7.2.6 : No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset'

102 views

Skip to first unread message

Raph

unread,

Oct 16, 2025, 8:30:01 PMOct 16

to CAS Community

Migrating from 6.6.7 to 7.2.6.

When the mfa isnt bypassed in my service, a password reset returns the following message. The mfa works on login, so it's not an unavailable service.

Error: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.engine.NoMatchingTransitionException: No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset' -- valid transitional criteria are array<TransitionCriteria>[resumePasswordReset, success] -- likely programmer error, check the set of TransitionCriteria for this state

In another environnement still in 6.6, I noticr that there's no mfa when resetting a password, but there's one on login. I dont expect there to be one either (?).

Anyone else on 7.2.6+ using simple-mfa without trouble?

Note:
Sorry for the spam, I just noticed that I had not created the conversation the right way.

A fresh build with and without the same implements/templates encounters the same error on my side.

Raph

unread,

Oct 16, 2025, 8:30:09 PMOct 16

to CAS Community, Raph

Context:

Our project is a simple overlay which has templates, css and 3 classes:
- CasOverlayOverrideConfiguration (there by default)
- PasswordChangeAction : hardcoded message changed to french.
- MultifactorAuthenticationSetTrustAction : force the trust to expire after 30 days.
What I tried (that somewhat makes sense... believe me, i tried useless stuff...):

- Defining a groovy script as a mfa policy in my service, the script checks the URL to see if it contains pswdrst. and "bypasses" the mfa in the log, but we still get the error.

- A bunch of parameters...

- Using 7.3.0 instead

My 7.3 build is vanilla, except for these implementations added in the build.gradle:

    implementation "org.apereo.cas:cas-server-webapp"
    implementation "org.apereo.cas:cas-server-support-ldap"
    implementation "org.apereo.cas:cas-server-core-configuration"
    implementation "org.apereo.cas:cas-server-support-json-service-registry"
    implementation "org.apereo.cas:cas-server-support-pm-ldap"
    implementation "org.apereo.cas:cas-server-support-throttle"
    implementation "org.apereo.cas:cas-server-support-simple-mfa"
    implementation "org.apereo.cas:cas-server-support-trusted-mfa"
    implementation "org.apereo.cas:cas-server-support-captcha"
    implementation "org.apereo.cas:cas-server-core-webflow-api"
    implementation "org.apereo.cas:cas-server-core-web-api"
    implementation "org.apereo.cas:cas-server-core-util"
    implementation "org.apereo.cas:cas-server-core-scripting"
    implementation "org.apereo.cas:cas-server-support-pm-core"
    implementation "org.apereo.cas:cas-server-support-pm-webflow"
    implementation "org.apereo.cas:cas-server-support-rest"
    implementation "org.apereo.cas:cas-server-support-swagger"
    implementation "org.apereo.cas:cas-server-support-oauth:${project.'cas.version'}"
    implementation "org.apereo.cas:cas-server-core-authentication-api"
    implementation "org.apereo.cas:cas-server-support-trusted-mfa-core"
    implementation "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"

    if (project.hasProperty("casModules")) {
        def dependencies = project.getProperty("casModules").split(",")
        dependencies.each {
            def projectsToAdd = rootProject.subprojects.findAll {project ->
                project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
            }
            projectsToAdd.each {implementation it}
        }
    }

Is something more required in versions after 6.6.7 to use simple-mfa ?

Stacktrace when the event occurs:

2025-10-16 16:34:07,010 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.engine.NoMatchingTransitionException: No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset' -- valid transitional criteria are array<TransitionCriteria>[resumePasswordReset, success] -- likely programmer error, check the set of TransitionCriteria for this state]>
java.lang.RuntimeException: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.engine.NoMatchingTransitionException: No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset' -- valid transitional criteria are array<TransitionCriteria>[resumePasswordReset, success] -- likely programmer error, check the set of TransitionCriteria for this state
at org.apereo.cas.web.support.filters.AbstractSecurityFilter.throwException(AbstractSecurityFilter.java:42) ~[cas-server-core-web-api-7.2.6.jar:7.2.6]
at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:198) ~[cas-server-core-web-api-7.2.6.jar:7.2.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62) ~[cas-server-core-web-api-7.2.6.jar:7.2.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.servlet.resource.ResourceUrlEncodingFilter.doFilter(ResourceUrlEncodingFilter.java:66) ~[spring-webmvc-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:365) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:101) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:243) ~[spring-webmvc-6.2.5.jar:6.2.5]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:238) ~[spring-security-config-6.4.5.jar:6.4.5]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:362) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:278) ~[spring-web-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:111) ~[cas-server-core-logging-7.2.6.jar:7.2.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:114) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.4.5.jar:6.4.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:36) ~[cas-server-core-audit-api-7.2.6.jar:7.2.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.cas.config.CasEmbeddedContainerTomcatFiltersConfiguration$1.doFilter(CasEmbeddedContainerTomcatFiltersConfiguration.java:101) ~[cas-server-webapp-init-tomcat-7.2.6.jar:7.2.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:124) ~[spring-boot-3.4.4.jar:3.4.4]
at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:99) ~[spring-boot-3.4.4.jar:3.4.4]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117) ~[spring-boot-3.4.4.jar:3.4.4]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.2.5.jar:6.2.5]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:70) ~[log4j-jakarta-web-2.24.3.jar:2.24.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[catalina.jar:10.1.46]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:116) ~[catalina.jar:10.1.46]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[catalina.jar:10.1.46]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:666) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[catalina.jar:10.1.46]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) ~[catalina.jar:10.1.46]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:398) ~[tomcat-coyote.jar:10.1.46]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-coyote.jar:10.1.46]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:903) ~[tomcat-coyote.jar:10.1.46]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1776) ~[tomcat-coyote.jar:10.1.46]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-coyote.jar:10.1.46]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:975) ~[tomcat-util.jar:10.1.46]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:493) ~[tomcat-util.jar:10.1.46]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) ~[tomcat-util.jar:10.1.46]
at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]
Caused by: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.engine.NoMatchingTransitionException: No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset' -- valid transitional criteria are array<TransitionCriteria>[resumePasswordReset, success] -- likely programmer error, check the set of TransitionCriteria for this state
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1022) ~[spring-webmvc-6.2.5.jar:6.2.5]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903) ~[spring-webmvc-6.2.5.jar:6.2.5]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564) ~[servlet-api.jar:6.0]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885) ~[spring-webmvc-6.2.5.jar:6.2.5]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) ~[servlet-api.jar:6.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat-websocket.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) ~[spring-web-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:393) ~[cas-server-core-web-api-7.2.6.jar:7.2.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:196) ~[cas-server-core-web-api-7.2.6.jar:7.2.6]
... 102 more
Caused by: org.springframework.webflow.engine.NoMatchingTransitionException: No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset' -- valid transitional criteria are array<TransitionCriteria>[resumePasswordReset, success] -- likely programmer error, check the set of TransitionCriteria for this state
at org.springframework.webflow.engine.TransitionableState.getRequiredTransition(TransitionableState.java:93) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.SubflowState.handleEvent(SubflowState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFlowSession(FlowExecutionImpl.java:414) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.endActiveFlowSession(RequestControlContextImpl.java:238) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.EndState.doEnter(EndState.java:107) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.start(RequestControlContextImpl.java:234) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.SubflowState.doEnter(SubflowState.java:101) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.start(RequestControlContextImpl.java:234) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.SubflowState.doEnter(SubflowState.java:101) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.apereo.cas.web.flow.executor.WebflowExecutorFactory$CasFlowExecutorImpl.launchExecution(WebflowExecutorFactory.java:96) ~[cas-server-core-webflow-api-7.2.6.jar:7.2.6]
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:359) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:102) ~[spring-aop-6.2.5.jar:6.2.5]
at org.apereo.cas.monitor.ExecutableObserver.executeJoinPoint(ExecutableObserver.java:82) ~[cas-server-core-api-monitor-7.2.6.jar:7.2.6]
at org.apereo.cas.monitor.ExecutableObserver.observe(ExecutableObserver.java:63) ~[cas-server-core-api-monitor-7.2.6.jar:7.2.6]
at org.apereo.cas.config.CasWebflowMonitoringConfiguration$CasWebflowMonitoringAspect.aroundWebflowOperations(CasWebflowMonitoringConfiguration.java:59) ~[cas-server-core-webflow-7.2.6.jar:7.2.6]
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:642) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:632) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:223) ~[spring-aop-6.2.5.jar:6.2.5]
at jdk.proxy3/jdk.proxy3.$Proxy162.launchExecution(Unknown Source) ~[?:?]
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) ~[spring-webflow-3.0.1.jar:3.0.1]
at org.apereo.cas.web.flow.CasFlowHandlerAdapter.handle(CasFlowHandlerAdapter.java:35) ~[cas-server-core-webflow-api-7.2.6.jar:7.2.6]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089) ~[spring-webmvc-6.2.5.jar:6.2.5]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979) ~[spring-webmvc-6.2.5.jar:6.2.5]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014) ~[spring-webmvc-6.2.5.jar:6.2.5]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903) ~[spring-webmvc-6.2.5.jar:6.2.5]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564) ~[servlet-api.jar:6.0]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885) ~[spring-webmvc-6.2.5.jar:6.2.5]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) ~[servlet-api.jar:6.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat-websocket.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) ~[spring-web-6.2.5.jar:6.2.5]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:393) ~[cas-server-core-web-api-7.2.6.jar:7.2.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[catalina.jar:10.1.46]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[catalina.jar:10.1.46]
at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:196) ~[cas-server-core-web-api-7.2.6.jar:7.2.6]
... 102 more

