mfa-gauth issues
757 views
Skip to first unread message
Al Faller
Jan 9, 2024, 11:26:03 PM1/9/24
to CAS Community
Hi -
Trying to get mfa-gauth working with 7.0. Unfortunately when I'm attempting to "Confirm account registration" (save my new device), I receive a 403 error back from CAS at /cas/mfa-gauth and an error on the screen. I can reproduce this with a clean copy of the overlay. My steps:
- add 'implementation "org.apereo.cas:cas-server-support-gauth"' to the build.gradle
- ./gradlew build
- add cas.authn.mfa.triggers.global.global-provider-id=mfa-gauth to
/etc/cas/config/cas.properties
- java -jar build/libs/cas.war --server.ssl.enabled=false --server.port=8080
From chrome developer tools, looks like the following was returned:
--- !<java.util.LinkedHashMap>
timestamp: "2024-01-09T22:48:27.384+00:00"
status: 403
error: "Forbidden"
message: "Access Denied"
path: "/cas/mfa-gauth"
--- !<java.util.LinkedHashMap>
timestamp: "2024-01-09T22:48:27.384+00:00"
status: 403
error: "Forbidden"
message: "Access Denied"
path: "/cas/mfa-gauth"
added debug logging - nothing useful shows up.
Attached is the screenshot:
Any ideas why this might be breaking? I have tried 7.0 and master with no luck.
Thanks in advance,
Al
Frédéric Dussurget
Jan 10, 2024, 7:57:27 AM1/10/24
to CAS Community, Al Faller
Hi Al,
I've got the same issue, could not fixed it. F12 console in your browser might throw a 401 error ... (for info my db backend is redis)
we have a topic here : https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M
regards,
Al Faller
Jan 10, 2024, 12:30:17 PM1/10/24
to CAS Community, Frédéric Dussurget, Al Faller
HI All -
Turned on debugging for spring and it looks like spring is sending the error:
2024-01-10 15:49:02,787 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2024-01-10 15:49:10,713 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-01-10 15:49:10,715 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-01-10 15:49:10,716 TRACE [org.springframework.security.web.FilterChainProxy] - <Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, org.springframework.web.filter.CorsFilter@3baaf6b3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] (1/1)>
2024-01-10 15:49:10,716 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing POST /mfa-gauth>
2024-01-10 15:49:10,716 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking DisableEncodeUrlFilter (1/10)>
2024-01-10 15:49:10,717 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ChannelProcessingFilter (2/10)>
2024-01-10 15:49:10,717 TRACE [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] - <Did not match request to org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 - [REQUIRES_SECURE_CHANNEL] (1/1)>
2024-01-10 15:49:10,718 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking WebAsyncManagerIntegrationFilter (3/10)>
2024-01-10 15:49:10,718 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderFilter (4/10)>
2024-01-10 15:49:10,718 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter (5/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking RequestCacheAwareFilter (6/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderAwareRequestFilter (7/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AnonymousAuthenticationFilter (8/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ExceptionTranslationFilter (9/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AuthorizationFilter (10/10)>
2024-01-10 15:49:10,720 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.connector.RequestFacade@4d5329b9]]>
2024-01-10 15:49:10,739 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Denying request since did not find matching RequestMatcher>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No HttpSession currently exists>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
2024-01-10 15:49:13,460 TRACE [org.springframework.security.web.access.ExceptionTranslationFilter] - <Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied>
org.springframework.security.access.AccessDeniedException: Access Denied
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)
2024-01-10 15:49:13,462 TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <Did not save request since it did not match [And [Not [Ant [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, matchingMediaTypes=[multipart/form-data], useEquals=false, ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, matchingMediaTypes=[text/event-stream], useEquals=false, ignoredMediaTypes=[*/*]]]]]>
2024-01-10 15:49:13,462 DEBUG [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] - <Pre-authenticated entry point called. Rejecting access>
2024-01-10 15:49:13,485 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, org.springframework.web.filter.CorsFilter@3baaf6b3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] (1/1)>
2024-01-10 15:49:13,503 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing POST /error>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking DisableEncodeUrlFilter (1/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ChannelProcessingFilter (2/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] - <Did not match request to org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 - [REQUIRES_SECURE_CHANNEL] (1/1)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking WebAsyncManagerIntegrationFilter (3/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderFilter (4/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter (5/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking RequestCacheAwareFilter (6/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderAwareRequestFilter (7/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AnonymousAuthenticationFilter (8/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ExceptionTranslationFilter (9/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AuthorizationFilter (10/10)>
