We recently attempted to upgrade our CAS environment from v6.1.X to v6.2.X.
While things looked stable in our TEST environment, we are experiencing an
unexpected, but replicable, issue in our PROD environment.
Two services that we are aware of (PingOne and WebEx) are triggering CAS to
return a 400 Bad Request when initializing a SAML connection against these
services. We have a few hundred other SAML configurations and can see those
requests going through as expected, so this appears to be limited to
certain services. This issue was not persistent in v6.1.7.1 (or, any
previous release in v6.1.X or earlier release that we have used).
We have since rolled back to v6.1.x, but would like to move forward with
our v6.2.x upgrade sooner then later.
Has anyone experienced a similar error?
Below is a dump:
021-01-08 11:41:50,667 ERROR
[org.apereo.cas.web.support.filters.AbstractSecurityFilter] -
<RegisteredServiceResponseHeadersEnforcementFilter is blocking this
request. Examine the cause in this stack trace to understand why.>
2021-01-08 11:41:50,668 ERROR
[org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]]
- <Servlet.service() for servlet [dispatcherServlet] in context with path
[/cas] threw exception>
java.lang.RuntimeException: javax.servlet.ServletException:
RegisteredServiceResponseHeadersEnforcementFilter is blocking this request.
Examine the cause in this stack trace to understand why.
at
org.apereo.cas.web.support.filters.AbstractSecurityFilter.logException(AbstractSecurityFilter.java:43)
~[cas-server-core-web-api-6.2.5.jar!/:6.2.5]
at
org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:195)
~[cas-server-core-web-api-6.2.5.jar!/:6.2.5]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:63)
~[cas-server-core-web-api-6.2.5.jar!/:6.2.5]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:155)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:109)
~[spring-boot-actuator-2.2.8.RELEASE.jar!/:2.2.8.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99)
~[cas-server-core-logging-6.2.5.jar!/:6.2.5]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
~[inspektr-common-1.8.10.GA.jar!/:1.8.10.GA]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
~[spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
~[tomcat-catalina-9.0.39.jar!/:9.0.39]
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
~[?:?]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
~[?:?]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util-9.0.39.jar!/:9.0.39]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: javax.servlet.ServletException:
RegisteredServiceResponseHeadersEnforcementFilter is blocking this request.
Examine the cause in this stack trace to understand why.
... 76 more
Caused by: java.lang.NullPointerException
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/56cac8e9-c1c8-4d3b-b1e1-a728f772d581n%40apereo.org.
