Skip to Content
0

UAA SAML: ClassCastException

Mar 17, 2017 at 02:52 PM

143

avatar image

Hello,

if I provide groups via my IDP the UAA displays the message: "Uh oh. Something went amiss.".

In the uaa.log you find following exception:

[2017-03-17 15:04:28.313]  -  [http-bio-30031-exec-10] .... ERROR --- HomeController: Internal error
java.lang.ClassCastException: Cannot cast class org.opensaml.xml.schema.impl.XSAnyImpl to interface org.opensaml.xml.schema.XSString
        at com.sap.xs2.security.hana.HANAAuthorizationProviderService.resolveAuthorities(HANAAuthorizationProviderService.java:110)
        at org.cloudfoundry.identity.uaa.login.saml.XSLoginSamlAuthenticationProvider.authenticate(XSLoginSamlAuthenticationProvider.java:157)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
        at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:87)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
...

this error only occurs when the Groups attribute in the SMAL response is filled.

<AttributeStatement><Attribute Name="Groups"><AttributeValue>DEVX_DEVELOPER</AttributeValue></Attribute></AttributeStatement>

If the name of this Attribute is different the Error doesn't appear.

Was anybody able to use SAML with group propagation? Any suggestions what could be wrong?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Matthias Aumüller Jun 08, 2017 at 12:34 PM
0

After updating to SAP HANA, express edition 2 SPS1 the problem was gone.

Share
10 |10000 characters needed characters left characters exceeded