2024-01-10 15:49:13,504 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16ba441]]>
2024-01-10 15:49:13,504 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16ba441]] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b>
2024-01-10 15:49:13,504 DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured POST /error>
2024-01-10 15:49:13,504 TRACE [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed cookie value [en-US] into locale 'en_US'>
2024-01-10 15:49:13,504 TRACE [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for POST "/cas/error", parameters={masked}, headers={masked} in DispatcherServlet 'dispatcherServlet'>
2024-01-10 15:49:13,505 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
2024-01-10 15:49:13,505 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
2024-01-10 15:49:13,513 TRACE [org.springframework.web.method.HandlerMethod] - <Arguments: [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379]>
2024-01-10 15:49:13,531 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported [application/vnd.cas.services+yaml, application/json, application/*+json, application/xml;charset=UTF-8, text/xml;charset=UTF-8, application/*+xml;charset=UTF-8]>
2024-01-10 15:49:13,531 TRACE [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403, error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]>
2024-01-10 15:49:13,574 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter] - <Applying default cacheSeconds=-1>
2024-01-10 15:49:13,574 TRACE [org.springframework.web.servlet.DispatcherServlet] - <No view rendering, null ModelAndView returned.>
2024-01-10 15:49:13,576 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR" dispatch, status 403, headers={masked}>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No HttpSession currently exists>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
2024-01-10 15:49:10,713 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-01-10 15:49:10,715 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-01-10 15:49:10,716 TRACE [org.springframework.security.web.FilterChainProxy] - <Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, org.springframework.web.filter.CorsFilter@3baaf6b3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] (1/1)>
2024-01-10 15:49:10,716 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing POST /mfa-gauth>
2024-01-10 15:49:10,716 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking DisableEncodeUrlFilter (1/10)>
2024-01-10 15:49:10,717 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ChannelProcessingFilter (2/10)>
2024-01-10 15:49:10,717 TRACE [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] - <Did not match request to org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 - [REQUIRES_SECURE_CHANNEL] (1/1)>
2024-01-10 15:49:10,718 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking WebAsyncManagerIntegrationFilter (3/10)>
2024-01-10 15:49:10,718 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderFilter (4/10)>
2024-01-10 15:49:10,718 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter (5/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking RequestCacheAwareFilter (6/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderAwareRequestFilter (7/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AnonymousAuthenticationFilter (8/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ExceptionTranslationFilter (9/10)>
2024-01-10 15:49:10,719 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AuthorizationFilter (10/10)>
2024-01-10 15:49:10,720 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.connector.RequestFacade@4d5329b9]]>
2024-01-10 15:49:10,739 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Denying request since did not find matching RequestMatcher>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No HttpSession currently exists>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,459 TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
2024-01-10 15:49:13,460 TRACE [org.springframework.security.web.access.ExceptionTranslationFilter] - <Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied>
org.springframework.security.access.AccessDeniedException: Access Denied
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)
2024-01-10 15:49:13,462 TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <Did not save request since it did not match [And [Not [Ant [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, matchingMediaTypes=[multipart/form-data], useEquals=false, ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, matchingMediaTypes=[text/event-stream], useEquals=false, ignoredMediaTypes=[*/*]]]]]>
2024-01-10 15:49:13,462 DEBUG [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] - <Pre-authenticated entry point called. Rejecting access>
2024-01-10 15:49:13,485 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, org.springframework.web.filter.CorsFilter@3baaf6b3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] (1/1)>
