application Session Configuration # server.session.timeout=300 server.session.cookie.http-only=false server.session.tracking-modes=COOKIE server.session.trackingModes=COOKIE ## # CAS Thymeleaf View Configuration # spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.cache=false spring.thymeleaf.mode=HTML ## # CAS Log4j Configuration # # logging.config=file:/etc/cas/log4j2.xml server.context-parameters.isLog4jAutoInitializationDisabled=true ## # CAS AspectJ Configuration # spring.aop.auto=true spring.aop.proxy-target-class=true ## # CAS Authentication Credentials # # cas.authn.accept.users= logging.level.org.apereo=DEBUG #CAS JSON REGISTRY cas.serviceRegistry.json.location=file:/D:/applications/buap-services/cas/webapps/cas/WEB-INF/classes/services #CAS WEBFLOW cas.webflow.autoconfigure=true #cas.webflow.alwaysPauseRedirect=false #cas.webflow.refresh=true #cas.webflow.redirectSameState=false #CAS SPNEGO ATTRIBUTES #cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader #cas.authn.spnego.dnsTimeout=2000 #cas.authn.spnego.hostNamePatternString=.+ #cas.authn.spnego.ipsToCheckPattern=10.+ #cas.authn.spnego.jcifsNetbiosWins= cas.authn.spnego.principal.principalAttribute=uid #cas.authn.spnego.principal.returnNull=false cas.authn.spnego.spnegoAttributeName=uid #cas.authn.spnego.useSubjectCredsOnly=false cas.authn.spnego.cachePolicy=600 #cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction cas.authn.spnego.hostNameClientActionStrategy=ldapSpnegoClientAction cas.authn.spnego.jcifsDomain=domen.com cas.authn.spnego.jcifsDomainController=domen.com cas.authn.spnego.jcifsServicePassword=XXXXX cas.authn.spnego.jcifsServicePrincipal=HTTP/[email protected] cas.authn.spnego.jcifsUsername=XXX cas.authn.spnego.jcifsPassword=XXX cas.authn.spnego.kerberosConf=D:\\applications\\buap-services\\cas\\webapps\\cas\\WEB-INF\\classes\\krb.conf cas.authn.spnego.kerberosDebug=true cas.authn.spnego.kerberosKdc=kdcserver.domen.com cas.authn.spnego.kerberosRealm=domen.com cas.authn.spnego.loginConf=file:/D:/applications/buap-services/cas/webapps/cas/WEB-INF/classes/login.conf cas.authn.spnego.mixedModeAuthentication=false cas.authn.spnego.ntlm=false cas.authn.spnego.ntlmAllowed=true cas.authn.spnego.principalWithDomainName=false cas.authn.spnego.send401OnAuthenticationFailure=true cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit cas.authn.spnego.timeout=300000 cas.authn.spnego.ldap.ldapUrl=ldap://some_server.domen.com cas.authn.spnego.ldap.baseDn=DC=XXXXXXXXXX,DC=net cas.authn.spnego.ldap.userFilter=(uid={user}) cas.authn.spnego.ldap.bindDn=CN=XXXXXXXXXXXXX,OU=Local,OU=Service Accounts,OU=Users,OU=Enterprise,DC=XXXXXXXXXXX,DC=net cas.authn.spnego.ldap.bindCredential=XXXXXXXXXXXXX cas.authn.spnego.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.spnego.ldap.connectTimeout=5000 cas.authn.spnego.ldap.useStartTls=false #cas.authn.spnego.ldap.baseDn=false cas.authn.spnego.ldap.attribute=uid #cas.authn.spnego.ldap.keystore= #cas.authn.spnego.ldap.keystorePassword= #cas.authn.spnego.ldap.keystoreType=JKS|JCEKS|PKCS12 cas.authn.spnego.ldap.minPoolSize=3 cas.authn.spnego.ldap.maxPoolSize=10 cas.authn.spnego.ldap.validateOnCheckout=true cas.authn.spnego.ldap.validatePeriodically=true cas.authn.spnego.ldap.validatePeriod=600 cas.authn.spnego.ldap.failFast=true cas.authn.spnego.ldap.idleTime=500 cas.authn.spnego.ldap.prunePeriod=600 cas.authn.spnego.ldap.blockWaitTime=5000 cas.authn.spnego.ldap.subtreeSearch=true cas.authn.spnego.ldap.useSsl=false cas.authn.spnego.ldap.searchFilter=host={0} 3. This is my JSON service file (CAS client) { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://some-apps.domen.com";, "name" : "some-apps", "id" : 10000003, "description" : "some-apps.domen.com", "evaluationOrder" : 10000, "principalIdAttribute" : "uid", "requiredHandlers" : [ "java.util.HashSet", [ "JcifsSpnegoAuthenticationHandler" ] ], "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "requireAllAttributes" : false, "ssoEnabled" : true, "allowedAttributes" : "uid" } } -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ecf4d49-7d30-4e45-a13b-00f9227e8c0b%40apereo.org.
