Problem with SPNEGO flow (6.4.5)
66 views
Skip to first unread message
spfma...@e.mail.fr
Feb 15, 2022, 9:55:46 PM2/15/22
to cas-...@apereo.org
Hi,
I tried to follow the instructions on this page https://apereo.github.io/cas/6.4.x/authentication/SPNEGO-Authentication.html#spnego-authentication and managed to go a it futher.
Then I installed an empty WordPress site, using CAS authentication through "Authorizer" extension.
I can see some SPNEGO dialog in the CAS logfile, and it seems he considers a Kerberos token. Good starting point !
But in the end, the SPNENGO authentication fails and it falls back to the login form (which works).
"klist" on the client shows a ticket for CAS HTTP principal.
Here is what I managed to track during the different steps. It seems my CAS server is not able to handle the provided informations (a LDAP handler trying to process a token ?), but I don't know what to do at that level.
I have tried numerous configuration properties I have found here and there but many seem deprecated or have changed.
Can someone help me guess where the problem is ?
Thanks
W11 login (KRB server)
---------------------------------
2022-02-15T17:10:44 AS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_REALM@MY_REALM
2022-02-15T17:10:44 Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
2022-02-15T17:10:44 sending 281 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:44 AS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_REALM@MY_REALM
2022-02-15T17:10:44 Client sent patypes: ENC-TS
2022-02-15T17:10:44 Looking for PK-INIT(ietf) pa-data -- USER_ID@MY_REALM
2022-02-15T17:10:44 Looking for PK-INIT(win2k) pa-data -- USER_ID@MY_REALM
2022-02-15T17:10:44 Looking for ENC-TS pa-data -- USER_ID@MY_REALM
2022-02-15T17:10:44 ENC-TS Pre-authentication succeeded -- USER_ID@MY_REALM using aes256-cts-hmac-sha1-96
2022-02-15T17:10:44 ENC-TS pre-authentication succeeded -- USER_ID@MY_REALM
2022-02-15T17:10:44 AS-REQ authtime: 2022-02-15T17:10:44 starttime: unset endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:44 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, des-cbc-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2022-02-15T17:10:44 Requested flags: renewable-ok, renewable, forwardable
2022-02-15T17:10:44 sending 645 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:44 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_AD_REALM@MY_REALM [renewable, forwardable]
2022-02-15T17:10:44 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:10:44 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:44 sending 598 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:45 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for cifs/dataserver1@MY_REALM [renewable, forwardable]
2022-02-15T17:10:45 Searching referral for dataserver1
2022-02-15T17:10:45 Server not found in database: cifs/dataserver1@MY_REALM: Unknown code hdb 3
2022-02-15T17:10:45 Failed building TGS-REP to IPv4:CLIENT_IP
2022-02-15T17:10:45 tgs-req: sending error: -1765328377 to client
2022-02-15T17:10:45 sending 105 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:45 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_REALM@MY_REALM [renewable-ok, renewable, forwarded, forwardable]
2022-02-15T17:10:45 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:10:45 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:45 sending 652 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:45 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for ldap/AD_SRV.my-ad.domain@MY_REALM [renewable, forwardable]
2022-02-15T17:10:45 Searching referral for AD_SRV.my-ad.domain
2022-02-15T17:10:45 Returning a referral to realm MY_AD_REALM for server ldap/AD_SRV.my-ad.domain@MY_REALM that was not found
2022-02-15T17:10:45 Adding server referral to MY_AD_REALM
2022-02-15T17:10:45 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:10:45 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:45 sending 821 bytes to IPv4:CLIENT_IP
---------------------------------
2022-02-15T17:10:44 AS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_REALM@MY_REALM
2022-02-15T17:10:44 Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
2022-02-15T17:10:44 sending 281 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:44 AS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_REALM@MY_REALM
2022-02-15T17:10:44 Client sent patypes: ENC-TS
2022-02-15T17:10:44 Looking for PK-INIT(ietf) pa-data -- USER_ID@MY_REALM
2022-02-15T17:10:44 Looking for PK-INIT(win2k) pa-data -- USER_ID@MY_REALM
2022-02-15T17:10:44 Looking for ENC-TS pa-data -- USER_ID@MY_REALM
2022-02-15T17:10:44 ENC-TS Pre-authentication succeeded -- USER_ID@MY_REALM using aes256-cts-hmac-sha1-96