2024-01-10 15:49:13,503 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing POST /error>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking DisableEncodeUrlFilter (1/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ChannelProcessingFilter (2/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] - <Did not match request to org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 - [REQUIRES_SECURE_CHANNEL] (1/1)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking WebAsyncManagerIntegrationFilter (3/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderFilter (4/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter (5/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking RequestCacheAwareFilter (6/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking SecurityContextHolderAwareRequestFilter (7/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AnonymousAuthenticationFilter (8/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking ExceptionTranslationFilter (9/10)>
2024-01-10 15:49:13,503 TRACE [org.springframework.security.web.FilterChainProxy] - <Invoking AuthorizationFilter (10/10)>
2024-01-10 15:49:13,504 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16ba441]]>
2024-01-10 15:49:13,504 TRACE [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] - <Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@16ba441]] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b>
2024-01-10 15:49:13,504 DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured POST /error>
2024-01-10 15:49:13,504 TRACE [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed cookie value [en-US] into locale 'en_US'>
2024-01-10 15:49:13,504 TRACE [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for POST "/cas/error", parameters={masked}, headers={masked} in DispatcherServlet 'dispatcherServlet'>
2024-01-10 15:49:13,505 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
2024-01-10 15:49:13,505 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
2024-01-10 15:49:13,513 TRACE [org.springframework.web.method.HandlerMethod] - <Arguments: [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379]>
2024-01-10 15:49:13,531 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported [application/vnd.cas.services+yaml, application/json, application/*+json, application/xml;charset=UTF-8, text/xml;charset=UTF-8, application/*+xml;charset=UTF-8]>
2024-01-10 15:49:13,531 TRACE [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403, error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]>
2024-01-10 15:49:13,574 TRACE [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter] - <Applying default cacheSeconds=-1>
2024-01-10 15:49:13,574 TRACE [org.springframework.web.servlet.DispatcherServlet] - <No view rendering, null ModelAndView returned.>
2024-01-10 15:49:13,576 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR" dispatch, status 403, headers={masked}>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No HttpSession currently exists>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.context.SupplierDeferredSecurityContext] - <Created SecurityContextImpl [Null authentication]>
2024-01-10 15:49:13,576 TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
Al Faller
Jan 10, 2024, 1:52:52 PM1/10/24
to CAS Community, Frédéric Dussurget
Did some http level comparison between 6.6 and 7.0 -
6.6 sends the POST to /cas/login, whereas
7.0 sends the POST to /cas/mfa-gauth
So, editing the form action in the html for the device registration, I set the action=/cas/login on my 7.0 test and it worked!
Looks like the form was changed in commit 15580dc in October, for "allow account profile to allow users to register devices with gauth". I don't pretend to understand how the flow was changed, but maybe this will help someone with straightening this out. Unfortunately my hack works fine with a vanilla version of CAS running, but does not work once I turn on all of the features I need (I get different errors though, which is likely related to the flow changes).
artur mis
Jun 27, 2024, 7:11:29 AM6/27/24
to CAS Community, Al Faller, Frédéric Dussurget
Could anybody confirm that this issue still appear itself in v7.1. Ii seems i have the same . My logs :
2024-06-27 12:09:08,262 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,262 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,263 DEBUG [org.springframework.boot.actuate.audit.listener.AuditListener] - <AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null]}]>
2024-06-27 12:09:08,266 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for POST "/cas/error", parameters={masked}>
2024-06-27 12:09:08,266 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
2024-06-27 12:09:08,267 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported [application/vnd.cas.services+yaml, application/json, application/*+json, application/xml;charset=UTF-8, text/xml;charset=UTF-8, application/*+xml;charset=UTF-8]>
2024-06-27 12:09:08,268 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403, error=Forbidden, message=Access Denied, path=/ (truncated)...]>
2024-06-27 12:09:08,269 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR" dispatch, status 403>
2024-06-27 12:09:16,765 DEBUG [org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] - <Starting to clean previously used authenticator tokens from [BaseOneTimeTokenRepository()] at [2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]>
[env : simple as posible casuser:Mellon with mf-gauth run by ./gradlew run debug,time synced with ntpd server]
2024-06-27 12:09:08,262 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,262 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,263 DEBUG [org.springframework.boot.actuate.audit.listener.AuditListener] - <AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null]}]>