Le mercredi 15 octobre 2025 à 17:50:58 UTC-4, Raph a écrit :

Migrating from 6.6.7 to 7.2.6.
When the mfa isnt bypassed in my service, a password reset returns the following message. The mfa works on login, so it's not an unavailable service.

Error: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.engine.NoMatchingTransitionException: No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset' -- valid transitional criteria are array<TransitionCriteria>[resumePasswordReset, success] -- likely programmer error, check the set of TransitionCriteria for this state

In another environnement still in 6.6, I noticr that there's no mfa when resetting a password, but there's one on login. I dont expect there to be one either (?).

Anyone else on 7.2.6+ using simple-mfa without trouble?

Ray Bon

unread,

Oct 17, 2025, 2:49:08 PMOct 17

to cas-...@apereo.org

Raph,

This part of the log:

No transition found on occurrence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset'

Are you creating the flow pswdreset or the the event unavailable?

If not, then this would be a bug in cas code.

If you have created a flow or your groovy script is returning the unavailable event, then that would be the place to investigate.

Is it possible that trusted-mfa or captcha features are affecting the flow?

Try to simplify your config.

We have added custom flows into our cas. To help understand what is going on, I created a method that would generate a human readable description of the flow and write to a file (included below in case you are creating custom flows).

Ray

package ca.uvic.idm.cas.web.flow;

import lombok.extern.slf4j.Slf4j;
import lombok.val;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;

import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
import java.util.regex.Pattern;

@Slf4j
public abstract class AbstractUvicCasWebflowConfigurer extends AbstractCasWebflowConfigurer {

	protected String outputFileName = "/tmp/flow.txt";

	public AbstractUvicCasWebflowConfigurer(FlowBuilderServices flowBuilderServices,
											FlowDefinitionRegistry loginFlowDefinitionRegistry,
											ConfigurableApplicationContext applicationContext,
											CasConfigurationProperties casProperties) {
		super(flowBuilderServices, loginFlowDefinitionRegistry, applicationContext, casProperties);
	}