2022-02-15T17:10:44 ENC-TS pre-authentication succeeded -- USER_ID@MY_REALM
2022-02-15T17:10:44 AS-REQ authtime: 2022-02-15T17:10:44 starttime: unset endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:44 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, des-cbc-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2022-02-15T17:10:44 Requested flags: renewable-ok, renewable, forwardable
2022-02-15T17:10:44 sending 645 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:44 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_AD_REALM@MY_REALM [renewable, forwardable]
2022-02-15T17:10:44 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:10:44 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:44 sending 598 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:45 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for cifs/dataserver1@MY_REALM [renewable, forwardable]
2022-02-15T17:10:45 Searching referral for dataserver1
2022-02-15T17:10:45 Server not found in database: cifs/dataserver1@MY_REALM: Unknown code hdb 3
2022-02-15T17:10:45 Failed building TGS-REP to IPv4:CLIENT_IP
2022-02-15T17:10:45 tgs-req: sending error: -1765328377 to client
2022-02-15T17:10:45 sending 105 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:45 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for krbtgt/MY_REALM@MY_REALM [renewable-ok, renewable, forwarded, forwardable]
2022-02-15T17:10:45 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:10:45 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:45 sending 652 bytes to IPv4:CLIENT_IP
2022-02-15T17:10:45 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for ldap/AD_SRV.my-ad.domain@MY_REALM [renewable, forwardable]
2022-02-15T17:10:45 Searching referral for AD_SRV.my-ad.domain
2022-02-15T17:10:45 Returning a referral to realm MY_AD_REALM for server ldap/AD_SRV.my-ad.domain@MY_REALM that was not found
2022-02-15T17:10:45 Adding server referral to MY_AD_REALM
2022-02-15T17:10:45 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:10:45 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:10:45 sending 821 bytes to IPv4:CLIENT_IP
Click on CAS auth link W11 client (KRB SERVER)
-------------------------------------------------------------------------
2022-02-15T17:11:23 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for HTTP/testlogin.my.domain@MY_REALM [renewable, forwardable]
2022-02-15T17:11:23 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:11:23 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:11:23 sending 810 bytes to IPv4:CLIENT_IP
-------------------------------------------------------------------------
2022-02-15T17:11:23 TGS-REQ USER_ID@MY_REALM from IPv4:CLIENT_IP for HTTP/testlogin.my.domain@MY_REALM [renewable, forwardable]
2022-02-15T17:11:23 TGS-REQ authtime: 2022-02-15T17:10:44 starttime: 2022-02-15T17:11:23 endtime: 2022-02-16T17:10:44 renew till: 2022-02-22T17:10:44
2022-02-15T17:11:23 sending 810 bytes to IPv4:CLIENT_IP
CAS server
----------------
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
----------------
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
>
2022-02-15 17:17:19,524 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: [http://wp_cassified_server.my.domain/wp-login.php?external=cas&redirect_to=http%3A%2F%2Fwp_cassified_server.my.domain%2Fwp-admin%2Fprofile.php]>
2022-02-15 17:17:19,526 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing registered service [^https?://([A-Za-z0-9_-]+\.)*my\.domain.*] with id [1003] in context scope>
2022-02-15 17:17:19,527 DEBUG [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] - <Evaluating authentication policy [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], excludedAuthenticationHandlers=[], criteria=AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria(tryAll=false))] for [global_service]>
2022-02-15 17:17:19,528 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [success] via [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver] for this context>
2022-02-15 17:17:19,530 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, timestamp=Tue Feb 15 17:17:19 CET 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
2022-02-15 17:17:19,524 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: [http://wp_cassified_server.my.domain/wp-login.php?external=cas&redirect_to=http%3A%2F%2Fwp_cassified_server.my.domain%2Fwp-admin%2Fprofile.php]>
2022-02-15 17:17:19,526 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing registered service [^https?://([A-Za-z0-9_-]+\.)*my\.domain.*] with id [1003] in context scope>
