If you are still interested I've faced the same problem and managed to
solve it.
Here is the code responsible for registering OAuth service to CAS.
@PostConstruct
public void initializeServletApplicationContext() {
final String oAuthCallbackUrl = casProperties.getServer().getPrefix() +
BASE_OAUTH20_URL + '/' + CALLBACK_AUTHORIZE_URL_DEFINITION;
final Service callbackService = this.webApplicationServiceFactory.
createService(oAuthCallbackUrl);
final RegisteredService svc = servicesManager.findServiceBy(
callbackService);
if (svc == null || !svc.getServiceId().equals(oAuthCallbackUrl)) {
// Register a new service
// ...
}
}
When CAS is first started after enabling OAuth support, svc is null, so the
new service is created. The next time it should be able to find this
service in the registry and match its serviceId. My problem was that I have
created a wildcard service for debugging purposes:
--- !<org.apereo.cas.services.RegexRegisteredService>
serviceId: ".*"
name: "any"
id: 1000
description: "Any Service"
attributeReleasePolicy: !<org.apereo.cas.services.
ReturnAllAttributeReleasePolicy>
authorizedToReleaseProxyGrantingTicket: true
accessStrategy: !<org.apereo.cas.services.
DefaultRegisteredServiceAccessStrategy>
enabled: true
ssoEnabled: true
proxyPolicy: !<org.apereo.cas.services.
RegexMatchingRegisteredServiceProxyPolicy>
pattern: ".*"
allowedAttributes:
employeeID
And this service was the one found by
servicesManager.findServiceBy(callbackService)
(wildcard service definitely matches the callback URL). So the thing you
should do is to remove this wildcard service or make it a bit less wildcard
with some dark regex magic (this part is left as an exercise for the reader
).
On Monday, January 8, 2018 at 5:32:57 PM UTC+3, Cliff Ingham wrote:
>
> CAS is creating a new, duplicate service definition for OAuth every time
> it starts up. Has anyone else seen this behavior? Is there some
> configuration I'm missing?
>
> CAS 5.2 running in Tomcat
>
> 2018-01-08 09:24:40,006 INFO [org.apereo.cas.services.
> AbstractServicesManager] - <Loaded [3] service(s) from [
> JsonServiceRegistryDao].>
> Exception in thread "JsonServiceRegistryDao" java.lang.
> NullPointerException
> at org.apereo.cas.services.AbstractResourceBasedServiceRegistryDao
> .lambda$enableServicesDirectoryPathWatcher$4(
> AbstractResourceBasedServiceRegistryDao.java:156)
> at org.apereo.cas.util.io.PathWatcherService.lambda$handleEvent$3(
> PathWatcherService.java:143)
> at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.
> java:184)
> at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline
> .java:175)
> at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(
> ArrayList.java:1380)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.
> java:481)
> at java.util.stream.AbstractPipeline.wrapAndCopyInto(
> AbstractPipeline.java:471)
> at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(
> ForEachOps.java:151)
> at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(
> ForEachOps.java:174)
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.
> java:234)
> at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.
> java:418)
> at org.apereo.cas.util.io.PathWatcherService.handleEvent(
> PathWatcherService.java:130)
> at org.apereo.cas.util.io.PathWatcherService.run(
> PathWatcherService.java:102)
> at java.lang.Thread.run(Thread.java:748)
> 2018-01-08 09:24:42,233 WARN [org.apereo.inspektr.common.spi.
> DefaultClientInfoResolver] - <No ClientInfo could be found. Returning
> empty ClientInfo object.>
> 2018-01-08 09:24:42,240 INFO [org.apereo.inspektr.audit.support.
> Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: id=4051071662286337436,name=RegexRegisteredService,description=OAuth
> Authentication Callback Request URL,serviceId=https:/...