	/**
	 * Inserts an inbound state into a transition for a target state and sets inbound
	 * state's matching transition to the previous target (preserving overall flow).
	 * Inbound state inserts itself into target state by replacing target transition.
	 * @param flow
	 * @param inboundStateId bean identifier for insertable action state
	 * @param inboundActionId action to be performed
	 * @param targetStateid bean identifier for state immediately before inbound
	 * @param targetTransitionId transition point for insertion
	 */
	protected ActionState insertIntoFlow(
			final Flow flow,
			final String inboundStateId,
			final String inboundActionId,
			final String targetStateid,
			final String targetTransitionId) {
		val inboundActionState = createActionState(flow, inboundStateId, inboundActionId);
		val targetState = getState(flow, targetStateid, ActionState.class);

		val destinationStateId = targetState.getTransition(targetTransitionId).getTargetStateId();
		val inboundTransitionSet = inboundActionState.getTransitionSet();
		inboundTransitionSet.add(createTransition(targetTransitionId, destinationStateId));

		createTransitionForState(targetState, targetTransitionId, inboundStateId, true);
		flowToFile(flow);
		return inboundActionState;
	}

	protected void flowToFile(final Flow flow) {
		flowToFile(flow, outputFileName);
	}


	protected void flowToFile(final Flow flow, final String fileName) {
		if (LOGGER.isTraceEnabled()) {
			String s = flow.toString().trim();
			String formatted = formatFlow(s);
			try (BufferedWriter writer = new BufferedWriter(new FileWriter(fileName))) {
	//			writer.write(s);
	//			writer.write("\n\n\n\n");
				writer.write(formatted);
			} catch (IOException e) {
				LOGGER.error(e.getMessage());
			}
		}
	}

	/**
	 * Formats a spring webflow flow to help determine how to modify a flow.
	 * Adds new lines and indents to make it easier to read.
	 * @param input flow.toString()
	 * @return nicely formatted flow
	 */
	public String formatFlow(final String input) {
		//LOGGER.debug("input: ." + input + ".");
		// used to add an extra indent for an object's field members
		java.util.Stack<java.util.AbstractMap.SimpleEntry> stack = new java.util.Stack<>();
		int currPosition = 0;
		String indent = "";
		String indentor = "\t";
		String newLine = "\n";
		// object identifier
		java.util.regex.Pattern objPattern = Pattern.compile("^(\\w+@\\w+)\\b.*");