2024-06-27 12:09:08,266 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for POST "/cas/error", parameters={masked}>
2024-06-27 12:09:08,266 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
2024-06-27 12:09:08,267 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported [application/vnd.cas.services+yaml, application/json, application/*+json, application/xml;charset=UTF-8, text/xml;charset=UTF-8, application/*+xml;charset=UTF-8]>
2024-06-27 12:09:08,268 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403, error=Forbidden, message=Access Denied, path=/ (truncated)...]>
2024-06-27 12:09:08,269 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR" dispatch, status 403>
2024-06-27 12:09:16,765 DEBUG [org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] - <Starting to clean previously used authenticator tokens from [BaseOneTimeTokenRepository()] at [2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]>
artur mis
Jun 27, 2024, 9:29:56 AM6/27/24
to CAS Community, artur mis, Al Faller, Frédéric Dussurget
I have changed casGoogleAuthenticatorRegistrationView.html
/gradlew getResource -PresourceName=casGoogleAuthenticatorRegistrationView.html
Edit
changes to:
<form method="post" id="fm1" class="fm-v clearfix" th:action="@{/login}">
./gradlew clean build
./gradlew run
logs:
2024-06-27 15:04:38,064 DEBUG [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] - <Getting FlowDefinition with id 'login'>
2024-06-27 15:04:38,064 DEBUG [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] - <Getting FlowDefinition with id 'mfa-gauth'>
2024-06-27 15:04:38,064 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Resuming in org.springframework.webflow.mvc.servlet.MvcExternalContext@43d3c39c>
2024-06-27 15:04:38,064 DEBUG [org.springframework.webflow.engine.Flow] - <Restoring [FlowVariable@72d57e64 name = 'credential', valueFactory = [BeanFactoryVariableValueFactory@54271a0 type = GoogleAuthenticatorTokenCredential]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Processing user event 'submit'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <No model to bind to; done processing user event>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ViewState] - <Event 'submit' returned from view [CasMvcViewFactoryCreator.CasServletMvcView@19fcc87f view = org.thymeleaf.spring6.view.ThymeleafView@20a0257c]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@78d19fd5 on = submit, to = saveRegistration]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'viewRegistration'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'saveRegistration' of flow 'mfa-gauth'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2858a08b expression = googleSaveAccountRegistrationAction, resultExpression = [null]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d>
2024-06-27 15:04:38,065 DEBUG [org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator] - <Authorizing token [442461] against account [OneTimeTokenAccount(id=1719493478065, validationCode=583590, username=casuser, name=serene_faraday, registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, source=null)]>
2024-06-27 15:04:38,065 WARN [org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction] - <Unable to authorize given token [442461] for account [OneTimeTokenAccount(id=1719493478065, validationCode=583590, username=casuser, name=serene_faraday, registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, source=null)]>
2024-06-27 15:04:38,065 ERROR [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] - <Unable to validate account [OneTimeTokenAccount(id=1719493478065, validationCode=583590, username=casuser, name=serene_faraday, registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, source=null)]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d; result = error>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2858a08b expression = googleSaveAccountRegistrationAction, resultExpression = [null]]; result = error>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@21706f35 on = *, to = accountRegistrationCheck]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'saveRegistration'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'accountRegistrationCheck' of flow 'mfa-gauth'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@27d141a0 expression = googleAccountCheckRegistrationAction, resultExpression = [null]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a; result = register>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@27d141a0 expression = googleAccountCheckRegistrationAction, resultExpression = [null]]; result = register>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@27ba422f on = register, to = viewRegistration]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'accountRegistrationCheck'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ViewState] - <Entering state 'viewRegistration' of flow 'mfa-gauth'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [SetAction@28627feb name = viewScope.principal, value = conversationScope.authentication.principal]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [SetAction@28627feb name = viewScope.principal, value = conversationScope.authentication.principal]; result = success>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@127cb29e expression = googleAccountCreateRegistrationAction, resultExpression = [null]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction@3208f7f>
