Hi Misagh,
This happens exclusively with the Google service, when logging directly
to the Gmail service (por example). The Google service redirects the
request to our CAS and then it crashes. Any other service configured
that doesn't use SAML 2.0 works without any issue. In the moment that
<ref bean="googleAccountsArgumentExtractor" /> is added to the
argumentExtractors list, this behavior starts happening.
I remark this is working right now with 3.5.x with a pretty similar
configuration, so I discard any Google side configuration.
I grabbed a request, and this is the result:
login?SAMLRequest=fVJNT%2BMwEL0j8R8s35M0BbTIaoK6IEQldolo2MPejDOtpzh28Njt8u9xUxBwWK7PM%2B%2FLM7v41xu2BU%2FobMXLfMIZWOU6tOuKP7TX2Tm%2FqI%2BPZiR7M4h5DNrew3MECixtWhLjQ8Wjt8JJQhJW9kAiKLGc%2F7oV03wiBu%2BCU85wtriquDHuSTulTfe4edLQOTQGN0avtV6h3AwaEaUcJGd%2F3m1N97YWRBEWloK0IUGT8iwrJ1l50pZnYvpDnJ785ax5U%2FqJ9pDgO1uPhyESN23bZM3dsh0JttiB%2F52mK752bm0gV67fyzeSCLcJXklDwNmcCHxIBi%2BdpdiDX4LfooKH%2B9uK6xAGEkWx2%2B3yD5pCFtGYHLqYAxVSEa%2FHZsUYzn%2Bq9Hvr8l2a1x%2Fks%2BITVf32Y%2Fsgi6vGGVQvbJ663116kCGlCD6mENfO9zL8X63MyxHBLluNoyJaGkDhCqHjrKgPql9PIx3MKw%3D%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Four.google.domain%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttps%253A%252F%252Fmail.google.com%252Fmail%252F%26ss%3D1%26ltmpl%3Ddefault%26ltmplcache%3D2%26emr%3D1%26osid%3D1
However, I suspect this happens before the SAML request is processed,
because it's thrown just at redirect time. I even disabled the service
for Google Apps to see when does it happen, and the result is just the same.
If you need any additional tests please let me know, we were about to
put this version into production when we detected this issue :-/
Thanks.
Nicolás
El 13/10/15 a las 15:16, Misagh Moayyed escribió:
When do you get this error? Do you start from Google Apps or do you directly go
to cas/login? Could you capture the Google Apps request and paste that back?
- Misagh
On Oct 13, 2015, at 4:39 AM, nico...@devels.es wrote:
Hi,
We're running CAS 4.1.0 and we also use Google Apps, so we're trying to
configure SAML 2.0 for this. Following this [1] document, we've made the
following steps:
1) We did NOT generate a new private/public key pair, since we already have one
from our previous CAS installation (3.5.x). We simply moved the public/private
files to the new machine to the same path.
2) argumentExtractorsConfiguration.xml:
<bean id="googleAccountsArgumentExtractor"
class="org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor"
c:servicesManager-ref="servicesManager"
c:privateKey-ref="privateKeyFactoryBean"
c:publicKey-ref="publicKeyFactoryBean" />
<bean id="privateKeyFactoryBean"
class="org.jasig.cas.util.PrivateKeyFactoryBean"
p:location="classpath:private.p8"
p:algorithm="RSA" />
<bean id="publicKeyFactoryBean"
class="org.jasig.cas.util.PublicKeyFactoryBean"
p:location="classpath:public.key"
p:algorithm="RSA" />
3) Although not documented, we added <ref bean="googleAccountsArgumentExtractor"
/> to the argumentExtractors list:
<util:list id="argumentExtractors">
<ref bean="casArgumentExtractor" />
<ref bean="samlArgumentExtractor" />
<ref bean="googleAccountsArgumentExtractor" />
</util:list>
When built, the following exception is being thrown:
GRAVE: El Servlet.service() para el servlet [cas] en el contexto con ruta
[/cas] lanzó la excepción [Request processing failed; nested exception is
org.springframework.webflow.execution.ActionExecutionException: Exception
thrown executing org.jasig.cas.web.flow.InitialFlowSetupAction@1149cb40 in
state 'null' of flow 'login' -- action execution attributes were
'map[[empty]]'] con causa raíz
java.util.zip.ZipException: incorrect header check
at
java.util.zip.InflaterOutputStream.write(InflaterOutputStream.java:273)
at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1793)
at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1769)
at org.apache.commons.io.IOUtils.copy(IOUtils.java:1744)
at
org.jasig.cas.util.CompressionUtils.inflate_aroundBody0(CompressionUtils.java:66)
at
org.jasig.cas.util.CompressionUtils$AjcClosure1.run_aroundBody0(CompressionUtils.java:1)
at
org.jasig.cas.util.CompressionUtils$AjcClosure1$AjcClosure1.run_aroundBody0(CompressionUtils.java:1)
at
org.jasig.cas.util.CompressionUtils$AjcClosure1$AjcClosure1$AjcClosure1.run(CompressionUtils.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.util.CompressionUtils$AjcClosure1$AjcClosure1.run(CompressionUtils.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.util.CompressionUtils$AjcClosure1.run(CompressionUtils.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at org.jasig.cas.util.CompressionUtils.inflate(CompressionUtils.java:63)
