Now I found a workaround:
cas.service-registry.schedule.enabled=false
This resolves the problem. After applying this configuration, the 403
errors no longer occur.
piątek, 27 grudnia 2024 o 18:03:07 UTC+1 Patryk Sondej napisał(a):
> Now the issue changed from 500 error to 403 error.
> I think the core problem seems to occur during the reload process of the
> "JsonServiceRegistry".
> When it reloads, it appears to remove all registered services for short
> time.
>
> After running 1000 requests, randomly I get 403 ("Service Access Denied")
> error for registered service:
> ```
> 2024-12-27 17:35:40,095 INFO [org.apereo.inspektr.audit.AuditTrailManager]
> - <{
> "who" : "audit:unknown",
> "what" : {
> "result" : "Service Access Granted",
> "service" : "http://example.com/";
> },
> "action" : "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED",
> "when" : "2024-12-27T16:35:40.095331828",
> "clientIpAddress" : "127.0.0.1",
> "serverIpAddress" : "127.0.0.1",
> "geoLocation" : "unknown"
> }
> 2024-12-27 17:35:40,265 INFO
> [org.apereo.cas.services.mgmt.AbstractServicesManager] - <Loaded [860]
> service(s) from [JsonServiceRegistry].>
> 2024-12-27 17:35:40,273 INFO [org.apereo.inspektr.audit.AuditTrailManager]
> - <{
> "who" : "audit:unknown",
> "what" : {
> "result" : "Service Access Denied",
> "service" : "http://example.com/";
> },
> "action" : "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED",
> "when" : "2024-12-27T16:35:40.273405206",
> "clientIpAddress" : "127.0.0.1",
> "serverIpAddress" : "127.0.0.1",
> "geoLocation" : "unknown"
> }
> 2024-12-27 17:35:45,275 INFO [org.apereo.inspektr.audit.AuditTrailManager]
> - <{
> "who" : "audit:unknown",
> "what" : {
> "result" : "Service Access Granted",
> "service" : "http://example.com/";
> },
> "action" : "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED",
> "when" : "2024-12-27T16:35:45.274841283",
> "clientIpAddress" : "127.0.0.1",
> "serverIpAddress" : "127.0.0.1",
> "geoLocation" : "unknown"
> }
> ```
>
> piątek, 20 grudnia 2024 o 17:46:34 UTC+1 Jonathon Taylor napisał(a):
>
>> FYI - This is resolved for us in 7.1.3.
>>
>> On Wed, Sep 18, 2024 at 2:21 AM Patryk Sondej <bux.p...@gmail.com> wrote:
>>
>>> I have same problem (but without Duo). It happens randomly after
>>> refresing /login page 1000 times.
>>>
>>> java.lang.RuntimeException: jakarta.servlet.ServletException: Request
>>> processing failed:
>>> org.springframework.webflow.execution.ActionExecutionException: Exception
>>> thrown executing
>>> org.apereo.cas.web.flow.ServiceAuthorizationCheckAction@49252d5f in state
>>> 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes
>>> were 'map[[empty]]'
>>>
>>> Caused by: jakarta.servlet.ServletException: Request processing failed:
>>> org.springframework.webflow.execution.ActionExecutionException: Exception
>>> thrown executing
>>> org.apereo.cas.web.flow.ServiceAuthorizationCheckAction@49252d5f in state
>>> 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes
>>> were 'map[[empty]]'
>>>
>>> Caused by:
>>> org.springframework.webflow.execution.ActionExecutionException: Exception
>>> thrown executing
>>> org.apereo.cas.web.flow.ServiceAuthorizationCheckAction@49252d5f in state
>>> 'serviceAuthorizationCheck' of flow 'login' -- action execution attributes
>>> were 'map[[empty]]'
>>>
>>> Caused by: org.springframework.beans.NotReadablePropertyException:
>>> Invalid property 'clientId' of bean class
>>> [org.apereo.cas.services.CasRegisteredService]: Bean property 'clientId' is
>>> not readable or has an invalid getter method: Does the return type of the
>>> getter match the parameter type of the setter?
>>>
>>> środa, 18 września 2024 o 00:01:59 UTC+2 Robin Joseph napisał(a):
>>>
>>>> I am having issue with CAS using Safari since updating My IPhone to IOS
>>>> 18. Getting CAS is unable to process this request 500:internal server
>>>> error, this happens after the duo prompt to enter the code, see the error
>>>> below
>>>>
>>>>
>>>> 2024-09-17 13:40:15,186 ERROR
>>>> [org.springframework.boot.web.servlet.support.ErrorPageFilter] -
>>>> <Forwarding to error page from request [/login] due to exception
>>>> [jakarta.servlet.ServletException: Request processing failed:
>>>> org.springframework.webflow.execution.ActionExecutionException: Exception
>>>> thrown executing
>>>> org.apereo.cas.web.flow.actions.storage.ReadBrowserStorageAction@299a84aa
>>>> in state 'verifyBrowserStorageRead' of flow 'login' -- action execution
>>>> attributes were 'map[[empty]]']>
>>>>
>>> --
>>>
>> - Website: https://apereo.github.io/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d12f509a-b814-4a2f-928c-4b19c742ad9dn%40apereo.org
>>>
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d12f509a-b814-4a2f-928c-4b19c742ad9dn%40apereo.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>
>> --
>> Jonathon Taylor (he/him)
>> Information Security Office
>> jona...@berkeley.edu
>>
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2c81f46-4476-4875-a7fd-04193ec9974bn%40apereo.org.
