Error since CAS 6.3

79 views
Skip to first unread message

Gregory G

unread,
Feb 6, 2021, 3:36:04 PMFeb 6
to CAS Community
Hello, 

I currently dev for migrate from 6.2.5 to 6.3.1

And i have an error when i try to access a service with 2FA enabled but bypassed by reverse proxy

No specific flows are defined, only bypass

#Google Auth Bypass
cas.authn.mfa.gauth.bypass.http-request-headers=remote_user
cas.authn.mfa.gauth.bypass.principal-attribute-name=cas2faEnabled
cas.authn.mfa.gauth.bypass.principal-attribute-value=FALSE

So if a user (aka test1, with 2FA enabled in LDAP) connect to a service ( test.lab.local) : all it's ok
my second user (aka test2, without 2FA enabled) all is ok

and my first user came with his PKI, and nginx reverse proxy set remote_user header  to cas has this error :
org.springframework.webflow.engine.NoMatchingTransitionException: No transition was matched on the event(s) signaled by the [1] action(s) that executed in this action state 'remoteAuthenticate' of flow 'login'; transitions must be defined to handle action result outcomes -- possible flow configuration error? Note: the eventIds signaled were: 'array<String>['generateServiceTicket']', while the supported set of transitional criteria for this action state is 'array<TransitionCriteria>[success, error, authenticationFailure, mfa-gauth]'
but he can access to cas.lab.local without error.
Capture d’écran 2021-02-06 à 21.33.10.png
we see the MFA is bypassed in attributes.

The service i try to reach is very simple :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http)://localhost.*",
"name" : "localhost",
"id" : 2,
"description" : "Allows only localhost services",
"evaluationOrder" : 0
}



PS : this scenario is production scenario in place since CAS 5.2

Thanks for your help

Livy Li

unread,
Jul 14, 2021, 10:30:11 AMJul 14
to CAS Community, Gregory G
Gregory,

I'm seeing the same error message now on CAS 6.3.  Did your issue get resolved? 

Thanks for your help. 

Reply all
Reply to author
Forward
0 new messages