2022-02-15 17:17:19,527 DEBUG [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] - <Evaluating authentication policy [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], excludedAuthenticationHandlers=[], criteria=AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria(tryAll=false))] for [global_service]>
2022-02-15 17:17:19,528 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [success] via [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver] for this context>
2022-02-15 17:17:19,530 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, timestamp=Tue Feb 15 17:17:19 CET 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
>
2022-02-15 17:17:19,535 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote Address = [CLIENT_IP]>
2022-02-15 17:17:19,535 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Header Attribute [alternateRemoteHeader] = [null]>
2022-02-15 17:17:19,536 WARN [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <No value could be retrieved from the header [alternateRemoteHeader]. Falling back to [CLIENT_IP].>
2022-02-15 17:17:19,536 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Current user IP [CLIENT_IP]>
2022-02-15 17:17:19,538 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote IP address [CLIENT_IP] should be checked based on the defined pattern [.+]>
2022-02-15 17:17:19,542 DEBUG [org.apereo.cas.support.spnego.util.ReverseDNSRunnable] - <Attempting to resolve [CLIENT_IP]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Found remote host name [my_client.my.domain].>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - <Retrieved host name for the remote ip is [my_client.my.domain]>
2022-02-15 17:17:19,545 INFO [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Spnego should be activated for [CLIENT_IP]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Authorization header [null], User Agent header [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.50]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Authorization header not found or does not match the message prefix [Negotiate ]. Sending [WWW-Authenticate] header [Negotiate]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Mixed-mode authentication is enabled>
2022-02-15 17:17:19,546 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Available request headers are [[host, connection, upgrade-insecure-requests, user-agent, accept, sec-fetch-site, sec-fetch-mode, sec-fetch-user, sec-fetch-dest, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, referer, accept-encoding, accept-language]]>
2022-02-15 17:17:19,546 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header located as [null]>
2022-02-15 17:17:19,546 WARN [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header is not found under [Authorization]>
2022-02-15 17:17:19,546 INFO [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - <No credentials could be extracted/detected from the current request>
2022-02-15 17:17:19,546 INFO [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Action execution disallowed; pre-execution result is 'error'>
2022-02-15 17:17:19,599 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [file:/etc/cas/config/custom_messages_fr] - neither plain properties nor XML>
2022-02-15 17:17:19,601 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_fr] - neither plain properties nor XML>
2022-02-15 17:17:19,608 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages_fr] - file hasn't been modified>
2022-02-15 17:17:19,608 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [file:/etc/cas/config/custom_messages] - neither plain properties nor XML>
2022-02-15 17:17:19,610 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML>
2022-02-15 17:17:19,612 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages] - file hasn't been modified>
2022-02-15 17:17:19,713 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
2022-02-15 17:17:19,535 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote Address = [CLIENT_IP]>
2022-02-15 17:17:19,535 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Header Attribute [alternateRemoteHeader] = [null]>
2022-02-15 17:17:19,536 WARN [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <No value could be retrieved from the header [alternateRemoteHeader]. Falling back to [CLIENT_IP].>
2022-02-15 17:17:19,536 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Current user IP [CLIENT_IP]>
2022-02-15 17:17:19,538 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote IP address [CLIENT_IP] should be checked based on the defined pattern [.+]>
