CAS 7 MFA broken since last build

747 views
Skip to first unread message

Frédéric Dussurget

unread,
Oct 13, 2023, 9:41:10 AM10/13/23
to CAS Community
Hi,
latest build broke MFA (both gauth and web-authn). I have kept besides a cas.war from august 22nd which is working fine with the exact same build.gradle deps and /etc/cas/config/cas/yml config. One difference is that the new cas.war was compiled and run (external tomcat) with openjdk 21 vs the other one  was compiled and run with openjdk17
DB backend is Redis for everything.

Thanks if anyone could help ...
Regards,

Fred

Here are the deps I'm using :

build.gradle :

    // ### MFA ###

    //MFA TOTP
    implementation "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}"
    implementation "org.apereo.cas:cas-server-support-gauth-redis:${project.'cas.version'}"

    // MFA FIDO2 WEBAUTHN
    implementation "org.apereo.cas:cas-server-support-webauthn:${project.'cas.version'}"
    implementation "org.apereo.cas:cas-server-support-webauthn-redis:${project.'cas.version'}"

    //MFA TRUSTED DEVICE
    implementation "org.apereo.cas:cas-server-support-trusted-mfa:${project.'cas.version'}"
    implementation "org.apereo.cas:cas-server-support-trusted-mfa-redis:
${project.'cas.version'}"

Here is the MFA block in my cas.yml :

    mfa:
      core:
        provider-selection-enabled: true
      gauth:
        core:
          issuer: CASIssuer
          label: Blah
          scratch-codes.encryption.key: blah-blah-blah
        name: OATH Authentification
        crypto:
          encryption:
            key: blah-blah-blah
          signing:
            key: blah-blah-blah
        redis:
          host: localhost
          port: 6379
          username: default
          password: blah-blah-blah
          sentinel:
            node[0]: blah-blah-blah:26379
            node[1]: blah-blah-blah:26379
            node[2]: blah-blah-blah:26379
            master: instancecas

      web-authn:
        core:
          relying-party-id: blah-blah-blah.fr
          relying-party-name: blah-blah-blah
          allowed-origins: blah-blah-blah
          trusted-device-enabled: false
          application-id: blah-blah-blah
        crypto:
          encryption:
            key: blah-blah-blah
          signing:
            key: blah-blah-blah
        redis:
          host: localhost
          port: 6379
          username: default
          password: blah-blah-blah
          sentinel:
            node[0]: blah-blah-blah:26379
            node[1]: blah-blah-blah:26379
            node[2]: blah-blah-blah:26379
            master: instancecas

      trusted:
        core:
          auto-assign-device-name: true
          device-registration-enabled: true
          authentication-context-attribute: isFromTrustedMultifactorAuthentication
        redis:
          host: localhost
          port: 6379
          username: default
          password: blah-blah-blah
          sentinel:
            node[0]: blah-blah-blah:26379
            node[1]: blah-blah-blah:26379
            node[2]: blah-blah-blah:26379
            master: instancecas
        crypto:
          enabled: true
          signing:
            key: blah-blah-blah
          encryption:
            key: blah-blah-blah
        device-fingerprint:
          cookie:
            crypto:
              enabled: true
              signing:
                key: blah-blah-blah
              encryption:
                key: blah-blah-blah

And the stacktrace :

