Hello,
if I provide groups via my IDP the UAA displays the message: "Uh oh. Something went amiss.".
In the uaa.log you find following exception:
[2017-03-17 15:04:28.313] - [http-bio-30031-exec-10] .... ERROR --- HomeController: Internal error
java.lang.ClassCastException: Cannot cast class org.opensaml.xml.schema.impl.XSAnyImpl to interface org.opensaml.xml.schema.XSString
at com.sap.xs2.security.hana.HANAAuthorizationProviderService.resolveAuthorities(HANAAuthorizationProviderService.java:110)
at org.cloudfoundry.identity.uaa.login.saml.XSLoginSamlAuthenticationProvider.authenticate(XSLoginSamlAuthenticationProvider.java:157)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:87)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
...
this error only occurs when the Groups attribute in the SMAL response is filled.
<AttributeStatement><Attribute Name="Groups"><AttributeValue>DEVX_DEVELOPER</AttributeValue></Attribute></AttributeStatement>
If the name of this Attribute is different the Error doesn't appear.
Was anybody able to use SAML with group propagation? Any suggestions what could be wrong?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.