2022-02-15 17:17:19,542 DEBUG [org.apereo.cas.support.spnego.util.ReverseDNSRunnable] - <Attempting to resolve [CLIENT_IP]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Found remote host name [my_client.my.domain].>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - <Retrieved host name for the remote ip is [my_client.my.domain]>
2022-02-15 17:17:19,545 INFO [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Spnego should be activated for [CLIENT_IP]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Authorization header [null], User Agent header [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.50]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Authorization header not found or does not match the message prefix [Negotiate ]. Sending [WWW-Authenticate] header [Negotiate]>
2022-02-15 17:17:19,545 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Mixed-mode authentication is enabled>
2022-02-15 17:17:19,546 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Available request headers are [[host, connection, upgrade-insecure-requests, user-agent, accept, sec-fetch-site, sec-fetch-mode, sec-fetch-user, sec-fetch-dest, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, referer, accept-encoding, accept-language]]>
2022-02-15 17:17:19,546 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header located as [null]>
2022-02-15 17:17:19,546 WARN [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header is not found under [Authorization]>
2022-02-15 17:17:19,546 INFO [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - <No credentials could be extracted/detected from the current request>
2022-02-15 17:17:19,546 INFO [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Action execution disallowed; pre-execution result is 'error'>
2022-02-15 17:17:19,599 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [file:/etc/cas/config/custom_messages_fr] - neither plain properties nor XML>
2022-02-15 17:17:19,601 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_fr] - neither plain properties nor XML>
2022-02-15 17:17:19,608 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages_fr] - file hasn't been modified>
2022-02-15 17:17:19,608 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [file:/etc/cas/config/custom_messages] - neither plain properties nor XML>
2022-02-15 17:17:19,610 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML>
2022-02-15 17:17:19,612 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages] - file hasn't been modified>
2022-02-15 17:17:19,713 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
>
2022-02-15 17:17:19,717 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: [http://wp_cassified_server.my.domain/wp-login.php?external=cas&redirect_to=http%3A%2F%2Fwp_cassified_server.my.domain%2Fwp-admin%2Fprofile.php]>
2022-02-15 17:17:19,726 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing registered service [^https?://([A-Za-z0-9_-]+\.)*my\.domain.*] with id [1003] in context scope>
2022-02-15 17:17:19,727 DEBUG [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] - <Evaluating authentication policy [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], excludedAuthenticationHandlers=[], criteria=AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria(tryAll=false))] for [global_service]>
2022-02-15 17:17:19,728 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [success] via [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver] for this context>
2022-02-15 17:17:19,729 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, timestamp=Tue Feb 15 17:17:19 CET 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
2022-02-15 17:17:19,717 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: [http://wp_cassified_server.my.domain/wp-login.php?external=cas&redirect_to=http%3A%2F%2Fwp_cassified_server.my.domain%2Fwp-admin%2Fprofile.php]>
2022-02-15 17:17:19,726 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing registered service [^https?://([A-Za-z0-9_-]+\.)*my\.domain.*] with id [1003] in context scope>
2022-02-15 17:17:19,727 DEBUG [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] - <Evaluating authentication policy [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], excludedAuthenticationHandlers=[], criteria=AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria(tryAll=false))] for [global_service]>
2022-02-15 17:17:19,728 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [success] via [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver] for this context>
2022-02-15 17:17:19,729 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, timestamp=Tue Feb 15 17:17:19 CET 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
>