2023-10-13 11:19:17,196 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing service in context scope: [https://blah-blah-blah:9447/protected]>
2023-10-13 11:19:17,196 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing registered service [https://blah-blah-blah] with id [48] in context scope>
2023-10-13 11:19:17,197 DEBUG [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] - <Evaluating authentication policy [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], excludedAuthenticationHandlers=[], criteria=null)] for [Service Test Bootiful]>
2023-10-13 11:19:17,197 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [success] via [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver] for this context>
2023-10-13 11:19:27,246 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to [FlowHandlerMapping.DefaultFlowHandler@4fcf6be1]>
2023-10-13 11:19:27,250 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to [FlowHandlerMapping.DefaultFlowHandler@dacb3f2]>
2023-10-13 11:19:27,260 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Request is not eligible to be issued service tickets just yet>
2023-10-13 11:19:27,276 WARN [org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher] - <No person records were fetched from attribute repositories for [{principal=frederic.dussurget, blah blah, username=frederic.dussurget, service=https://blah-blah-blah:9447/protected}]>
2023-10-13 11:19:27,280 WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <Name is null>
java.lang.NullPointerException: Name is null
        at java.lang.Enum.valueOf(Enum.java:291) ~[?:?]
        at org.apereo.services.persondir.util.CaseCanonicalizationMode.valueOf(CaseCanonicalizationMode.java:26) ~[person-directory-impl-3.0.1.jar:?]
        at org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy.returnFinalAttributesCollection(AbstractRegisteredServiceAttributeReleasePolicy.java:250) ~[cas-server-core-authentication-attributes-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy.getAttributes(AbstractRegisteredServiceAttributeReleasePolicy.java:134) ~[cas-server-core-authentication-attributes-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.determineRegisteredServiceForEvent(DefaultCasDelegatingWebflowEventResolver.java:180) ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.resolveInternal(DefaultCasDelegatingWebflowEventResolver.java:82) ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:48) ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:53) ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.lambda$doExecuteInternal$0(AbstractAuthenticationAction.java:63) ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.jooq.lambda.Unchecked.lambda$supplier$38(Unchecked.java:1695) ~[jool-0.9.15.jar:?]
        at org.apereo.cas.util.function.FunctionUtils.doUnchecked(FunctionUtils.java:449) ~[cas-server-core-util-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecuteInternal(AbstractAuthenticationAction.java:41) ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apereo.cas.web.flow.actions.BaseCasWebflowAction.doExecute(BaseCasWebflowAction.java:38) ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.ViewState.resume(ViewState.java:195) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.Flow.resume(Flow.java:537) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:254) ~[spring-webflow-3.0.0.jar:3.0.0]
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1086) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1011) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
        at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590) ~[servlet-api.jar:6.0]
        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
        at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) ~[servlet-api.jar:6.0]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat-websocket.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.web.servlet.resource.ResourceUrlEncodingFilter.doFilter(ResourceUrlEncodingFilter.java:66) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:391) ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:177) ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62) ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.boot.actuate.web.exchanges.servlet.HttpExchangesFilter.doFilterInternal(HttpExchangesFilter.java:89) ~[spring-boot-actuator-3.2.0-M3.jar:3.2.0-M3]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:168) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95) ~[cas-server-core-logging-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:124) ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
        at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:99) ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117) ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:55) ~[cas-server-core-audit-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-jakarta-web-2.20.0.jar:2.20.0]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[catalina.jar:10.1.9]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[catalina.jar:10.1.9]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[catalina.jar:10.1.9]
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:676) ~[catalina.jar:10.1.9]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[catalina.jar:10.1.9]
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:738) ~[catalina.jar:10.1.9]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[catalina.jar:10.1.9]
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-coyote.jar:10.1.9]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-coyote.jar:10.1.9]
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) ~[tomcat-coyote.jar:10.1.9]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-coyote.jar:10.1.9]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-coyote.jar:10.1.9]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util.jar:10.1.9]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util.jar:10.1.9]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:10.1.9]
        at java.lang.Thread.run(Thread.java:1583) [?:?]
2023-10-13 11:19:27,280 DEBUG [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <Authentication request failed with [401], resulting in event [error]>
2023-10-13 11:19:27,280 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [error] via [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] for this context>


Ray Bon

unread,
Oct 16, 2023, 10:22:16 PM10/16/23
to cas-...@apereo.org
Frédéric,

Are there any error messages in the logs?

Ray

On Fri, 2023-10-13 at 06:26 -0700, Frédéric Dussurget wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

2023-10-13 11:19:17,197 DEBUG [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] - <Evaluating authentication policy [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[],excludedAuthenticationHandlers=[],criteria=null)] for [Service Test Bootiful]>
2023-10-13 11:19:17,197 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [success] via [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver] for this context>
2023-10-13 11:19:27,246 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to [FlowHandlerMapping.DefaultFlowHandler@4fcf6be1]>
2023-10-13 11:19:27,250 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to [FlowHandlerMapping.DefaultFlowHandler@dacb3f2]>
2023-10-13 11:19:27,260 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Request is not eligible to be issued service tickets just yet>
2023-10-13 11:19:27,276 WARN [org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher] - <No person records were fetched from attribute repositories for [{principal=frederic.dussurget, blah blah, username=frederic.dussurget,service=https://blah-blah-blah:9447/protected}]>

