[GitHub] [syncope] ilgrosso edited a comment on pull request #315: Upgrading CAS to 6.5.x; moving wa-reference as https

Sat, 26 Feb 2022 09:05:03 -0800 


ilgrosso edited a comment on pull request #315:
URL: https://github.com/apache/syncope/pull/315#issuecomment-1052319920


   `CASSRAITCase#web` is failing. The reason seems to be that accessing
   
   
http://localhost:8080/protected/get?key1=value1&key2=value2&key2=value3&key3=an%20url%20encoded%20value%3A%20this%21
   
   (served by SRA) triggers redirect to WA
   
   
https://localhost:9443/syncope-wa/login?service=https%3A%2F%2Flocalhost%3A8080%2Fprotected%2Fget%3Fkey1%3Dvalue1%26key2%3Dvalue2%26key2%3Dvalue3%26key3%3Dan%2Burl%2Bencoded%2Bvalue%253A%2Bthis%2521
   
   which throws 
   
   ```
   17:57:07.559 ERROR 
org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter
 - Service unauthorized
   org.apereo.cas.services.UnauthorizedServiceException: Service unauthorized
           at 
org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.lambda$execute$6(RegisteredServiceAccessStrategyAuditableEnforcer.java:194)
 ~[cas-server-core-services-api-6.5.1-SNAPSHOT.jar:6.5.1-SNAPSHOT]
           at java.util.Optional.orElseGet(Optional.java:369) ~[?:?]
           at 
org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(RegisteredServiceAccessStrategyAuditableEnforcer.java:192)
 ~[cas-server-core-services-api-6.5.1-SNAPSHOT.jar:6.5.1-SNAPSHOT]
   ```
   
   Visiting https://localhost:9443/syncope-wa/actuator/registeredServices 
returns (among others)
   
   ```json
   {
         "@class": "org.apereo.cas.services.RegexRegisteredService",
         "serviceId": "http://localhost:8080/.*";,
         "name": "org.apache.syncope.fit.sra.CASSRAITCase",
         "id": 4,
         "attributeReleasePolicy": {
           "@class": 
"org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
           "allowedAttributes": {
             "@class": "java.util.TreeMap",
             "syncopeUserAttr_email": "email",
             "syncopeUserAttr_firstname": "given_name",
             "syncopeUserAttr_fullname": "name",
             "syncopeUserAttr_surname": "family_name",
             "syncopeUserMemberships": "groups"
           }
         },
         "authenticationPolicy": {
           "@class": 
"org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
           "requiredAuthenticationHandlers": [
             "java.util.HashSet",
             [
               "DefaultSyncopeAuthModule"
             ]
           ]
         }
       }
   ```
   
   that looks actually fine.
   
   @mmoayyed can you please have a look?
   
   Side note: any reason why the `registered-services` actuator endpoint now 
seems to require `Content-Type: application/json` header? I remember it used to 
work directly from browser in the past.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@syncope.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to