Error since CAS 6.3

Skip to first unread message

Gregory G

Feb 6, 2021, 3:36:04 PMFeb 6
to CAS Community

I currently dev for migrate from 6.2.5 to 6.3.1

And i have an error when i try to access a service with 2FA enabled but bypassed by reverse proxy

No specific flows are defined, only bypass

#Google Auth Bypass

So if a user (aka test1, with 2FA enabled in LDAP) connect to a service ( test.lab.local) : all it's ok
my second user (aka test2, without 2FA enabled) all is ok

and my first user came with his PKI, and nginx reverse proxy set remote_user header  to cas has this error :
org.springframework.webflow.engine.NoMatchingTransitionException: No transition was matched on the event(s) signaled by the [1] action(s) that executed in this action state 'remoteAuthenticate' of flow 'login'; transitions must be defined to handle action result outcomes -- possible flow configuration error? Note: the eventIds signaled were: 'array<String>['generateServiceTicket']', while the supported set of transitional criteria for this action state is 'array<TransitionCriteria>[success, error, authenticationFailure, mfa-gauth]'
but he can access to cas.lab.local without error.
Capture d’écran 2021-02-06 à 21.33.10.png
we see the MFA is bypassed in attributes.

The service i try to reach is very simple :
"@class" : "",
"serviceId" : "^(https|http)://localhost.*",
"name" : "localhost",
"id" : 2,
"description" : "Allows only localhost services",
"evaluationOrder" : 0

PS : this scenario is production scenario in place since CAS 5.2

Thanks for your help
Reply all
Reply to author
0 new messages