RE: [cas-user] Error 500 when validating SAML
Good evening Jeff,
I had to include bcprov-jdk15on-1.53.jar.
Pau Gómez
Dpto. de Desarrollo
Técnicas Competitivas, S. A.
Tel: 922 203 931 Fax: 922 203 871
Grupo URANIA
Aviso legal:
El contenido de este mensaje (y de cualquiera de los archivos adjuntos) es
confidencial, y previsto solamente para el uso de los destinatarios
especificados.
Cualquier uso, difusión, expedición, impresión o copiado de esta información,
sin autorización expresa previa, está prohibido en virtud de la legislación
vigente.
P Antes de imprimir este mensaje, asegúrese de que es necesario. El medio
ambiente es cosa de todos
De: Jeff Gouge [mailto:gouge.j...@gmail.com]
Enviado el: martes, 27 de octubre de 2015 14:52
Para: jasig-cas-user
CC: cas-user@lists.jasig.org; Pau I. Gómez Molina
Asunto: Re: [cas-user] Error 500 when validating SAML
Paul,
What was the missed library?
On Monday, October 26, 2015 at 3:26:20 AM UTC-4, Pau Gómez wrote:
Goog morning,
Alberto, thanks for your help. I was only looking at CAS log and I forgot to
check Tomcat's log. I had to include a missed library and everything worked
again. Gracias por todo!!
I'm using CAS 4.0.2 and cas client 3.3.3, so I guess you can use same client
(or later) with cas 4.1.
I would recomment to follow documentation to set SAML support and look logs. In
my case I had to import Bouncy Castles lib, (bcprov).
Pau.
El miércoles, 21 de octubre de 2015, 12:43:58 (UTC+1), Pau I. Gómez Molina
escribió:
Good morning,
We are trying to activate SAML validation but it doesn’t work. We have followed
documentation for 4.0.X version.
This is the LOG after trying authenticate:
2015-10-21 12:30:53,831 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Attempting LDAP
authentication for +password - (certificate:)
2015-10-21 12:30:53,863 INFO [org.ldaptive.auth.Authenticator] - Authentication
succeeded for dn: uid=,o=,c=XX
2015-10-21 12:30:53,863 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response:
[org.ldaptive.auth.AuthenticationResponse@5290428::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
ldapEntry=[dn=uid=,o=,c=XX[[uid[]], [givenName[]], [sn[]],
[isMemberOf[cn=,ou=XXX,o=, o=,c=, uid=,o=,c=XX,
cn=,o=,o=,c=XX]]], responseControls=null, messageId=-1],
accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]
2015-10-21 12:30:53,864 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [isMemberOf[cn=,ou=,o=,o=,c=XX,
uid=,o=,c=XX, cn=,o=,o=,c=XX]]
2015-10-21 12:30:53,865 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [givenName[]]
2015-10-21 12:30:53,865 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [sn[]]
2015-10-21 12:30:53,865 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
LdapAuthenticationHandler successfully authenticated +password -
(certificate:)
2015-10-21 12:30:53,866 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Resolver is
null.
2015-10-21 12:30:53,866 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - No resolver
configured for LdapAuthenticationHandler. Falling back to handler principal
2015-10-21 12:30:53,866 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Principal=
2015-10-21 12:30:53,866 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Setting
principal.
2015-10-21 12:30:53,866 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Returning
builder.
2015-10-21 12:30:53,867 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated
with credentials [+password - (certificate:)].
2015-10-21 12:30:53,869 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map
for : {isMemberOf=[cn=,ou=,o=,o=,c=XX, uid=,c=XX,
cn=,o=,o=,c=XX], givenName=, sn=}
2015-10-21 12:30:53,884 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=
WHO: audit:unknown
WHAT: supplied credentials: [+password - (certificate:)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: SSO
WHEN: Wed Oct 21 12:30:53 BST 2015
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=
2015-10-21 12:30:53,895 DEBUG [org.jasig.cas.ticket.registry.JpaTicketRegistry]
- Added ticket
[TGT-3-KDZzl1jcXb0W6bARCGc0SngtNtdquQ706gblgh34I5W7XzBWrj-localhost:8443] to
registry.
2015-10-21 12:30:53,909 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
Re: [cas-user] Error 500 when validating SAML
Interesting. My tomcat has bcprov-jdk15on-1.50.jar and
bcprov-jdk15on-1.51.jar but not 1.53. Where did you see this was needed?
Im guessing you only have this one dependency and not the ones I have?
Wondering what pom dependency is not correct for my build.
