Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
I've setup CAS 7.04 and I am trying to login to cas-management.
After login (password is correctly resolved, user is resolved, service is recognised) I am returning to the login screen.
The error is:
WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <Cannot invoke "java.util.Set.isEmpty()" because the return value of "org.apereo.cas.services.RegisteredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()"
is null>
But why is getMultifactorAuthenticationProviders called at all? Is that a new default in 7.04?
What do you need to help me debug this?
Below is the cas.properties file:
cas.server.name=https://cas.xxxx.xx
cas.server.prefix=${cas.server.name}/cas
CasFeatureModule.AccountManagement.enabled=true
cas.locale.default-value=nl
server.port=8081
server.ssl.enabled=false
cas.server.tomcat.http-proxy.enabled=true
cas.server.tomcat.http-proxy.secure=true
cas.server.tomcat.http-proxy.scheme=https
logging.config=file:/etc/cas/config/log4j2.xml
# Spring security settings
spring.security.user.name=casuser
spring.security.user.password=xxxx
# Authentication
cas.authn.accept.users=
cas.authn.jdbc.query[0].driver-class=org.mariadb.jdbc.Driver
cas.authn.jdbc.query[0].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MariaDBDialect
cas.authn.jdbc.query[0].user=cas
cas.authn.jdbc.query[0].password=xxxx
cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE login = ?
cas.authn.jdbc.query[0].password-encoder.type=SSHA
cas.authn.jdbc.query[0].password-encoder.character-encoding=UTF-8
cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=SHA-256
cas.authn.jdbc.query[0].field-password=password
cas.authn.jdbc.query[0].field-expired=expired
cas.authn.jdbc.query[0].field-disabled=disabled
cas.authn.jdbc.query[0].principal-attribute-list=login,email,firstname,lastname,role
cas.authn.jdbc.query[1].driver-class=org.mariadb.jdbc.Driver
cas.authn.jdbc.query[1].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
cas.authn.jdbc.query[1].dialect=org.hibernate.dialect.MariaDBDialect
cas.authn.jdbc.query[1].user=cas
cas.authn.jdbc.query[1].password=xxxx
cas.authn.jdbc.query[1].sql=SELECT * FROM users WHERE email = ?
cas.authn.jdbc.query[1].password-encoder.type=SSHA
cas.authn.jdbc.query[1].password-encoder.character-encoding=UTF-8
cas.authn.jdbc.query[1].password-encoder.encoding-algorithm=SHA-256
cas.authn.jdbc.query[1].field-password=password
cas.authn.jdbc.query[1].field-expired=expired
cas.authn.jdbc.query[1].field-disabled=disabled
cas.authn.jdbc.query[1].principal-attribute-list=login,email,firstname,lastname,role
cas.jdbc.show-sql=true
# JSON Configuration 2cwof services
cas.serviceRegistry.json.location: file:/etc/cas/services
# OAuth
cas.authn.oauth.crypto.encryption.key=xxxx
cas.authn.oauth.crypto.signing.key=xxxx
cas.authn.oauth.access-token.crypto.encryption.key=xxxx
cas.authn.oauth.access-token.crypto.signing.key=xxxx
# Tickets
cas.tgc.crypto.encryption.key=xxxx
cas.tgc.crypto.signing.key=xxxx
# Consent
cas.consent.core.crypto.encryption.key=xxxx
cas.consent.core.crypto.signing.key=xxxx
# Password Management
cas.webflow.crypto.signing.key=xxxx
cas.webflow.crypto.encryption.key=xxxx
cas.authn.pm.reset.crypto.encryption.key=xxxx
cas.authn.pm.reset.crypto.signing.key=xxxx
cas.authn.pm.forgot-username.enabled=false
# Enable PM module and Password History
cas.authn.pm.core.enabled=true
cas.authn.pm.history.core.enabled=true
# Enable Questions and Answers for PM
cas.authn.pm.reset.security-questions-enabled=false
# Password Management Database Connection Info
cas.authn.pm.jdbc.user=cas
cas.authn.pm.jdbc.password=xxxx
cas.authn.pm.jdbc.driver-class=org.mariadb.jdbc.Driver
cas.authn.pm.jdbc.dialect=org.hibernate.dialect.MariaDBDialect
cas.authn.pm.jdbc.url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
cas.authn.pm.jdbc.password-encoder.type=SSHA
# Queries Needed to Support PM functionality
cas.authn.pm.jdbc.sql-get-security-questions=SELECT question, answer FROM questions WHERE login=?
cas.authn.pm.jdbc.sql-find-email=SELECT email FROM users WHERE login=?
# cas.authn.pm.jdbc.sql-find-phone=SELECT phone FROM users WHERE login=?
cas.authn.pm.jdbc.sql-find-user=SELECT login FROM users WHERE email=?
cas.authn.pm.jdbc.sql-change-password=UPDATE users SET password=?, expired=0 WHERE login=?
# Password Requirements Policy
# Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character
cas.authn.pm.core.password-policy-pattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%*?&\\-+=_])[A-Za-z\\d$@$!%*?&\\-+=_]{8,10}
# SMTP Settings
spring.mail.host=localhost
spring.mail.port=25
spring.mail.username=
spring.mail.password=
spring.mail.properties.mail.smtp.auth=false
# Password Reset Email Info
cas.authn.pm.reset.mail.from=C...@xxxx.xx
cas.authn.pm.reset.mail.subject=Change password
cas.authn.pm.reset.mail.reply-to=C...@xxxx.xx
cas.authn.pm.reset.mail.html=true
cas.authn.pm.reset.mail.attribute-name=email
cas.authn.pm.reset.expiration=PT15M
The follpowing dependencies are configured in the overlay:
implementation "org.apereo.cas:cas-server-support-audit-jdbc"
implementation "org.apereo.cas:cas-server-support-consent-webflow"
implementation "org.apereo.cas:cas-server-support-consent-jdbc"
implementation "org.apereo.cas:cas-server-support-jdbc"
implementation "org.apereo.cas:cas-server-support-oidc"
implementation "org.apereo.cas:cas-server-support-pm-webflow"
implementation "org.apereo.cas:cas-server-support-pm-jdbc"
implementation "org.apereo.cas:cas-server-support-saml-idp"
implementation "org.apereo.cas:cas-server-support-json-service-registry"
implementation "org.apereo.cas:cas-server-support-jdbc-drivers"
testImplementation "org.springframework.boot:spring-boot-starter-test"
Any hint is appreciated.
Cheers,
Tom Reijnders