on 03-17-2017 2:52 PM
Hello,
if I provide groups via my IDP the UAA displays the message: "Uh oh. Something went amiss.".
In the uaa.log you find following exception:
[2017-03-17 15:04:28.313] - [http-bio-30031-exec-10] .... ERROR --- HomeController: Internal error
java.lang.ClassCastException: Cannot cast class org.opensaml.xml.schema.impl.XSAnyImpl to interface org.opensaml.xml.schema.XSString
at com.sap.xs2.security.hana.HANAAuthorizationProviderService.resolveAuthorities(HANAAuthorizationProviderService.java:110)
at org.cloudfoundry.identity.uaa.login.saml.XSLoginSamlAuthenticationProvider.authenticate(XSLoginSamlAuthenticationProvider.java:157)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:87)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
...
this error only occurs when the Groups attribute in the SMAL response is filled.
<AttributeStatement><Attribute Name="Groups"><AttributeValue>DEVX_DEVELOPER</AttributeValue></Attribute></AttributeStatement>
If the name of this Attribute is different the Error doesn't appear.
Was anybody able to use SAML with group propagation? Any suggestions what could be wrong?
After updating to SAP HANA, express edition 2 SPS1 the problem was gone.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.