[cas-user] SAML IdP keys and metadata problems

Fri, 06 Jan 2023 21:32:21 -0800

I'm having two different problems related to SAML 2 keys and metadata on 6.6.3.
If I have org.apereo.cas:cas-server-support-saml-idp-metadata-git enabled, I get an NPE when trying to access the metadata URL. I have enforced the default false flag to indicate that the IdP metadata shouldn't expect to be found in there. The NPE isn't very helpful: 


023-01-06 15:34:25,629 ERROR 
[org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] 
- <Servlet.service() for servlet [dispatcherServlet] in context with 
path [/cas] threw exception [Request processing failed; nested exception is

 java.lang.NullPointerException] with root cause>
java.lang.NullPointerException: null

        at 
org.apereo.cas.support.saml.web.idp.metadata.SamlIdPMetadataController.generateMetadataForIdp(SamlIdPMetadataController.java:61) 
~[cas-server-support-saml-idp-web-6.6.3.jar!/:6.6.3]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method) ~[?:?]
        at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
~[?:?]
        at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
~[?:?]



If I don't have idp metadata git enabled, then if I don't have the 
metadata file in the directory, it replaces my keys and generates a new 
metadata file. I ideally would like to keep my existing keys and have it 
generate a new metadata file for the new version. Guessing I just need 
to create it with bogus keys elsewhere and swap in my certs and put it 
somewhere that CAS can't write to it? It seems wrong for it to 
regenerate the keys, and I haven't found the correct section of the 
documentation at this point in time.


Thanks,

Richard

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/85e046b9-04e5-da3c-c27c-428423af4f4a%40ndsu.edu.






















					Reply via email to