I have same error, i imported ADFS signing.cer to keystore and configure certificate file to ADFS (C:/Keystore/signing.cer). Please help me and thank every help or idea help solved this error (sorry, i speak english not well).
Vào 02:39:00 UTC+7 Thứ Sáu, ngày 08 tháng 4 năm 2016, david.abney đã viết: > > Well it turns out that I copied the ADFS settings into the cas.properties > file twice, so it must have been using classpath:adfs-signing.crt instead > of the setting that was above it that actually pointed to my adfs > certificate. I removed the extra ADFS settings in the cas.properties > file and I got a new error message: > > > > 15:34:34.692 [http-bio-8443-exec-2] ERROR > org.jasig.cas.support.wsfederation.web.flow.WsFederationAction - WS > Requested Security Token is blank or the signature is not valid. > > > > So, I assume I grabbed the incorrect certificate from ADFS. I will make > sure to grab the signing certificate and try again and see what happens. > > > > Thanks, > > > > –––––––––––––––––––– > > *David Abney* > > ITS Web Developer/Programmer > > > > 600 West Walnut Street > > Danville, Kentucky 40422 > > 859.238.5761 > > > > [image: email_logo] > > www.centre.edu > > > > *From:* John Gasper [mailto:jga...@unicon.net <javascript:>] > *Sent:* Thursday, April 07, 2016 10:17 AM > *To:* David Abney <david...@centre.edu <javascript:>>; cas-...@apereo.org > <javascript:> > *Subject:* Re: [cas-user] ADFS and CAS Issue > > > > Hi David, > > > > The null validation credential appears to be the signature credential. Did > you copy the ADFS signing key over to CAS and point the config at the > exported cert? > > > > John > > > > -- > > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > > > > > *From: *<cas-user@apereo.org <javascript:>> on behalf of David Abney < > david.ab...@centre.edu <javascript:>> > *Date: *Thursday, April 7, 2016 at 7:30 AM > *To: *"cas-user@apereo.org <javascript:>" <cas-user@apereo.org > <javascript:>> > *Subject: *[cas-user] ADFS and CAS Issue > > > > I have updated to CAS 4.2.0 and I am trying to setup the integration > between CAS and ADFS 2.0. I believe I have the cas.properties file setup > correctly with my information about our ADFS server. I believe I have > setup the ADFS relying party information correctly. When I go to the CAS > server I get redirected to the ADFS login page and I am authenticated by > ADFS (so far so good), but I am redirected back to a blank CAS login page. > It doesn’t appear to be in a redirect loop, I am sent back to the CAS > login page url, but the page is just blank. Any thoughts on why this > problem is occurring? Could it be how I setup my claims being sent from > ADFS? > > > > The cataline.out file has this error message in it: > > 09:14:33.148 [http-bio-8443-exec-5] ERROR > org.jasig.cas.support.wsfederation.web.flow.WsFederationAction - Validation > credential cannot be null > > net.shibboleth.utilities.java.support.logic.ConstraintViolationException: > Validation credential cannot be null > > at > net.shibboleth.utilities.java.support.logic.Constraint.isNotNull(Constraint.java:227) > > at > org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl.validate(ApacheSantuarioSignatureValidationProviderImpl.java:51) > > at > org.opensaml.xmlsec.signature.support.SignatureValidator.validate(SignatureValidator.java:54) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.verifySignature(BaseSignatureTrustEngine.java:242) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.validate(BaseSignatureTrustEngine.java:198) > > at > org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine.doValidate(ExplicitKeySignatureTrustEngine.java:108) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.validate(BaseSignatureTrustEngine.java:105) > > at > org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine.validate(BaseSignatureTrustEngine.java:62) > > at > org.jasig.cas.support.wsfederation.WsFederationHelper.validateSignature_aroundBody4(WsFederationHelper.java:179) > > at > org.jasig.cas.support.wsfederation.WsFederationHelper$AjcClosure5.run(WsFederationHelper.java:1) > > at > org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) > > at > org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44) > > at > org.jasig.cas.support.wsfederation.WsFederationHelper.validateSignature(WsFederationHelper.java:157) > > at > org.jasig.cas.support.wsfederation.web.flow.WsFederationAction.doExecute(WsFederationAction.java:107) > > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > > at > org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) > > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) > > at org.springframework.webflow.engine.State.enter(State.java:194) > > at org.springframework.webflow.engine.Flow.start(Flow.java:527) > > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) > > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) > > at > org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) > > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238) > > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) > > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) > > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) > > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) > > at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.jasig.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:227) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.jasig.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:250) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) > > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) > > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041) > > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) > > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > > at java.lang.Thread.run(Thread.java:745) > > > > I am sending back the UPN from ADFS and we have ADFS working with other > systems, so the UPN is not blank. I did skip the part of the CAS setup > where you can manipulate the claims coming from ADFS. > > > > –––––––––––––––––––– > > *David Abney* > > ITS Web Developer/Programmer > > > > 600 West Walnut Street > > Danville, Kentucky 40422 > > 859.238.5761 > > > > [image: email_logo] > > www.centre.edu > > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/938486a38f3d424ca218e63fa6bb43f0%40Exchange-MB2.centre.edu > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/938486a38f3d424ca218e63fa6bb43f0%40Exchange-MB2.centre.edu?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4f5b919b-ab6a-4e14-963c-5162362bb38a%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
