CAS and HTML local storage

Marvin Addison marvin.addison at gmail.com
Thu May 26 10:56:46 EDT 2016 

On Thu, May 26, 2016 at 7:15 AM Mika Tiainen <mika.tiainen at saimia.fi> wrote:

> I've been setting up CAS on our IDP v3.2.1. When
> idp.storage.htmlLocalStorage
> is set, the initial request for CAS authentication fails with "An error
> occurred: ServiceNotSpecified".


I think that error state is a red herring. My guess is that the behavior on
this error is to redirect to /profile/cas/login without a service
parameter, which is an error condition. There may be a bug in the CAS error
handling, but that would only improve the reporting and not address the
root cause.


> For a failed request log shows:
>
> 2016-05-26 12:51:00,749 - ERROR
> [net.shibboleth.utilities.java.support.security.DataSealer:181] - Exception
> unwrapping data
> java.io.EOFException: null
>         at java.io.DataInputStream.readFully(DataInputStream.java:197)
> 2016-05-26 12:51:00,751 - ERROR
> [org.opensaml.storage.impl.client.ClientStorageService:406] -
> StorageService shibboleth.ClientSessionStorageService: Exception unwrapping
> secured data
> net.shibboleth.utilities.java.support.security.DataSealerException:
> Exception unwrapping data
>         at
> net.shibboleth.utilities.java.support.security.DataSealer.unwrap(DataSealer.java:182)
> Caused by: java.io.EOFException: null
>         at java.io.DataInputStream.readFully(DataInputStream.java:197)
> 2016-05-26 12:51:00,752 - ERROR
> [net.shibboleth.utilities.java.support.security.DataSealer:181] - Exception
> unwrapping data
> java.io.EOFException: null
>         at java.io.DataInputStream.readFully(DataInputStream.java:197)
> 2016-05-26 12:51:00,757 - ERROR
> [org.opensaml.storage.impl.client.ClientStorageService:406] -
> StorageService shibboleth.ClientPersistentStorageService: Exception
> unwrapping secured data
> net.shibboleth.utilities.java.support.security.DataSealerException:
> Exception unwrapping data
>         at
> net.shibboleth.utilities.java.support.security.DataSealer.unwrap(DataSealer.java:182)
> Caused by: java.io.EOFException: null
>         at java.io.DataInputStream.readFully(DataInputStream.java:197)
>

That trace reads like you have a local storage key defined with an empty
value. How you came to have an empty key is not clear. Try clearing local
storage in your browser and see if that helps. You should turn off local
storage if you're not planning to use it, though you can mix storage
backends with various protocols.

M <users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160526/d2bc0cdb/attachment.html>

More information about the users mailing list