On Tuesday, October 27, 2015 at 10:58:45 AM UTC-4, Pau I. Gómez Molina
wrote:
>
> Good evening Jeff,
>
>
>
> I had to include bcprov-jdk15on-1.53.jar.
>
>
>
>
>
>
>
> *Pau Gómez*
>
> Dpto. de Desarrollo
>
> *Técnicas Competitivas, S. A.*
>
> Tel: 922 203 931 Fax: 922 203 871
>
> *Grupo URANIA*
>
>
>
> Aviso legal:
> El contenido de este mensaje (y de cualquiera de los archivos adjuntos) es
> confidencial, y previsto solamente para el uso de los destinatarios
> especificados.
>
> Cualquier uso, difusión, expedición, impresión o copiado de esta
> información, sin autorización expresa previa, está prohibido en virtud de
> la legislación vigente.
>
> *P** Antes de imprimir este mensaje, asegúrese de que es necesario. El
> medio ambiente es cosa de todos*
>
>
>
> *De:* Jeff Gouge [mailto:gouge...@gmail.com ]
> *Enviado el:* martes, 27 de octubre de 2015 14:52
> *Para:* jasig-cas-user >
> *CC:* cas-...@lists.jasig.org ; Pau I. Gómez Molina <
> pau@tecnicascompetitivas.com >
> *Asunto:* Re: [cas-user] Error 500 when validating SAML
>
>
>
> Paul,
>
>
>
> What was the missed library?
>
> On Monday, October 26, 2015 at 3:26:20 AM UTC-4, Pau Gómez wrote:
>
> Goog morning,
>
>
>
> Alberto, thanks for your help. I was only looking at CAS log and I forgot
> to check Tomcat's log. I had to include a missed library and everything
> worked again. Gracias por todo!!
>
>
>
> I'm using CAS 4.0.2 and cas client 3.3.3, so I guess you can use same
> client (or later) with cas 4.1.
>
>
>
> I would recomment to follow documentation to set SAML support and look
> logs. In my case I had to import Bouncy Castles lib, (bcprov).
>
>
>
> Pau.
>
> El miércoles, 21 de octubre de 2015, 12:43:58 (UTC+1), Pau I. Gómez Molina
> escribió:
>
> Good morning,
>
>
>
> We are trying to activate SAML validation but it doesn’t work. We have
> followed documentation for 4.0.X version.
>
>
>
> This is the LOG after trying authenticate:
>
>
>
> 2015-10-21 12:30:53,831 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] - Attempting LDAP
> authentication for +password - (certificate:)
>
> 2015-10-21 12:30:53,863 INFO [org.ldaptive.auth.Authenticator] -
> Authentication succeeded for dn: uid=,o=,c=XX
>
> 2015-10-21 12:30:53,863 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response:
> [org.ldaptive.auth.AuthenticationResponse@5290428::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
>
> ldapEntry=[dn=uid=,o=,c=XX[[uid[]], [givenName[]],
> [sn[]], [isMemberOf[cn=,ou=XXX,o=, o=,c=,
> uid=,o=,c=XX, cn=,o=,o=,c=XX]]], responseControls=null,
> messageId=-1], accountState=null, result=true, resultCode=SUCCESS,
> message=null, controls=null]
>
> 2015-10-21 12:30:53,864 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
> attribute: [isMemberOf[cn=,ou=,o=,o=,c=XX,
> uid=,o=,c=XX, cn=,o=,o=,c=XX]]
>
> 2015-10-21 12:30:53,865 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
> attribute: [givenName[]]
>
> 2015-10-21 12:30:53,865 DEBUG
> [org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
> attribute: [sn[]]
>
> 2015-10-21 12:30:53,865 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> LdapAuthenticationHandler successfully authenticated +password -
> (certificate:)
>
> 2015-10-21 12:30:53,866 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Resolver
> is null.
>
> 2015-10-21 12:30:53,866 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - No
> resolver configured for LdapAuthenticationHandler. Falling back to handler
> principal
>
> 2015-10-21 12:30:53,866 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> Principal=
>
> 2015-10-21 12:30:53,866 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Setting
> principal.
>
> 2015-10-21 12:30:53,866 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Returning
> builder.
>
> 2015-10-21 12:30:53,867 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> Authenticated with credentials [+password - (certificate:)].
>
> 2015-10-21 12:30:53,869 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute
> map for : {isMemberOf=[cn=,ou=,o=,o=,c=XX,
> uid=,c=XX, cn=,o=,o=,c=XX], givenName=, sn=}
>
> 2015-10-21 12:30:53,884 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager
