When i access /cas/login page then CAS works successfully - it's identify user automatically.
But when i access application (cas client https://some-apps.domen.com) then 500 error happens: https://cas01-test.apps.domen.com/cas/login?service=https%3A%2F%2Fsome-apps.domen.com 2018-03-26 17:46:57,211 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch> org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@38fcaa83 targetAction = [EvaluateAction@3f587030 expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]' ...... Caused by: org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'flowScope.service.getResponse(requestScope.serviceTicketId)' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl] ... 133 more Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1004E: Method call: Method getResponse(java.lang.String) cannot be found on org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl type ... 133 more 2018-03-26 17:46:57,211 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception due to a type mismatch> org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@38fcaa83 targetAction = [EvaluateAction@3f587030 expression = flowScope.service.getResponse(requestScope.serviceTicketId), resultExpression = requestScope.response], attributes = map[[empty]]] in state 'redirect' of flow 'login' -- action execution attributes were 'map[[empty]]' Could you please advise how to fix it? MY CONFIGURATION: 1. I added this into pom.xml to use maven overlay to build cas.war: #TO ENABLE SPNEGO IN CAS <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-spnego-webflow</artifactId> <version>${cas.version}</version> </dependency> #TO ENABLE JSON REGISTRY TO BE ABLE GRANT ACCESS FOR CAS CLIENTS (some applications) <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-json-service-registry</artifactId> <version>${cas.version}</version> </dependency> 2. my cas.properties cas.server.name=https://cas01-test.apps.domen.com cas.server.prefix=https://cas01-test.apps.domen.com/cas server.context-path=/cas server.port=8443 server.max-http-header-size=2097152 server.max-http-post-size=2097152 server.use-forward-headers=true server.tomcat.basedir=build/tomcat server.tomcat.accesslog.enabled=true server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms) server.tomcat.accesslog.suffix=.log server.tomcat.max-threads=5 server.tomcat.port-header=X-Forwarded-Port server.tomcat.protocol-header=X-Forwarded-Proto server.tomcat.protocol-header-https-value=https server.tomcat.remote-ip-header=X-FORWARDED-FOR server.tomcat.uri-encoding=UTF-8 server.error.include-stacktrace=ALWAYS spring.http.encoding.charset=UTF-8 spring.http.encoding.enabled=true spring.http.encoding.force=true endpoints.enabled=true endpoints.sensitive=true management.context-path=/status endpoints.restart.enabled=false endpoints.shutdown.enabled=false ## # CAS Web Application Session Configuration # server.session.timeout=300 server.session.cookie.http-only=false server.session.tracking-modes=COOKIE server.session.trackingModes=COOKIE ## # CAS Thymeleaf View Configuration # spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.cache=false spring.thymeleaf.mode=HTML ## # CAS Log4j Configuration # # logging.config=file:/etc/cas/log4j2.xml server.context-parameters.isLog4jAutoInitializationDisabled=true ## # CAS AspectJ Configuration # spring.aop.auto=true spring.aop.proxy-target-class=true ## # CAS Authentication Credentials # # cas.authn.accept.users= logging.level.org.apereo=DEBUG #CAS JSON REGISTRY cas.serviceRegistry.json.location=file:/D:/applications/buap-services/cas/webapps/cas/WEB-INF/classes/services #CAS WEBFLOW cas.webflow.autoconfigure=true #cas.webflow.alwaysPauseRedirect=false #cas.webflow.refresh=true #cas.webflow.redirectSameState=false #CAS SPNEGO ATTRIBUTES #cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader #cas.authn.spnego.dnsTimeout=2000 #cas.authn.spnego.hostNamePatternString=.+ #cas.authn.spnego.ipsToCheckPattern=10.+ #cas.authn.spnego.jcifsNetbiosWins= cas.authn.spnego.principal.principalAttribute=uid #cas.authn.spnego.principal.returnNull=false cas.authn.spnego.spnegoAttributeName=uid #cas.authn.spnego.useSubjectCredsOnly=false cas.authn.spnego.cachePolicy=600 #cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction cas.authn.spnego.hostNameClientActionStrategy=ldapSpnegoClientAction cas.authn.spnego.jcifsDomain=domen.com cas.authn.spnego.jcifsDomainController=domen.com cas.authn.spnego.jcifsServicePassword=XXXXX cas.authn.spnego.jcifsServicePrincipal=HTTP/xxx...@domen.com cas.authn.spnego.jcifsUsername=XXX cas.authn.spnego.jcifsPassword=XXX cas.authn.spnego.kerberosConf=D:\\applications\\buap-services\\cas\\webapps\\cas\\WEB-INF\\classes\\krb.conf cas.authn.spnego.kerberosDebug=true cas.authn.spnego.kerberosKdc=kdcserver.domen.com cas.authn.spnego.kerberosRealm=domen.com cas.authn.spnego.loginConf=file:/D:/applications/buap-services/cas/webapps/cas/WEB-INF/classes/login.conf cas.authn.spnego.mixedModeAuthentication=false cas.authn.spnego.ntlm=false cas.authn.spnego.ntlmAllowed=true cas.authn.spnego.principalWithDomainName=false cas.authn.spnego.send401OnAuthenticationFailure=true cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit cas.authn.spnego.timeout=300000 cas.authn.spnego.ldap.ldapUrl=ldap://some_server.domen.com cas.authn.spnego.ldap.baseDn=DC=XXXXXXXXXX,DC=net cas.authn.spnego.ldap.userFilter=(uid={user}) cas.authn.spnego.ldap.bindDn=CN=XXXXXXXXXXXXX,OU=Local,OU=Service Accounts,OU=Users,OU=Enterprise,DC=XXXXXXXXXXX,DC=net cas.authn.spnego.ldap.bindCredential=XXXXXXXXXXXXX cas.authn.spnego.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.spnego.ldap.connectTimeout=5000 cas.authn.spnego.ldap.useStartTls=false #cas.authn.spnego.ldap.baseDn=false cas.authn.spnego.ldap.attribute=uid #cas.authn.spnego.ldap.keystore= #cas.authn.spnego.ldap.keystorePassword= #cas.authn.spnego.ldap.keystoreType=JKS|JCEKS|PKCS12 cas.authn.spnego.ldap.minPoolSize=3 cas.authn.spnego.ldap.maxPoolSize=10 cas.authn.spnego.ldap.validateOnCheckout=true cas.authn.spnego.ldap.validatePeriodically=true cas.authn.spnego.ldap.validatePeriod=600 cas.authn.spnego.ldap.failFast=true cas.authn.spnego.ldap.idleTime=500 cas.authn.spnego.ldap.prunePeriod=600 cas.authn.spnego.ldap.blockWaitTime=5000 cas.authn.spnego.ldap.subtreeSearch=true cas.authn.spnego.ldap.useSsl=false cas.authn.spnego.ldap.searchFilter=host={0} 3. This is my JSON service file (CAS client) { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://some-apps.domen.com", "name" : "some-apps", "id" : 10000003, "description" : "some-apps.domen.com", "evaluationOrder" : 10000, "principalIdAttribute" : "uid", "requiredHandlers" : [ "java.util.HashSet", [ "JcifsSpnegoAuthenticationHandler" ] ], "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "requireAllAttributes" : false, "ssoEnabled" : true, "allowedAttributes" : "uid" } } -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ecf4d49-7d30-4e45-a13b-00f9227e8c0b%40apereo.org.