Frédéric Dussurget

unread,
Oct 17, 2023, 6:43:46 AM10/17/23
to CAS Community, Ray Bon
Hi Ray,
thank you very much for your help. There are no ERROR message except this DEBUG error 401 message at the very end :
2023-10-17 12:28:46,419 DEBUG [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <Authentication request failed with [401], resulting in event [error]>
2023-10-17 12:28:46,419 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [error] via [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] for this context>

For more information, you'll find below  the service I used (but it is exactly the same as the one I used in august 2nd) ...
Best regards,

    {
      "@class": "org.apereo.cas.services.CasRegisteredService",
      "serviceId": "https://(testserver([123])|cas-pp)(.subdomain|).myuniversity.fr:944([678]).*",
      "name": "Service Test Bootiful",
      "id": 48,
      "description": "Service de test Bootiful port 9446/7/8 MFA gauth/webauthn",
      "evaluationOrder": 48,
      "attributeReleasePolicy": {
        "@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
        "canonicalizationMode": null,
        "allowedAttributes": [
          "java.util.ArrayList",
          [
            "displayname mail blah givenname"
          ]
        ]
      },
      "accessStrategy": {
        "@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
        "requireAllAttributes": false,
        "requiredAttributes": {
          "@class": "java.util.LinkedHashMap",
          "memberOf": [
            "java.util.HashSet",
            [
              "OU=blahblah",
              "OU=blahblah",
              "DC=blahblah",
              "DC=myuniversity",
              "CN=casmanagers",
              "DC=fr"
            ]
          ]
        }
      },
Message has been deleted

Frédéric Dussurget

unread,
Oct 18, 2023, 6:41:56 AM10/18/23
to CAS Community, Frédéric Dussurget, Ray Bon
Hi
For further investigations, I flushed the redis db (just kept my 3 services)
For both MFA provider (gauth and web-authn) I'm being asked to register my devices. (It wasn't the cas before flushing the db, after login/pwd authentication I falled back immediatly on the same login form.)
So I guess, the devices I registered on the end of august are stored in a format that is just no more compatible with the newer builds ?

(Note that the mfa slector menu is back from this morning cas-overlay-template build)

But, that still does'nt work, I have the failure popup : "Unable to accept this token. The given token is invalid, does not belong to the device or has expired."

Here are errors in the browsers (tested in FF and Chrome) consoles :

About gauth attempt :

jquery.min.js:2
       
       
       POST https://casblah-myuniversity.fr/cas/mfa-gauth 401 (Unauthorized)
send @ jquery.min.js:2
ajax @ jquery.min.js:2
ce.<computed> @ jquery.min.js:2
(anonymous) @ login?service=https%3A%2F%2Fblah.blah.blah%3A9447%2Fprotected:351

maybe here -> [...]try{r.send(i.hasContent&&i.data||null)}catch(e){if(o)throw [...]


About web-authn attempt :

login:6
       
       
       GET https:// asblah-myuniversity.fr/cas/webjars/text-encoding/0.7.0/lib/encoding-indexes.js net::ERR_ABORTED 403 (Forbidden)
login:14
       
       
       GET https:// asblah-myuniversity.fr /cas/js/webauthn/webauthn.js net::ERR_ABORTED 403 (Forbidden)
login:8
       
       
       GET https:// asblah-myuniversity.fr /cas/webjars/base64-js/1.5.1/base64js.min.js net::ERR_ABORTED 403 (Forbidden)
login:7
       
       
       GET https:// asblah-myuniversity.fr/cas/webjars/whatwg-fetch/3.6.2/dist/fetch.umd.js net::ERR_ABORTED 403 (Forbidden)
login:5
       
       
       GET https:// asblah-myuniversity.fr/cas/webjars/text-encoding/0.7.0/lib/encoding.js net::ERR_ABORTED 403 (Forbidden)


login:389 Uncaught ReferenceError: register is not defined
    at HTMLButtonElement.<anonymous> (login:389:17)



That may has something to deal with spring security but, I did not change anything since august. Here are my ACLs :


  monitor:
    endpoints:
      endpoint:
        defaults:
          access: AUTHENTICATED
        health:
          access: IP_ADDRESS
          requiredIpAddresses: blah blah blah
        registeredServices:
          access: IP_ADDRESS
          requiredIpAddresses: blah blah blah
        importRegisteredServices:
          access: IP_ADDRESS
          requiredIpAddresses: blah blah blah
        multiFactorTrustedDevices:
          access: IP_ADDRESS
          requiredIpAddresses:  blah blah blah

management:
  endpoints:
    web:
      exposure:
        include: '*'
    enabled-by-default: true

Frédéric Dussurget

unread,
Oct 25, 2023, 9:45:17 AM10/25/23
to CAS Community, Frédéric Dussurget, Ray Bon
Hi all,
update : webauthn mfa now works (today's cas-overlay-template build) ... which is great.

