CAS login return _cas_stateful_ user name

[flparedes]

Hello again.

I'm developing a web app with Grails 3.1.19 with the spring-security-cas 3.0.0 plugin. The problem is that when I try to login against my CAS server the plugin gets the wrong user name _casstateful, and can't find the logged user.

Here you can see a piece of the application log:

DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/cas'; against '/login/cas'
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - serviceTicketRequest = true
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - requiresAuthentication = true
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - Request is to process authentication
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - proxyReceptorConfigured = true
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/cas'; against '//secure/receptor'
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - proxyReceptorRequest = false
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login/cas'; against '/login/cas'
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - serviceTicketRequest = true
DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.cas.authentication.CasAuthenticationProvider
DEBUG org.springframework.security.cas.authentication.CasAuthenticationProvider - serviceUrl = http://localhost:8080/login/cas
DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
WARN grails.plugin.springsecurity.userdetails.GormUserDetailsService - **User not found: cas_stateful
DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'cas_stateful' not found
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - Delegating to authentication failure handler org.springframework.security.cas.web.CasAuthenticationFilter$CasAuthenticationFailureHandler@710e9427

This is strange because using a local CAS server I can log in without problems but when I try to log in against this test CAS server http://casserverpac4j.herokuapp.com I get the previous error.

Here you got my local development config:

grails:
        plugin:
            springsecurity:
                cas:
                  loginUri: /login
                  serviceUrl: https://seri.upo.es:8443/login/cas
                  # serverUrlPrefix: http://localhost:9090/cas
                  serverUrlPrefix: http://casserverpac4j.herokuapp.com
                  proxyCallbackUrl: https://seri.upo.es:8443/secure/receptor
                  proxyReceptorUrl: /secure/receptor
                  serverName: https://seri.upo.es:8443
                  key: changeit
                  sendRenew: true
                logout:
                  # afterLogoutUrl: http://localhost:9090/cas/logout?url=https://seri.upo.es:8443
                  afterLogoutUrl: http://casserverpac4j.herokuapp.com/logout?url=https://seri.upo.es:8443 

What am I doing wrong?

Thank you

[flparedes]

Finally got the problem. It was a configuration problem, the proxyCallbackUrl and proxyReceptorUrl worked fine with my local CAS server but the final CAS server fails if I configure those parameters and returns an invalid response. By just commenting those parameters the app works fine.