ilgrosso edited a comment on pull request #315: URL: https://github.com/apache/syncope/pull/315#issuecomment-1052319920
`CASSRAITCase#web` is failing. The reason seems to be that accessing http://localhost:8080/protected/get?key1=value1&key2=value2&key2=value3&key3=an%20url%20encoded%20value%3A%20this%21 (served by SRA) triggers redirect to WA https://localhost:9443/syncope-wa/login?service=https%3A%2F%2Flocalhost%3A8080%2Fprotected%2Fget%3Fkey1%3Dvalue1%26key2%3Dvalue2%26key2%3Dvalue3%26key3%3Dan%2Burl%2Bencoded%2Bvalue%253A%2Bthis%2521 which throws ``` 17:57:07.559 ERROR org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter - Service unauthorized org.apereo.cas.services.UnauthorizedServiceException: Service unauthorized at org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.lambda$execute$6(RegisteredServiceAccessStrategyAuditableEnforcer.java:194) ~[cas-server-core-services-api-6.5.1-SNAPSHOT.jar:6.5.1-SNAPSHOT] at java.util.Optional.orElseGet(Optional.java:369) ~[?:?] at org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(RegisteredServiceAccessStrategyAuditableEnforcer.java:192) ~[cas-server-core-services-api-6.5.1-SNAPSHOT.jar:6.5.1-SNAPSHOT] ``` Visiting https://localhost:9443/syncope-wa/actuator/registeredServices returns (among others) ```json { "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "http://localhost:8080/.*", "name": "org.apache.syncope.fit.sra.CASSRAITCase", "id": 4, "attributeReleasePolicy": { "@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", "allowedAttributes": { "@class": "java.util.TreeMap", "syncopeUserAttr_email": "email", "syncopeUserAttr_firstname": "given_name", "syncopeUserAttr_fullname": "name", "syncopeUserAttr_surname": "family_name", "syncopeUserMemberships": "groups" } }, "authenticationPolicy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy", "requiredAuthenticationHandlers": [ "java.util.HashSet", [ "DefaultSyncopeAuthModule" ] ] } } ``` that looks actually fine. @mmoayyed can you please have a look? Side note: any reason why the `registered-services` actuator endpoint now seems to require `Content-Type: application/json` header? I remember it used to work directly from browser in the past. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@syncope.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org