But I still have an issue with mfa-gauth when I try to register my device (when submitting the OTP from gauth compliant app) :

jquery.min.js:2
POST https://cas-pp.universite-lyon.fr/cas/mfa-gauth 401 (Unauthorized)

send @ jquery.min.js:2
ajax @ jquery.min.js:2
ce.<computed> @ jquery.min.js:2
(anonymous) @ login:261

Javi Finarfin

unread,
Oct 31, 2023, 7:30:52 AM10/31/23
to CAS Community, Frédéric Dussurget, Ray Bon
For the record, it looks like it needs a service parameter, but I´m yet receiving a 403

Javi Finarfin

unread,
Nov 2, 2023, 1:40:43 PM11/2/23
to CAS Community, Javi Finarfin, Frédéric Dussurget, Ray Bon
> For the record, it looks like it needs a service parameter, but I´m yet receiving a 403

This yet I don't know if it's necessary

Because it was a security problem, while debugging I added the endpoint manually here: org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter.configureHttpSecurity(HttpSecurity) 

With that, there was no 403, but I get a 500 instead: 

> 2023-11-02 15:44:19,366 TRACE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
2023-11-02 15:44:19,366 ERROR [org.apereo.cas.web.support.filters.AbstractSecurityFilter] - <No adapter for handler [[FlowHandlerMapping.DefaultFlowHandler@25be570b]]: The DispatcherServlet configuration needs to include a HandlerAdapter that supports this handler>
jakarta.servlet.ServletException: No adapter for handler [[FlowHandlerMapping.DefaultFlowHandler@25be570b]]: The DispatcherServlet configuration needs to include a HandlerAdapter that supports this handler
at org.springframework.web.servlet.DispatcherServlet.getHandlerAdapter(DispatcherServlet.java:1321) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1069) ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]

Frédéric Dussurget

unread,
Nov 3, 2023, 11:16:10 AM11/3/23
to CAS Community, Javi Finarfin, Frédéric Dussurget, Ray Bon
Hi Javi,
how do you "add" this endpoint ? through your service ? or do you mean in the  cas.monitor.endpoints.endpoint section of your cas properties ?
Thanks a lot ...
Fred

Javi Finarfin

unread,
Nov 3, 2023, 11:16:10 AM11/3/23
to Frédéric Dussurget, CAS Community, Ray Bon
Live debugging... 

Javi Finarfin

unread,
Nov 3, 2023, 11:16:15 AM11/3/23
to Frédéric Dussurget, CAS Community, Ray Bon
I guess you can always overwrite org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter.configureHttpSecurity(HttpSecurity)

Frédéric Dussurget

unread,
Dec 1, 2023, 8:50:11 AM12/1/23
to CAS Community, Javi Finarfin, CAS Community, Ray Bon, Frédéric Dussurget
Hi Javi,

... and I also get the same 500 error as you had.

Have you managed to go a little bit further ?
Regards

Javi Finarfin

unread,
Dec 2, 2023, 3:06:20 AM12/2/23
to Frédéric Dussurget, CAS Community, Ray Bon
Im afraid we hadn't make progress

Javi Finarfin

unread,
Dec 21, 2023, 10:59:03 AM12/21/23
to CAS Community, Javi Finarfin, CAS Community, Ray Bon, Frédéric Dussurget
Did you get a different result with https://github.com/apereo/cas/releases/tag/v7.0.0-RC9 ?

Frédéric Dussurget

unread,
Dec 22, 2023, 10:45:46 AM12/22/23
to CAS Community, Javi Finarfin, CAS Community, Ray Bon, Frédéric Dussurget
Nope, I still have the same 401 on /cas/mfa-gauth ...

same effect with gradle.properties setting 7.0.0-SNAPSHOT or 7.0.0-RC9

Are you still stuck too ?
regards,

Javi Finarfin

unread,
Dec 23, 2023, 2:50:01 AM12/23/23
to Frédéric Dussurget, CAS Community, Ray Bon
I'm afraid so we have moved past this feature for now
Reply all
Reply to author
Forward
0 new messages