2022-02-15 17:17:19,730 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote Address = [CLIENT_IP]>
2022-02-15 17:17:19,731 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Header Attribute [alternateRemoteHeader] = [null]>
2022-02-15 17:17:19,731 WARN [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <No value could be retrieved from the header [alternateRemoteHeader]. Falling back to [CLIENT_IP].>
2022-02-15 17:17:19,731 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Current user IP [CLIENT_IP]>
2022-02-15 17:17:19,731 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote IP address [CLIENT_IP] should be checked based on the defined pattern [.+]>
2022-02-15 17:17:19,733 DEBUG [org.apereo.cas.support.spnego.util.ReverseDNSRunnable] - <Attempting to resolve [CLIENT_IP]>
2022-02-15 17:17:19,734 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Found remote host name [my_client.my.domain].>
2022-02-15 17:17:19,734 DEBUG [org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - <Retrieved host name for the remote ip is [my_client.my.domain]>
2022-02-15 17:17:19,734 INFO [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Spnego should be activated for [CLIENT_IP]>
2022-02-15 17:17:19,734 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Authorization header [Negotiate YIIEAwYGKwYBBQUCoIID9zCCA/OgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCA70EggO5YIIDtQYJKoZIhvcSAQICAQBuggOkMIIDoKADAgEFoQMCAQ6iBwMFACAAAACjggHcYYIB2DCCAdSgAwIBBaEGGwRJTlNBoi8wLaADAgECoSYwJBsESFRUUBscdGVzdGxvZ2luLmluc2Etc3RyYXNib3VyZy5mcqOCAZIwggGOoAMCARKhAwIBAqKCAYAEggF8U9ZJVSL5UqrexWr5xhjIi2tDtgfef+9p37fA2To/xMHJhEMud+T5rWSwZCcw1q8qWuDs36otVP7FnulbH1z3qwGA9+cq3JmB1JbY96/nM8TFdaH9HMiu4ANFDT7vcFuzOD7Vfq1780Uvhgb7ZLKMxxanY5S7mpMrYpX8r7u1k6rHpv/eD/ahfaw24n5BRj8CAxD811fiWiqE1EPbo9FhMWNLMOaXQFlV+llPVGwbaX7Ojx6fGVTRiVz57bqBNg0p/1CyNMuQRgE1xccxVY/mhvbxKng6bnEOmjf83slaMznNE+V26LLGdH5DMTnTtySaDlr6Xg3E05WKlGUORuyAH3ySqX7tkwZeuiPYwM1ZOA4V474p/HG3+ceUhliCPXx/WoDgL3m2T8BnVnjArGJWk4p3FIFIjP5+Q9O9friYNjBL1So9CGo2xA0CPL5gdlnY81nrYbv0VVyM4a0j93dU/yB8SuN6nYJ+dOxKAwBdZ7i/BCZSkYi2ClQcqaikggGpMIIBpaADAgESooIBnASCAZgNMs3z3DY4yyS1yjT1bfkA4n0988+fEgOQQgmzOAuB4ob/mfcvyo/8Hh3ReFJK3V/tPQUl1hX4BPRKDUeavx7rLhpV8XnPC/ag1wLa1zj6qYhFWxQ56PZr3s3e7ol9PVcfsR6syjpPCLCWEcevipVa6hG9Az7R7fmsz6PCWcBWsY+gmPdvt7PxJNsOtN8XasXnFDveMUnnUdcgFkd6uzjagwyKlbrlJI+HqRib2aMd11ADVQCPy1AGjgeCko9hSD6PsZEZUnTFWcBEPNIx0ek0yGsaKWlwpYo3L7unkr4Vix3oX8g9G/yxwDSm3mIlRmXIhta0xj90XwhXL3Fe/j1czfqvIWzLl7arRANPTkQbaqSjOp3uVl8qGNdtHvPGomBwTOAvj3fg3u8EFoJnYI8rFFlz0TTARznsr7qYLhOKeiyXqXK3SI4te5zg91eBprCFvRatnkgXNiNNO9b/ZX+RarZPieZv3qcq9JQh/O6U77MamtMM9Z3YUdW7+3xQwmTVlsMf2qO5owuy7cjxvEet5aeoW89C8uY=], User Agent header [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.50]>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Available request headers are [[host, connection, authorization, upgrade-insecure-requests, user-agent, accept, sec-fetch-site, sec-fetch-mode, sec-fetch-user, sec-fetch-dest, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, referer, accept-encoding, accept-language]]>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header located as [Negotiate YIIEAwYGKwYBBQUCoIID9zCCA/OgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCA70EggO5YIIDtQYJKoZIhvcSAQICAQBuggOkMIIDoKADAgEFoQMCAQ6iBwMFACAAAACjggHcYYIB2DCCAdSgAwIBBaEGGwRJTlNBoi8wLaADAgECoSYwJBsESFRUUBscdGVzdGxvZ2luLmluc2Etc3RyYXNib3VyZy5mcqOCAZIwggGOoAMCARKhAwIBAqKCAYAEggF8U9ZJVSL5UqrexWr5xhjIi2tDtgfef+9p37fA2To/xMHJhEMud+T5rWSwZCcw1q8qWuDs36otVP7FnulbH1z3qwGA9+cq3JmB1JbY96/nM8TFdaH9HMiu4ANFDT7vcFuzOD7Vfq1780Uvhgb7ZLKMxxanY5S7mpMrYpX8r7u1k6rHpv/eD/ahfaw24n5BRj8CAxD811fiWiqE1EPbo9FhMWNLMOaXQFlV+llPVGwbaX7Ojx6fGVTRiVz57bqBNg0p/1CyNMuQRgE1xccxVY/mhvbxKng6bnEOmjf83slaMznNE+V26LLGdH5DMTnTtySaDlr6Xg3E05WKlGUORuyAH3ySqX7tkwZeuiPYwM1ZOA4V474p/HG3+ceUhliCPXx/WoDgL3m2T8BnVnjArGJWk4p3FIFIjP5+Q9O9friYNjBL1So9CGo2xA0CPL5gdlnY81nrYbv0VVyM4a0j93dU/yB8SuN6nYJ+dOxKAwBdZ7i/BCZSkYi2ClQcqaikggGpMIIBpaADAgESooIBnASCAZgNMs3z3DY4yyS1yjT1bfkA4n0988+fEgOQQgmzOAuB4ob/mfcvyo/8Hh3ReFJK3V/tPQUl1hX4BPRKDUeavx7rLhpV8XnPC/ag1wLa1zj6qYhFWxQ56PZr3s3e7ol9PVcfsR6syjpPCLCWEcevipVa6hG9Az7R7fmsz6PCWcBWsY+gmPdvt7PxJNsOtN8XasXnFDveMUnnUdcgFkd6uzjagwyKlbrlJI+HqRib2aMd11ADVQCPy1AGjgeCko9hSD6PsZEZUnTFWcBEPNIx0ek0yGsaKWlwpYo3L7unkr4Vix3oX8g9G/yxwDSm3mIlRmXIhta0xj90XwhXL3Fe/j1czfqvIWzLl7arRANPTkQbaqSjOp3uVl8qGNdtHvPGomBwTOAvj3fg3u8EFoJnYI8rFFlz0TTARznsr7qYLhOKeiyXqXK3SI4te5zg91eBprCFvRatnkgXNiNNO9b/ZX+RarZPieZv3qcq9JQh/O6U77MamtMM9Z3YUdW7+3xQwmTVlsMf2qO5owuy7cjxvEet5aeoW89C8uY=]>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header found with [1376] bytes>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Obtained token: [`�+���0��00. *�H�� *�H��
+�7
+�7
�����`�� *�H��n��0����� ���a��0�Ԡ�NSA�/0-��&0$TTPestlogin.my.domain���0��������|S�IU"�R���j��ȋkC��i߷��:?��ɄC.w���d�d'0֯*Z�<�`vY��Y�a��U\��#�wT� |J�z��~t�J]g��&R���x��bV��w�H��~Cӽ~��60K�*j6��YOTl~Ώ�Tщ\��6
2���68�$��4�m��}=�ϟ�B �8
G���.U�y� �����/ʏ��xRJ�_�=%���J
�����8���E[9��k����}=W���:��ǯ��Z��>����ϣ�Y�V�����o���$���j��;�1I�Q� Gz�8ڃ
����$����٣�PU��P����aH>���Rt�Y�D<�1��4�k)ip��7/������_�=▒▒��4��b%FeȆִ�?tW/q^�=\���!l˗��DOND��:��V_*�m�Ƣ`pL�/�w����g`�+Ys�4�G9쯺�.�z,��r�H�-{���W�������H6#M;���j�O��oާ*��!�����
���Qջ�|P�dՖ�ڣ��
����G�姨[�B��]. Creating credential...>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.50] is authorized to proceed>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [CLIENT_IP] to proceed.>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Request is not eligible to be issued service tickets just yet>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication credentials provided for this transaction are [[SpnegoCredential(principal=null, isNtlm=false)]]>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Candidate/Registered authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@9f218f4, org.apereo.cas.authentication.LdapAuthenticationHandler@366a193d, org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@6739d29e]]>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers for this transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@5d32f5db]]>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers produced no candidate authentication handler. Using the default handler resolver instead...>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.AuthenticationHandlerResolver] - <Default authentication handlers used for this transaction are [HttpBasedServiceCPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYredentialsAuthenticationHandler,LdapAuthenticationHandler,JcifsSpnegoAuthenticationHandler]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Resolved and finalized authentication handlers to carry out this authentication transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@5d32f5db]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Candidate resolved authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@9f218f4, org.apereo.cas.authentication.LdapAuthenticationHandler@366a193d, org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@6739d29e]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting to authenticate credential [SpnegoCredential(principal=null, isNtlm=false)]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [SpnegoCredential(principal=null, isNtlm=false)].>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Credential is not one of username/password and is not accepted by handler [LdapAuthenticationHandler]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication handler [LdapAuthenticationHandler] does not support the credential type [SpnegoCredential(principal=null, isNtlm=false)].>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting authentication of [unknown] using [JcifsSpnegoAuthenticationHandler]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <nextToken is null>
2022-02-15 17:17:19,737 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null, the processing of the SPNEGO Token failed].>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication policy resolvers for this transaction are [[org.apereo.cas.authentication.policy.RegisteredServiceAuthenticationPolicyResolver@4687c184]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.policy.RegisteredServiceAuthenticationPolicyResolver] - <Authentication policies for this transaction are [[org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy@9769ff6]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Resolved authentication policies are [[org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy@9769ff6]]>
2022-02-15 17:17:19,738 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: [SpnegoCredential(principal=null, isNtlm=false)]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
2022-02-15 17:17:19,730 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote Address = [CLIENT_IP]>
2022-02-15 17:17:19,731 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Header Attribute [alternateRemoteHeader] = [null]>
2022-02-15 17:17:19,731 WARN [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <No value could be retrieved from the header [alternateRemoteHeader]. Falling back to [CLIENT_IP].>
2022-02-15 17:17:19,731 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Current user IP [CLIENT_IP]>
2022-02-15 17:17:19,731 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Remote IP address [CLIENT_IP] should be checked based on the defined pattern [.+]>