2024-06-27 15:04:38,071 DEBUG [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] - <Registration key URI is [otpauth://totp/CASLabel:casuser?secret=****************]>
2024-06-27 15:04:38,064 DEBUG [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] - <Getting FlowDefinition with id 'mfa-gauth'>
2024-06-27 15:04:38,064 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Resuming in org.springframework.webflow.mvc.servlet.MvcExternalContext@43d3c39c>
2024-06-27 15:04:38,064 DEBUG [org.springframework.webflow.engine.Flow] - <Restoring [FlowVariable@72d57e64 name = 'credential', valueFactory = [BeanFactoryVariableValueFactory@54271a0 type = GoogleAuthenticatorTokenCredential]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Processing user event 'submit'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <No model to bind to; done processing user event>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ViewState] - <Event 'submit' returned from view [CasMvcViewFactoryCreator.CasServletMvcView@19fcc87f view = org.thymeleaf.spring6.view.ThymeleafView@20a0257c]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@78d19fd5 on = submit, to = saveRegistration]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'viewRegistration'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'saveRegistration' of flow 'mfa-gauth'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2858a08b expression = googleSaveAccountRegistrationAction, resultExpression = [null]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d>
2024-06-27 15:04:38,065 DEBUG [org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator] - <Authorizing token [442461] against account [OneTimeTokenAccount(id=1719493478065, validationCode=583590, username=casuser, name=serene_faraday, registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, source=null)]>
2024-06-27 15:04:38,065 WARN [org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction] - <Unable to authorize given token [442461] for account [OneTimeTokenAccount(id=1719493478065, validationCode=583590, username=casuser, name=serene_faraday, registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, source=null)]>
2024-06-27 15:04:38,065 ERROR [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] - <Unable to validate account [OneTimeTokenAccount(id=1719493478065, validationCode=583590, username=casuser, name=serene_faraday, registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, source=null)]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d; result = error>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2858a08b expression = googleSaveAccountRegistrationAction, resultExpression = [null]]; result = error>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@21706f35 on = *, to = accountRegistrationCheck]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'saveRegistration'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'accountRegistrationCheck' of flow 'mfa-gauth'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@27d141a0 expression = googleAccountCheckRegistrationAction, resultExpression = [null]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a; result = register>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@27d141a0 expression = googleAccountCheckRegistrationAction, resultExpression = [null]]; result = register>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@27ba422f on = register, to = viewRegistration]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'accountRegistrationCheck'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.engine.ViewState] - <Entering state 'viewRegistration' of flow 'mfa-gauth'>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [SetAction@28627feb name = viewScope.principal, value = conversationScope.authentication.principal]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [SetAction@28627feb name = viewScope.principal, value = conversationScope.authentication.principal]; result = success>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@127cb29e expression = googleAccountCreateRegistrationAction, resultExpression = [null]]>
2024-06-27 15:04:38,065 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction@3208f7f>
2024-06-27 15:04:38,071 DEBUG [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] - <Registration key URI is [otpauth://totp/CASLabel:casuser?secret=****************]>
I was thinking that i have wrong sync time becouse :
2024-06-27 15:04:38,065 ERROR
[org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] -
<Unable to validate account [OneTimeTokenAccount(id=1719493478065,
validationCode=583590, username=casuser, name=serene_faraday,
registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null,
source=null)]>
LOGS are in CEST but some internal logs are UTC but they look like the same after calculation.
Finally: I havent recive logs like before with 403 but :
024-06-27 15:25:53,702 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Completed 401 UNAUTHORIZED>
024-06-27 15:25:53,702 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Completed 401 UNAUTHORIZED>
So i'm still in black ass.
Frédéric Dussurget
Jul 2, 2024, 6:03:20 AM7/2/24
to CAS Community, artur mis, Al Faller, Frédéric Dussurget
Hi Artur,
I gave it a try this morning, this is exactly what I've done :
- I flushed the db before
- cloned a brand new cas-overlay-template version=7.1.0-SNAPSHOT and springBootVersion=3.3.1 (this morning master branch)
- First I gave it a try and I can confirm to you that I could not registered my device with this version.
