[Cas 6.0 6.1] Trusted devices and gauth account are forgotten on cas reboot

[Michele Melluso]

Hi all, 

I'm having a problem with mfa persistence both in cas 6.0 and 6.1. 

I configured jpa persistence (and also tried json persistence) for trusted devices and gauth accounts. I can see that the informations are stored correctly on my dbms (also on json files). 

The problem is when i reboot CAS, the informations are ignored and mfa is triggered again. Even worst Cas will ask again a user to register gauth. Any idea about this ?

thanks

Michele

[Ray Bon]

Michele,

Rebooting may remove cas sessions (Ticket Granting Ticket).

How are you storing login sessions, (https://apereo.github.io/cas/6.1.x/ticketing/Configuring-Ticketing-Components.html)?

Ray

On Thu, 2020-03-12 at 05:40 -0700, Michele Melluso wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

[Michele Melluso]

Hi,

thank you for the reply.

I'm storing session on MariaDB https://apereo.github.io/cas/6.1.x/ticketing/JPA-Ticket-Registry.html

So far it seemed to be working fine, since if i reboot Cas, sso session are mantained and no new login is required.

I also checked the TICKETGRANTINGTICKET table, and TGT are still there.

meanwhile i keep debugging :)

thank you again for your time

Michele

[Michele Melluso]

I found it out.

Cas was generating encription keys every boot asking for me to set it in cas.conf.

At the next reboot the key was different so Cas was unable to decript the previously stored infos.

Thanks a lot

Michele 

[Michele Andreoli]

Hi, how did  you fix this issue?