CAS 5.1.8 and DUO configuration error

[Mallory, Erik]

Hello,

I’m having an issue with my duo configuration. I have a three node load balanced cas cluster. The nodes are on a private subnet that has no connection to the internet aside from the HTTPS traffic served by the load balancer.

 

Below is the abbreviated error message from the cas.log

 

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casAuthenticationManager' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Unsatisfied dependency expressed through method 'casAuthenticationManager' parameter 2; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEventExecutionPlan' defined in class path resource [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.authentication.AuthenticationEventExecutionPlan]: Factory method 'authenticationEventExecutionPlan' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.duoAuthenticationHandler' defined in class path resource [org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.authentication.AuthenticationHandler]: Factory method 'duoAuthenticationHandler' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException:

 

 No configuration/settings could be found for Duo Security. Review settings and ensure the correct syntax is used

 

 

##

#Multi-factor Authentication

#

 cas.authn.mfa.globalProviderId=mfa-duo

 

 cas.authn.mfa.globalPrincipalAttributeNameTriggers=memberOf,eduPersonPrimaryAffiliation

 cas.authn.mfa.globalPrincipalAttributeValueRegex=staff

 

 #cas.authn.mfa.restEndpoint=

 cas.authn.mfa.requestParameter=authn_method

 cas.authn.mfa.globalFailureMode=CLOSED

 cas.authn.mfa.authenticationContextAttribute=authnContextClass

 cas.authn.mfa.contentType=application/cas

##

#Duo Security

#

 cas.authn.mfa.duo.duoSecretKey=<key redacted>

 cas.authn.mfa.duo.rank=0

 cas.authn.mfa.duo.duoApplicationKey=<key redacted>

 cas.authn.mfa.duo.duoIntegrationKey=<key redacted>

 cas.authn.mfa.duo.duoApiHost=<host redacted>.duosecurity.com

 cas.authn.mfa.duo.trustedDeviceEnabled=true

 

I am unable to connect to the cas.authn.mfa.duo.duoApiHost on the command line so I wonder if that’s the problem I’m having, If anyone can point out my errors I’d greatly appreciate it.

 

Thanks,

Erik Mallory

Server Analyst 

Wichita State University