2022-02-15 17:17:19,733 DEBUG [org.apereo.cas.support.spnego.util.ReverseDNSRunnable] - <Attempting to resolve [CLIENT_IP]>
2022-02-15 17:17:19,734 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Found remote host name [my_client.my.domain].>
2022-02-15 17:17:19,734 DEBUG [org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - <Retrieved host name for the remote ip is [my_client.my.domain]>
2022-02-15 17:17:19,734 INFO [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - <Spnego should be activated for [CLIENT_IP]>
2022-02-15 17:17:19,734 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - <Authorization header [Negotiate YIIEAwYGKwYBBQUCoIID9zCCA/OgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCA70EggO5YIIDtQYJKoZIhvcSAQICAQBuggOkMIIDoKADAgEFoQMCAQ6iBwMFACAAAACjggHcYYIB2DCCAdSgAwIBBaEGGwRJTlNBoi8wLaADAgECoSYwJBsESFRUUBscdGVzdGxvZ2luLmluc2Etc3RyYXNib3VyZy5mcqOCAZIwggGOoAMCARKhAwIBAqKCAYAEggF8U9ZJVSL5UqrexWr5xhjIi2tDtgfef+9p37fA2To/xMHJhEMud+T5rWSwZCcw1q8qWuDs36otVP7FnulbH1z3qwGA9+cq3JmB1JbY96/nM8TFdaH9HMiu4ANFDT7vcFuzOD7Vfq1780Uvhgb7ZLKMxxanY5S7mpMrYpX8r7u1k6rHpv/eD/ahfaw24n5BRj8CAxD811fiWiqE1EPbo9FhMWNLMOaXQFlV+llPVGwbaX7Ojx6fGVTRiVz57bqBNg0p/1CyNMuQRgE1xccxVY/mhvbxKng6bnEOmjf83slaMznNE+V26LLGdH5DMTnTtySaDlr6Xg3E05WKlGUORuyAH3ySqX7tkwZeuiPYwM1ZOA4V474p/HG3+ceUhliCPXx/WoDgL3m2T8BnVnjArGJWk4p3FIFIjP5+Q9O9friYNjBL1So9CGo2xA0CPL5gdlnY81nrYbv0VVyM4a0j93dU/yB8SuN6nYJ+dOxKAwBdZ7i/BCZSkYi2ClQcqaikggGpMIIBpaADAgESooIBnASCAZgNMs3z3DY4yyS1yjT1bfkA4n0988+fEgOQQgmzOAuB4ob/mfcvyo/8Hh3ReFJK3V/tPQUl1hX4BPRKDUeavx7rLhpV8XnPC/ag1wLa1zj6qYhFWxQ56PZr3s3e7ol9PVcfsR6syjpPCLCWEcevipVa6hG9Az7R7fmsz6PCWcBWsY+gmPdvt7PxJNsOtN8XasXnFDveMUnnUdcgFkd6uzjagwyKlbrlJI+HqRib2aMd11ADVQCPy1AGjgeCko9hSD6PsZEZUnTFWcBEPNIx0ek0yGsaKWlwpYo3L7unkr4Vix3oX8g9G/yxwDSm3mIlRmXIhta0xj90XwhXL3Fe/j1czfqvIWzLl7arRANPTkQbaqSjOp3uVl8qGNdtHvPGomBwTOAvj3fg3u8EFoJnYI8rFFlz0TTARznsr7qYLhOKeiyXqXK3SI4te5zg91eBprCFvRatnkgXNiNNO9b/ZX+RarZPieZv3qcq9JQh/O6U77MamtMM9Z3YUdW7+3xQwmTVlsMf2qO5owuy7cjxvEet5aeoW89C8uY=], User Agent header [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.50]>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Available request headers are [[host, connection, authorization, upgrade-insecure-requests, user-agent, accept, sec-fetch-site, sec-fetch-mode, sec-fetch-user, sec-fetch-dest, sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-platform, referer, accept-encoding, accept-language]]>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header located as [Negotiate YIIEAwYGKwYBBQUCoIID9zCCA/OgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCA70EggO5YIIDtQYJKoZIhvcSAQICAQBuggOkMIIDoKADAgEFoQMCAQ6iBwMFACAAAACjggHcYYIB2DCCAdSgAwIBBaEGGwRJTlNBoi8wLaADAgECoSYwJBsESFRUUBscdGVzdGxvZ2luLmluc2Etc3RyYXNib3VyZy5mcqOCAZIwggGOoAMCARKhAwIBAqKCAYAEggF8U9ZJVSL5UqrexWr5xhjIi2tDtgfef+9p37fA2To/xMHJhEMud+T5rWSwZCcw1q8qWuDs36otVP7FnulbH1z3qwGA9+cq3JmB1JbY96/nM8TFdaH9HMiu4ANFDT7vcFuzOD7Vfq1780Uvhgb7ZLKMxxanY5S7mpMrYpX8r7u1k6rHpv/eD/ahfaw24n5BRj8CAxD811fiWiqE1EPbo9FhMWNLMOaXQFlV+llPVGwbaX7Ojx6fGVTRiVz57bqBNg0p/1CyNMuQRgE1xccxVY/mhvbxKng6bnEOmjf83slaMznNE+V26LLGdH5DMTnTtySaDlr6Xg3E05WKlGUORuyAH3ySqX7tkwZeuiPYwM1ZOA4V474p/HG3+ceUhliCPXx/WoDgL3m2T8BnVnjArGJWk4p3FIFIjP5+Q9O9friYNjBL1So9CGo2xA0CPL5gdlnY81nrYbv0VVyM4a0j93dU/yB8SuN6nYJ+dOxKAwBdZ7i/BCZSkYi2ClQcqaikggGpMIIBpaADAgESooIBnASCAZgNMs3z3DY4yyS1yjT1bfkA4n0988+fEgOQQgmzOAuB4ob/mfcvyo/8Hh3ReFJK3V/tPQUl1hX4BPRKDUeavx7rLhpV8XnPC/ag1wLa1zj6qYhFWxQ56PZr3s3e7ol9PVcfsR6syjpPCLCWEcevipVa6hG9Az7R7fmsz6PCWcBWsY+gmPdvt7PxJNsOtN8XasXnFDveMUnnUdcgFkd6uzjagwyKlbrlJI+HqRib2aMd11ADVQCPy1AGjgeCko9hSD6PsZEZUnTFWcBEPNIx0ek0yGsaKWlwpYo3L7unkr4Vix3oX8g9G/yxwDSm3mIlRmXIhta0xj90XwhXL3Fe/j1czfqvIWzLl7arRANPTkQbaqSjOp3uVl8qGNdtHvPGomBwTOAvj3fg3u8EFoJnYI8rFFlz0TTARznsr7qYLhOKeiyXqXK3SI4te5zg91eBprCFvRatnkgXNiNNO9b/ZX+RarZPieZv3qcq9JQh/O6U77MamtMM9Z3YUdW7+3xQwmTVlsMf2qO5owuy7cjxvEet5aeoW89C8uY=]>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <SPNEGO Authorization header found with [1376] bytes>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Obtained token: [`�+���0��00. *�H�� *�H��
+�7
+�7
�����`�� *�H��n��0����� ���a��0�Ԡ�NSA�/0-��&0$TTPestlogin.my.domain���0��������|S�IU"�R���j��ȋkC��i߷��:?��ɄC.w���d�d'0֯*Z�<�`vY��Y�a��U\��#�wT� |J�z��~t�J]g��&R���x��bV��w�H��~Cӽ~��60K�*j6��YOTl~Ώ�Tщ\��6
2���68�$��4�m��}=�ϟ�B �8
G���.U�y� �����/ʏ��xRJ�_�=%���J
�����8���E[9��k����}=W���:��ǯ��Z��>����ϣ�Y�V�����o���$���j��;�1I�Q� Gz�8ڃ
����$����٣�PU��P����aH>���Rt�Y�D<�1��4�k)ip��7/������_�=▒▒��4��b%FeȆִ�?tW/q^�=\���!l˗��DOND��:��V_*�m�Ƣ`pL�/�w����g`�+Ys�4�G9쯺�.�z,��r�H�-{���W�������H6#M;���j�O��oާ*��!�����
���Qջ�|P�dՖ�ڣ��
����G�姨[�B��]. Creating credential...>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.50] is authorized to proceed>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [CLIENT_IP] to proceed.>
2022-02-15 17:17:19,735 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Request is not eligible to be issued service tickets just yet>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication credentials provided for this transaction are [[SpnegoCredential(principal=null, isNtlm=false)]]>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Candidate/Registered authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@9f218f4, org.apereo.cas.authentication.LdapAuthenticationHandler@366a193d, org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@6739d29e]]>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers for this transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@5d32f5db]]>
2022-02-15 17:17:19,736 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers produced no candidate authentication handler. Using the default handler resolver instead...>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.AuthenticationHandlerResolver] - <Default authentication handlers used for this transaction are [HttpBasedServiceCPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYredentialsAuthenticationHandler,LdapAuthenticationHandler,JcifsSpnegoAuthenticationHandler]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Resolved and finalized authentication handlers to carry out this authentication transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@5d32f5db]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Candidate resolved authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@9f218f4, org.apereo.cas.authentication.LdapAuthenticationHandler@366a193d, org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler@6739d29e]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting to authenticate credential [SpnegoCredential(principal=null, isNtlm=false)]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [SpnegoCredential(principal=null, isNtlm=false)].>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Credential is not one of username/password and is not accepted by handler [LdapAuthenticationHandler]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication handler [LdapAuthenticationHandler] does not support the credential type [SpnegoCredential(principal=null, isNtlm=false)].>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting authentication of [unknown] using [JcifsSpnegoAuthenticationHandler]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <nextToken is null>
2022-02-15 17:17:19,737 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null, the processing of the SPNEGO Token failed].>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication policy resolvers for this transaction are [[org.apereo.cas.authentication.policy.RegisteredServiceAuthenticationPolicyResolver@4687c184]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.policy.RegisteredServiceAuthenticationPolicyResolver] - <Authentication policies for this transaction are [[org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy@9769ff6]]>
2022-02-15 17:17:19,737 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Resolved authentication policies are [[org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy@9769ff6]]>
2022-02-15 17:17:19,738 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: [SpnegoCredential(principal=null, isNtlm=false)]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Feb 15 17:17:19 CET 2022
CLIENT IP ADDRESS: CLIENT_IP
SERVER IP ADDRESS: CAS_SRV_EXTERNAL_IP
=============================================================
>
2022-02-15 17:17:19,738 DEBUG [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes>
2022-02-15 17:17:19,738 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [authenticationFailure] via [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] for this context>
2022-02-15 17:17:19,738 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Unable to obtain the output token required.>
2022-02-15 17:17:19,738 DEBUG [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes>
2022-02-15 17:17:19,738 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [authenticationFailure] via [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] for this context>
2022-02-15 17:17:19,738 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - <Unable to obtain the output token required.>
Then the login form appears and I can access my WP site flawlessly if I enter my credentials again.
FreeMail powered by mail.fr
Reply all
Reply to author
Forward
0 new messages