[cas-user] 6.4 cas deployment in a clustered (multi server) environment

Mon, 15 Nov 2021 07:50:48 -0800 

Hello,
Has anyone tried to deploy 6.4 version of CAS in a clustered environment? We are facing some problems in SAML services, regarding session management, that do not happen in our 6.3.7 deployment. 

Specifically we are seeing the following error:


Nov 15 16:28:01 example.com CAS[catalina-exec-21]: [ERROR] Forwarding to 
error page from request [/idp/profile/SAML2/Callback] due to exception 
[SAML request or context could not be determined from session store] - 
org.springframework.boot.web.servlet.support.ErrorPageFilter
java.lang.IllegalArgumentException: SAML request or context could not be 
determined from session store
        at 
org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController.lambda$retrieveAuthenticationRequest$3(AbstractSamlIdPProfileHandlerController.java:639) 
~[cas-server-support-saml-idp-web-6.4.1.jar:6.4.1]

        at java.util.Optional.orElseThrow(Optional.java:408) ~[?:?]

        at 
org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController.retrieveAuthenticationRequest(AbstractSamlIdPProfileHandlerController.java:639) 
~[cas-server-support-saml-idp-web-6.4.1.jar:6.4.1]
        at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController.handleProfileRequest(SSOSamlIdPProfileCallbackHandlerController.java:88) 
~[cas-server-support-saml-idp-web-6.4.1.jar:6.4.1]
        at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController.handleCallbackProfileRequestGet(SSOSamlIdPProfileCallbackHandlerController.java:60) 
~[cas-server-support-saml-idp-web-6.4.1.jar:6.4.1]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method) ~[?:?]
        at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
~[?:?]
        at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
~[?:?]

        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]

        at 
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) 
~[spring-core-5.3.9.jar:5.3.9]
        at 
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:485) 
~[spring-cloud-context-3.0.3.jar:3.0.3]
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) 
~[spring-aop-5.3.9.jar:5.3.9]
        at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) 
~[spring-aop-5.3.9.jar:5.3.9]
        at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692) 
~[spring-aop-5.3.9.jar:5.3.9]
        at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$bc6144ef.handleCallbackProfileRequestGet(<generated>) 
~[cas-server-support-saml-idp-web-6.4.1.jar:6.4.1]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method) ~[?:?]
        at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
~[?:?]
        at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
~[?:?]

        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]

        at 
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:197) 
~[spring-web-5.3.9.jar:5.3.9]
        at 
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:141) 
~[spring-web-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1064) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at 
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) 
~[tomcat9-servlet-api.jar:?]
        at 
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) 
~[spring-webmvc-5.3.9.jar:5.3.9]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) 
~[tomcat9-servlet-api.jar:?]
        at 
jdk.internal.reflect.GeneratedMethodAccessor414.invoke(Unknown Source) 
~[?:?]
        at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
~[?:?]

        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]

        at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at java.security.AccessController.doPrivileged(Native Method) 
~[?:?]
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:550) 
~[?:?]
        at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at java.security.AccessController.doPrivileged(Native Method) 
~[?:?]
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) 
~[tomcat9-websocket-9.0.31.jar:9.0.31]
        at 
jdk.internal.reflect.GeneratedMethodAccessor244.invoke(Unknown Source) 
~[?:?]
        at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
~[?:?]

        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]

        at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at java.security.AccessController.doPrivileged(Native Method) 
~[?:?]
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:550) 
~[?:?]
        at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) 
~[tomcat9-catalina-9.0.31.jar:9.0.31]
        at java.security.AccessController.doPrivileged(Native Method) 
~[?:?]
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) 
~[tomcat9-catalina-9.0.31.jar



PS: We deploy our cas.war files to 2 external tomcats, and use redis for 
our ticket registry. Please note that, as mentioned above, our setup 
works fine with version 6.3.7.


Kind regards,

Fotis



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0a49b8-f335-b448-c7c0-37900e1bf3ef%40gunet.gr.






















					Reply via email to