> ACTION: SAVE_SERVICE_SUCCESS
> APPLICATION: CAS
> WHEN: Mon Jan 08 09:24:42 EST 2018
> CLIENT IP ADDRESS: unknown
> SERVER IP ADDRESS: unknown
> =============================================================
>
> >
> 2018-01-08 09:24:43,702 WARN [org.apereo.cas.services.
> AbstractResourceBasedServiceRegistryDao] - <Found a service definition [
> https://drifter.bloomington.in.gov/cas/oauth2.0/callbackAuthorize.*] with
> a duplicate id [4051071662286337536]. This will overwrite previous service
> definitions and is likely a configuration problem. Make sure all services
> have a unique id and try again.>
> 2018-01-08 09:24:55,958 WARN [org.apereo.cas.util.cipher.
> BaseStringCipherExecutor] - <Secret key for encryption is not defined for
> [Ticket-granting Cookie]; CAS will attempt to auto-generate the
> encryption key>
> 2018-01-08 09:24:55,967 WARN [org.apereo.cas.util.cipher.
> BaseStringCipherExecutor] - <Generated encryption key [Cl6FqZ1WSndBfZKhTs-
> c9ml4YbTIpU64Mqz6mSuP_LU] of size [256] for [Ticket-granting Cookie]. The
> generated key MUST be added to CAS settings under setting [cas.tgc.crypto.
> encryption.key].>
> 2018-01-08 09:24:55,970 WARN [org.apereo.cas.util.cipher.
> BaseStringCipherExecutor] - <Secret key for signing is not defined for [
> Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key
> >
> 2018-01-08 09:24:55,971 WARN [org.apereo.cas.util.cipher.
> BaseStringCipherExecutor] - <Generated signing key [
> ckFJRKYSRPI1VaG4VNjR2V2jmNufiK-
> pY0UW3wMGnFn25UUpXdxaG9y2CZc_pnG71NMilm0HRi_qDukJNwij4g] of size [512] for
> [Ticket-granting Cookie]. The generated key MUST be added to CAS settings
> under setting [cas.tgc.crypto.signing.key].>
> 2018-01-08 09:24:56,486 WARN [org.apereo.cas.util.cipher.
> BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [
> cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the
> signing key>
> 2018-01-08 09:24:56,486 WARN [org.apereo.cas.util.cipher.
> BaseBinaryCipherExecutor] - <Generated signing key [ONuBkWF7LG-
> 0JQtRppX4oC4P9v7z5v0DWwWWsTgYZXL7L1yBzK1XiDlEcalLY4PbxVlR0dGj-
> CkNnGG3JNXEjA] of size [512]. The generated key MUST be added to CAS
> settings under setting [cas.webflow.crypto.signing.key].>
> 2018-01-08 09:24:56,486 WARN [org.apereo.cas.util.cipher.
> BaseBinaryCipherExecutor] - <Secret key for encryption is not defined
> under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate
> the encryption key>
> 2018-01-08 09:24:56,489 WARN [org.apereo.cas.util.cipher.
> BaseBinaryCipherExecutor] - <Generated encryption key [AE1Vbp-
> g8qaURbr8oCERSw] of size [16]. The generated key MUST be added to CAS
> settings under setting [cas.webflow.crypto.encryption.key].>
> 08-Jan-2018 09:24:56.599 INFO [localhost-startStop-1] org.apache.catalina.
> startup.HostConfig.deployWAR Deployment of web application archive [/srv/
> webapps/cas.war] has finished in [36,557] ms
> 08-Jan-2018 09:24:56.602 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["http-nio-8080"]
> 08-Jan-2018 09:24:56.608 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["ajp-nio-8009"]
> 08-Jan-2018 09:24:56.609 INFO [main]
> org.apache.catalina.startup.Catalina.start
> Server startup in 62503 ms
> 2018-01-08 09:25:40,014 INFO [org.apereo.cas.services.
> AbstractServicesManager] - <Loaded [4] service(s) from [
> JsonServiceRegistryDao].>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc7fd918-da5e-4a63-b031-aaf43b32f7c5%40apereo.org.