at
org.jasig.cas.support.saml.util.AbstractSaml20ObjectBuilder.decodeSamlAuthnRequest_aroundBody16(AbstractSaml20ObjectBuilder.java:262)
at
org.jasig.cas.support.saml.util.AbstractSaml20ObjectBuilder$AjcClosure17.run_aroundBody0(AbstractSaml20ObjectBuilder.java:1)
at
org.jasig.cas.support.saml.util.AbstractSaml20ObjectBuilder$AjcClosure17$AjcClosure1.run(AbstractSaml20ObjectBuilder.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.support.saml.util.AbstractSaml20ObjectBuilder$AjcClosure17.run(AbstractSaml20ObjectBuilder.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.support.saml.util.AbstractSaml20ObjectBuilder.decodeSamlAuthnRequest(AbstractSaml20ObjectBuilder.java:253)
at
org.jasig.cas.support.saml.authentication.principal.GoogleAccountsService.createServiceFrom_aroundBody0(GoogleAccountsService.java:133)
at
org.jasig.cas.support.saml.authentication.principal.GoogleAccountsService$AjcClosure1.run(GoogleAccountsService.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.support.saml.authentication.principal.GoogleAccountsService.createServiceFrom(GoogleAccountsService.java:131)
at
org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor.extractServiceInternal_aroundBody0(GoogleAccountsArgumentExtractor.java:69)
at
org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor$AjcClosure1.run_aroundBody0(GoogleAccountsArgumentExtractor.java:1)
at
org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor$AjcClosure1$AjcClosure1.run(GoogleAccountsArgumentExtractor.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor$AjcClosure1.run(GoogleAccountsArgumentExtractor.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor.extractServiceInternal(GoogleAccountsArgumentExtractor.java:69)
at
org.jasig.cas.web.support.AbstractArgumentExtractor.extractService_aroundBody0(AbstractArgumentExtractor.java:43)
at
org.jasig.cas.web.support.AbstractArgumentExtractor$AjcClosure1.run_aroundBody0(AbstractArgumentExtractor.java:1)
at
org.jasig.cas.web.support.AbstractArgumentExtractor$AjcClosure1$AjcClosure1.run_aroundBody0(AbstractArgumentExtractor.java:1)
at
org.jasig.cas.web.support.AbstractArgumentExtractor$AjcClosure1$AjcClosure1$AjcClosure1.run(AbstractArgumentExtractor.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.web.support.AbstractArgumentExtractor$AjcClosure1$AjcClosure1.run(AbstractArgumentExtractor.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.web.support.AbstractArgumentExtractor$AjcClosure1.run(AbstractArgumentExtractor.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at
org.jasig.cas.web.support.AbstractArgumentExtractor.extractService(AbstractArgumentExtractor.java:43)
at
org.jasig.cas.web.support.WebUtils.getService_aroundBody4(WebUtils.java:97)
at org.jasig.cas.web.support.WebUtils$AjcClosure5.run(WebUtils.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:96)
at
org.jasig.cas.web.support.WebUtils.getService_aroundBody6(WebUtils.java:119)
at org.jasig.cas.web.support.WebUtils$AjcClosure7.run(WebUtils.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44)
at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:118)
at
org.jasig.cas.web.flow.InitialFlowSetupAction.doExecute(InitialFlowSetupAction.java:97)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at
org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at
org.springframework.webflow.engine.ActionList.execute(ActionList.java:154)
at org.springframework.webflow.engine.Flow.start(Flow.java:526)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:857)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.jasig.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:296)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Suppressed: java.util.zip.ZipException: incorrect header check
at
java.util.zip.InflaterOutputStream.flush(InflaterOutputStream.java:169)
at
java.util.zip.InflaterOutputStream.finish(InflaterOutputStream.java:186)
at
java.util.zip.InflaterOutputStream.close(InflaterOutputStream.java:129)
at
org.jasig.cas.util.CompressionUtils.inflate_aroundBody0(CompressionUtils.java:68)
... 107 more
What could be the reason of this? The md5 checksums of the moved files seem to
match.
Thanks,
Nicolás
[1]: http://jasig.github.io/cas/4.1.x/integration/Google-Apps-Integration.html
--
You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
