After more digging...
The CAS 5.0.0.RC3 login page is rendered with a hidden link to the CAS
client.
If I unhide the link in chrome and click it, I get...
org.springframework.webflow.engine.NoMatchingTransitionException: No transition
was matched on the event(s) signaled by the [1] action(s) that executed in this
action state 'clientAction' of flow 'login'; transitions must be defined to
handle action result outcomes -- possible flow configuration error? Note: the
eventIds signaled were: 'array['stopWebflow']', while the supported set of
transitional criteria for this action state is 'array[success, error, stop]'
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:130)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Flow.start(Flow.java:527)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy166.launchExecution(Unknown Source)
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:263)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.web.support.CurrentCredentialsAndAuthenticationClearingFilter.doFilter(CurrentCredentialsAndAuthenticationClearingFilter.java:28)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:105)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:90)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:89)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:107)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
On Wednesday, 26 October 2016 12:46:06 UTC+1, Lewis Henderson wrote:
>
>
> <https://lh3.googleusercontent.com/-QcH_7bOluxY/WBCUhJyxFtI/AAAAAAAACf8/HO8ogx7fGbQ8zVmN8G2iUln8gbyhypKNgCLcB/s1600/OAuth2.png>
> Here is my attempt at a diagram!
>
> I am in control of everything inside the red box.
>
> What I have :-
>
> 1. User hits MyApp url and is redirected to CAS 5.0.0, which shows my
> login screen.
> 2. User logs in Ok.
> 3. User redirected back to MyApp Ok.
>
> What I need to do :-
>
> 1. User hits MyApp url and is redirected to CAS 4.x to show 3rd Party
> login screen.
> 2. User logs in.
> 3. User redirected back to MyApp.
>
> The reason for this setup is that I need to use the 3rd party CAS server
> if there is one els use my own.
> Everything inside the red box is secured by OAuth2.
>
> I have added the cas-server-support-pac4j-webflow dependency and
> configured the cas.authn.pac4j.cas.loginUrl to point to the CAS 4.x
> server's /login url and set the protocol to CAS30.
>
> I do not get redirected to the CAS 4.x server for login. Am I
> misunderstanding something or should this work?
>
>
> Cheers
>
>
> On Monday, 24 October 2016 14:03:10 UTC+1, Lewis Henderson wrote:
>>
>> Martin,
>>
>> Yes, I think your diagram shows it well.
>>
>> What I would eventually like is to have the OAuth network protected by a
>> CAS server.
>>
>> The CAS server can be configured to provide Authentication itself as is
>> the default or, as in this case, delegate authentication to another CAS
>> server, using it's UI etc.
>>
>> What configuration is required to do the delegation in this case?
>>
>> I have added the cas-server-support-pac4j-webflow dependency and set the
>> cas.server.authn.pac4j.cas.loginUrl and protocol. What else, if anything is
>> required?
>>
>> I currently get the redirect but on successful authentication, the
>> redirect back to my CAS server fails.
>>
>> I am not in the office at the moment, but will post the issue when I
>> return....
>>
>>
>> Cheers!
>>
>> On Monday, 24 October 2016 13:30:11 UTC+1, Martin Bohun wrote:
>>>
>>> Hi Lewis,
>>>
>>> This is just a confirmation question, are you trying to delegate/forward
>>> auth request from one cas server to another cas server?
>>> As shown in the following diagram (right-bottom corner):
>>>
>>>
>>> <https://raw.githubusercontent.com/mbohun/mbohun_graph-experiments/master/jasig-cas-upgrade/ala-cas-upgrade-01.png>
>>>
>>>
>>>
>>> https://github.com/mbohun/mbohun_graph-experiments/blob/master/jasig-cas-upgrade/ala-cas-upgrade-01.png
>>>
>>> Well, if yes, then the answer is (too) *yes* I did test that setup and
>>> it works fine.
>>>
>>> cheers,
>>>
>>> martin
>>>
>>> On Sunday, October 23, 2016 at 5:55:52 AM UTC+11, Lewis Henderson wrote:
>>>>
>>>> All,
>>>>
>>>> I have a requirement to 'chain' two CAS servers.
>>>>
>>>> My issue is that I am integrating with a third party that use a CAS
>>>> server that I have no control over.
>>>>
>>>> I would like to use CAS as the security server into an OAuth2
>>>> micro-service network (CAS as OAuth2 Server) but redirect login to the 3rd
>>>> Party CAS server.
>>>>
>>>> I have looked through the code and it seems as though if I manage to
>>>> get it configured, it will show my login screen but with a link to the
>>>> configured delegate server.
>>>>
>>>> Two questions :-
>>>>
>>>>
>>>> 1. How do I configure this on my CAS server?
>>>> 2. If there is only one provider, would it be possible to redirect
>>>> there directly, showing their login screen without the need to show
>>>> mine?
>>>> The reason for this is that theirs is branded with their logos etc...
>>>>
>>>>
>>>> Cheers
>>>>
>>>>
>>>>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b692452-c732-4559-9c68-f27855059574%40apereo.org.