- Then I edited https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html :
nano src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html
changed line 20 from
<form method="post" id="fm1" class="fm-v clearfix" th:action="@{${'/' + activeFlowId} }"> to
<form method="post" id="fm1" class="fm-v clearfix" th:action="@{/login}">
- build and deployed again the .war into tomcat
(gradlew then mv as you did)
- flushed my former cas entry in my device (google authenticator on my mobile phone)
Then I was able to register my mobile phone again and was able to log in.
After that, and because like gaming, I deleted the
src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html and regradlewed again all that stuff nut I did not flushed the db so my device is still registered : I'm able to log in but cannot register any other devices ...
I would not submit a PR, because it looks more like a new mfa global strategy change than a typo ...
Bruno Elie
Nov 29, 2024, 8:58:51 AM11/29/24
to CAS Community, Frédéric Dussurget, artur mis, Al Faller
Hi all,
It seems that this problem of flow is not resolved yet.
I'm actually testing mfa with gauth on CAS v7.1 (also tested on v7.2) and i still have to make this change in the forms action on file src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html..
With this change i can successfully register my device but that's all, just after this step i encouter an error 500 also linked to the flow:
Error: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@342fddc in state 'accountRegistrationCheck' of flow 'mfa-gauth' -- action execution attributes were 'map[[empty]]'
Any news here ?
Any news here ?
Regards,
Bruno
Frédéric Dussurget
Dec 3, 2024, 9:02:36 AM12/3/24
to CAS Community, Bruno Elie, Frédéric Dussurget, artur mis, Al Faller
Hi Bruno,
on my side, I'm able to register new gauth devices on a clean fresh 7.1.2 clone
(without overriding
casGoogleAuthenticatorRegistrationView.html) : I can register gauth device both "on the fly" and through the /cas/login page.
Notice I have turned on CasFeatureModule.AccountManagement.enabled to be ablme to register thru the /cas/login page.
I cannot try with 7.2.x because I still have an issue with reddis and 'void io.lettuce.core.StatefulRedisConnectionImpl.<init>(io.lettuce.core.RedisChannelWriter, io.lettuce.core.protocol.PushHandler, io.lettuce.core.codec.RedisCodec, java.time.Duration)'
Regards
Pierre Driutti
Dec 3, 2024, 10:47:11 AM12/3/24
to CAS Community, Frédéric Dussurget, Bruno Elie, artur mis, Al Faller
Hello Frederic,
I am new to CAS, and am also having this issue.
I'd be curious though. How could one register a gauth device « on the fly » ?
Thanks in advance
regards,
Pierre
Frédéric Dussurget
Dec 5, 2024, 9:19:01 AM12/5/24
to CAS Community, Pierre Driutti, Frédéric Dussurget, Bruno Elie, artur mis, Al Faller
Hi Pierre,
oh I mean by accessing directly to a service protected by mfa-gauth, just after the login/pwd form : You have the ability to register a new device here.
The other way is to register your device thru the /cas/login page (in case you added this functionnality ...)
it does not work for every MFA technology : for instance MFA webauthn registering thru the /cas/login page is not working yet (well since my last try ...)
Pierre Driutti
Dec 6, 2024, 7:41:55 AM12/6/24
to CAS Community, Frédéric Dussurget, Pierre Driutti, Bruno Elie, artur mis, Al Faller
Thanks for the clarification, Frédéric.
Regards,
Pierre
Mohsen Saeedi
Jan 14, 2025, 12:16:10 PMJan 14
to cas-...@apereo.org
I have this problem with cas 6.6.14. It doesn't accept token generated to verify registered device and return error message:
Unable to accept this token. The given token is invalid, does not belong to the device or has expired
Any idea?
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e8c8240-315a-4e5d-83b7-4ae9a3b0d397n%40apereo.org.
--
Seyyed Mohsen Saeedi
سید محسن سعیدی
Reply all
Reply to author
Forward
0 new messages