CAS 6.0.5: Hazelcast ticket registry and mfa-simple
200 views
Skip to first unread message
Alfonso Vera
Oct 11, 2019, 3:40:36 AM10/11/19
to CAS Community
Hi all
watching the log
The ticket for mfa-simple is generated correctly and sent via SMS to the user
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Adding ticket [CAS-811937] with ttl [30s]>
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket [TransientSessionTicketImpl(super=CAS-811937, service=null, properties={})]>
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [CAS-811937] to [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4]>
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded ticket [EncodedTicket(id=285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4)]>
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map name [transientSessionTicketsCache] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.TransientSessionTicketImpl, prefix=TST, properties=DefaultTicketDefinitionProperties(cascade=false, storageName=transientSessionTicketsCache, storageTimeout=300, storagePassword=null), order=2147483647)]>
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located Hazelcast map instance [transientSessionTicketsCache]>
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Added ticket [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4] with ttl [30s]>
[org.apereo.cas.mfa.simple.web.flow.CasSimpleSendTokenAction] - <Successfully submitted token via SMS to [zzzzzzzzzzz]>
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket [TransientSessionTicketImpl(super=CAS-811937, service=null, properties={})]>
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [CAS-811937] to [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4]>
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded ticket [EncodedTicket(id=285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4)]>
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map name [transientSessionTicketsCache] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.TransientSessionTicketImpl, prefix=TST, properties=DefaultTicketDefinitionProperties(cascade=false, storageName=transientSessionTicketsCache, storageTimeout=300, storagePassword=null), order=2147483647)]>
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located Hazelcast map instance [transientSessionTicketsCache]>
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Added ticket [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4] with ttl [30s]>
[org.apereo.cas.mfa.simple.web.flow.CasSimpleSendTokenAction] - <Successfully submitted token via SMS to [zzzzzzzzzzz]>
later the user ....
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Attempting authentication of [CAS-811937] using [mfa-simple]>
[org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] - <Received token [CAS-811937]>
[org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] - <Received principal id [zzzzzzzzzzz]. Attempting to locate token in registry...>
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original to [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4]>
[org.apereo.cas.ticket.DefaultTicketCatalog] - <Ticket definition for [CAS-811937] cannot be found in the ticket catalog which only contains the following ticket types: [[TGT, ST, RT, AT, PT, TST, OC, SART, PGT, SATQ, ODT]]>
[org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <No ticket definition could be found in the catalog to match [CAS-811937]>
[org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] - <Authorization of token [CAS-811937] has failed. Token is not found in registry>
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [CasSimpleMultifactorTokenCredential()] of type [CasSimpleMultifactorTokenCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[mfa-simple] exception details: [Failed to authenticate code CAS-811937].
This is my configuration:
cas.smsProvider.rest.method=POST
cas.smsProvider.rest.url=https://xxxxxx/sms.php
cas.authn.mfa.simple.sms.from=XXXXXX
cas.authn.mfa.simple.sms.attributeName=TelephoneNumber
cas.authn.mfa.simple.name=mfa-simple
cas.authn.mfa.simple.order=1
cas.authn.mfa.simple.timeToKillInSeconds=30
cas.authn.mfa.globalPrincipalAttributeNameTriggers=memberof
cas.authn.mfa.globalPrincipalAttributeValueRegex=xxxxxIts like that encoding the ticket works fine but later the ticket isn't TST
Any suggestion will be welcome
Nono
Dec 13, 2019, 4:36:57 AM12/13/19
to CAS Community
Hello Alfonso,
Have you found a solution ? I have the same problem, i am running cas 6.1.2 with hazelcast and after debuging the simple mfa flow i found that the OTP is created in a cache named TST and read in a cache named CASMFA. If you activate the health actuator, you can see the two different cache and only the tst cache is populated with the token.
Nono
Dec 13, 2019, 5:41:28 AM12/13/19
to CAS Community
Hello,
i've have found a quick solution, not sure if it is the right way to fix the problem but it will work for our POC =>
duplicate the class CasSimpleMultifactorAuthenticationTicketFactory for the apereo git repository, put it in the package org.apereo.cas.mfa.simple in your war overlay.
and change the constant PREFIX (l23) to TST :
public static final String PREFIX = "TST";
Alfonso " Bersuit" Vera
Dec 13, 2019, 12:08:09 PM12/13/19
to cas-...@apereo.org
Sorry for the delay
We have patched exactly the same
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1afb2022-eb3e-40b1-ae15-c4ce957a3935%40apereo.org.
--
Reply all
Reply to author
Forward
0 new messages