I currently dev for migrate from 6.2.5 to 6.3.1
And i have an error when i try to access a service with 2FA enabled but bypassed by reverse proxy
No specific flows are defined, only bypass
#Google Auth Bypass
So if a user (aka test1, with 2FA enabled in LDAP) connect to a service ( test.lab.local) : all it's ok
my second user (aka test2, without 2FA enabled) all is ok
and my first user came with his PKI, and nginx reverse proxy set remote_user header to cas has this error :
org.springframework.webflow.engine.NoMatchingTransitionException: No transition was matched on the event(s) signaled by the  action(s) that executed in this action state 'remoteAuthenticate' of flow 'login'; transitions must be defined to handle action result outcomes -- possible flow configuration error? Note: the eventIds signaled were: 'array<String>['generateServiceTicket']', while the supported set of transitional criteria for this action state is 'array<TransitionCriteria>[success, error, authenticationFailure, mfa-gauth]'
but he can access to cas.lab.local without error.
we see the MFA is bypassed in attributes.
The service i try to reach is very simple :
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http)://localhost.*",
"name" : "localhost",
"id" : 2,
"description" : "Allows only localhost services",
"evaluationOrder" : 0
PS : this scenario is production scenario in place since CAS 5.2
Thanks for your help