		String in = input.trim();
		StringBuilder out = new StringBuilder();
		while (in.length() > currPosition) {
			java.util.regex.Matcher m = objPattern.matcher(in.substring(currPosition));
			String firstTwo = "";
			// capture first two characters to match against ']' or '],'
			if (1 < in.length() - currPosition) {
				firstTwo = in.substring(currPosition, currPosition + 2);
			} else {
				// at end of input
				firstTwo = in.substring(currPosition, currPosition + 1);
			}
			if (in.startsWith("[", currPosition)) {
				out.append(indent).append(in.charAt(currPosition)).append(newLine);
				indent += indentor;
				currPosition++;
				if (!stack.empty()) {
					java.util.AbstractMap.SimpleEntry<String, Integer> se = stack.pop();
					se.setValue(se.getValue() + 1);
					stack.push(se);
				}
			} else if (firstTwo.startsWith("]")) {
				if (!stack.empty()) {
					java.util.AbstractMap.SimpleEntry<String, Integer> se = stack.pop();
					if (1 > se.getValue()) {
						// outdent after printing member variables
						indent = indent.replaceFirst(indentor, "");
						if (!stack.empty()) {
							// this ] closes from outer object
							java.util.AbstractMap.SimpleEntry<String, Integer> seOuter = stack.pop();
							seOuter.setValue(seOuter.getValue() - 1);
							stack.push(seOuter);
						}
					} else {
						se.setValue(se.getValue() - 1);
						stack.push(se);
					}
				}
				indent = indent.replaceFirst(indentor, "");
				out.append(indent).append("]");
				if ("],".equals(firstTwo)) {
					out.append(",");
					currPosition++;
				}
				out.append(newLine);
				currPosition++;
			} else if (m.matches()) {
				String obj = m.group(1);
				out.append(indent).append(obj).append(newLine);
				indent = indent + indentor;
				// prepare for members
				stack.push(new java.util.AbstractMap.SimpleEntry<String, Integer>(obj, 0));
				currPosition += obj.length();
			} else {
				int nextOpenBracket = in.indexOf("[", currPosition);
				int nextCloseBracket = in.indexOf("]", currPosition);
				int nextComma = in.indexOf(",", currPosition);
				int nextMark = 0;
				boolean increaseIndent = false;
				// if [ or , not found, push beyond last position which would be ]
				if (0 > nextOpenBracket) {
					nextOpenBracket = in.length();
				}
				if (0 > nextComma) {
					nextComma = in.length();
				}
				// add 1 when [ and , since they should remain on same line and ] should be on next line
				if (nextCloseBracket > nextOpenBracket) {
					if (nextOpenBracket > nextComma) {
						nextMark = nextComma + 1;
					} else {
						nextMark = nextOpenBracket + 1;
						// bypass empty and null
						if ((in.substring(nextMark).startsWith("[empty]]"))
								|| (in.substring(nextMark).startsWith("null]"))) {
							if (in.substring(nextMark).startsWith("[empty]],")) {
								nextMark += 9;
							} else if (in.substring(nextMark).startsWith("[empty]]")) {
								nextMark += 8;
							} else if (in.substring(nextMark).startsWith("null],")) {
								nextMark += 6;
							} else if (in.substring(nextMark).startsWith("null]")) {
								nextMark += 5;
							}
						} else {
							// indent members
							increaseIndent = true;
							if (!stack.empty()) {
								java.util.AbstractMap.SimpleEntry<String, Integer> se = stack.pop();
								se.setValue(se.getValue() + 1);
								stack.push(se);
							}
						}
					}
				} else if (nextCloseBracket > nextComma) {
					nextMark = nextComma + 1;
				} else {
					nextMark = nextCloseBracket;
				}
				String s = in.substring(currPosition, nextMark).trim();
				if (0 < s.length()) {
					out.append(indent).append(s).append(newLine);
					currPosition = nextMark;
				}
				if (increaseIndent) {
					// for next line
					indent = indent + indentor;
				}
			}
		}
		String formatted = out.toString().trim();
		//LOGGER.debug("formatted: ." + formatted + ".");

		return formatted;
	}
}

From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Raph <raph.l...@gmail.com>
Sent: October 16, 2025 14:27
To: CAS Community <cas-...@apereo.org>
Cc: Raph <raph.l...@gmail.com>
Subject: [cas-user] Re: 7.2.6 : No transition found on occurence of event 'unavailable' in state 'mfa-simple' of flow 'pswdreset'

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/56ee93a0-601a-4d31-b808-89dc6823f7a9n%40apereo.org.

Raph

unread,

Oct 17, 2025, 4:01:38 PMOct 17

to cas-...@apereo.org

We ended up finding the right parameter to deactivate the mfa when resetting the password...

I believe it might be a cas bug, a fresh install without any script, or java modified had the same behaviour.

Although, we did have other implements like captcha as you mentionned.

You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/b-qDsXp3_m4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081FAE67FA2EC1B9F183E07CEF6A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.

Tom Reijnders

unread,

Oct 22, 2025, 9:56:04 AMOct 22

to CAS Community, Raph

Would you be so kind as to specify which parameter that is? I run into the same issue.

Tom

Op vrijdag 17 oktober 2025 om 22:01:38 UTC+2 schreef Raph:

KambaAbi

unread,

Oct 22, 2025, 6:17:18 PMOct 22

to CAS Community, Tom Reijnders, Raph

disabling mfa on password reset is this:

cas.authn.pm.reset.multifactor-authentication-enabled=true

Controls whether password reset operations must activate and support a multifactor authentication flow based on the set of available MFA providers that are configured and active, before reset instructions can be shared and sent.

https://apereo.github.io/cas/7.2.x/password_management/Password-Management-Reset.html

22 Ekim 2025 Çarşamba tarihinde saat 16:56:04 UTC+3 itibarıyla Tom Reijnders şunları yazdı:

Reply all

Reply to author

Forward

0 new messages