Apereo CAS Login Error about java.security.InvalidAlgorithmParameterException

Question

I follow the step in the link(https://github.com/apereo/cas-overlay-template) to deploy Apereo CAS.

Test Environment:

CAS Version: 7.0.0-SNAPSHOT

CAS Branch: master

CAS Build Date/Time: 2022-10-05T13:10:26Z

Spring Boot Version: 2.7.4

Spring Version: 5.3.23

Java Version: 17.0.4.1

OS Architecture: amd64

OS Name: Linux

OS Version: 3.10.0-1160.62.1.el7.x86_64

OS Date/Time: 2022-10-06T08:58:17.575986031

OS Temp Directory: /tmp

Apache Tomcat Version: Apache Tomcat/9.0.67

After run the following commands, I can access the CAS main page (https://xxx.xxx.xxx.xxx:8443/cas/login).

./gradlew clean build

./gradlew createKeystore

./gradlew run

But I got the error "CAS is unable to process this request: "500:Internal Server Error". In the terminal in which I start the CAS, error message as following:

ERROR [org.apereo.cas.web.flow.executor.EncryptedTranscoder] - java.security.InvalidAlgorithmParameterException: AlgorithmParameterSpec not of GCMParameterSpec

Unchecked.java:lambda$static$0:61

Unchecked.java:lambda$supplier$38:1698

FunctionUtils.java:doUnchecked:370

I can't find a proper solution by searching, so please help. thanks.

Maybe a bug in the early phase of CAS 7.0.0 development? Apparently, the possibility to throw the `AlgorithmParameterSpec not of GCMParameterSpec` exception was introduced in Java 17. Note that it might help to increase log level (of `org.apereo.cas.web.flow.executor.EncryptedTranscoder` in this case) to at least DEBUG - then CAS won't shorten the stacktrace as seen in the OP (and possibly outputs something more useful in the full stacktrace). — Petr Bodnár, Jul 21 '23 at 21:24

score 1 · Answer 1 · edited Oct 12 '22 at 00:11

1

Switch to Apereo CAS version 6.6 and Java 11 will work.

java --version
openjdk 11.0.16.1 2022-08-12 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.16.1.1-1.el7_9) (build 11.0.16.1+1-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.16.1.1-1.el7_9) (build 11.0.16.1+1-LTS, mixed mode, sharing)

git checkout 6.6

./gradlew clean build

./gradlew createKeystore

./gradlew run

edited Oct 12 '22 at 00:11

Ismail

1,188
13
31

answered Oct 07 '22 at 16:39

Michael Shi

21
3

score 0 · Answer 2 · edited Dec 17 '22 at 02:36

0

One workaround is to set cas.webflow.crypto.enabled=false, but doing so isn't ideal.

edited Dec 17 '22 at 02:36

Stephen Ostermiller

23,933
14
88
109

answered Dec 17 '22 at 00:05

user20797908

1

score 0 · Answer 3 · answered Jul 11 '23 at 08:07

0

I have solved this problem perfectly. The problem is that the jdk version actually used by your cas is not the same as the version viewed through java --version. You only need to check whether the jdk version in the cas startup log is the same.

answered Jul 11 '23 at 08:07

ATFWUS

9
3

Apereo CAS Login Error about java.security.InvalidAlgorithmParameterException

3 Answers3