Re: [cas-user] CAS 7.04 trying to login on cas-management

[Ray Bon]

Tom,

Does your service definition for cas-management include an MFA reference?

Ray

On Wed, 2024-05-08 at 13:10 -0700, Tom Reijnders wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

I've setup CAS 7.04 and I am trying to login to cas-management.

After login (password is correctly resolved, user is resolved, service is recognised) I am returning to the login screen.

The error is: 

 WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <Cannot invoke "java.util.Set.isEmpty()" because the return value of "org.apereo.cas.services.RegisteredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()" is null>

But why is getMultifactorAuthenticationProviders called at all? Is that a new default in 7.04?

What do you need to help me debug this?

Below is the cas.properties file:

cas.server.name=https://cas.xxxx.xx
cas.server.prefix=${cas.server.name}/cas

CasFeatureModule.AccountManagement.enabled=true

cas.locale.default-value=nl

server.port=8081
server.ssl.enabled=false
cas.server.tomcat.http-proxy.enabled=true
cas.server.tomcat.http-proxy.secure=true
cas.server.tomcat.http-proxy.scheme=https

logging.config=file:/etc/cas/config/log4j2.xml

# Spring security settings
spring.security.user.name=casuser
spring.security.user.password=xxxx

# Authentication
cas.authn.accept.users=
cas.authn.jdbc.query[0].driver-class=org.mariadb.jdbc.Driver
cas.authn.jdbc.query[0].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MariaDBDialect
cas.authn.jdbc.query[0].user=cas
cas.authn.jdbc.query[0].password=xxxx
cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE login = ?
cas.authn.jdbc.query[0].password-encoder.type=SSHA
cas.authn.jdbc.query[0].password-encoder.character-encoding=UTF-8
cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=SHA-256
cas.authn.jdbc.query[0].field-password=password
cas.authn.jdbc.query[0].field-expired=expired
cas.authn.jdbc.query[0].field-disabled=disabled
cas.authn.jdbc.query[0].principal-attribute-list=login,email,firstname,lastname,role
cas.authn.jdbc.query[1].driver-class=org.mariadb.jdbc.Driver
cas.authn.jdbc.query[1].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
cas.authn.jdbc.query[1].dialect=org.hibernate.dialect.MariaDBDialect
cas.authn.jdbc.query[1].user=cas
cas.authn.jdbc.query[1].password=xxxx
cas.authn.jdbc.query[1].sql=SELECT * FROM users WHERE email = ?
cas.authn.jdbc.query[1].password-encoder.type=SSHA
cas.authn.jdbc.query[1].password-encoder.character-encoding=UTF-8
cas.authn.jdbc.query[1].password-encoder.encoding-algorithm=SHA-256
cas.authn.jdbc.query[1].field-password=password
cas.authn.jdbc.query[1].field-expired=expired
cas.authn.jdbc.query[1].field-disabled=disabled
cas.authn.jdbc.query[1].principal-attribute-list=login,email,firstname,lastname,role
cas.jdbc.show-sql=true


# JSON Configuration 2cwof services
cas.serviceRegistry.json.location: file:/etc/cas/services

# OAuth
cas.authn.oauth.crypto.encryption.key=xxxx
cas.authn.oauth.crypto.signing.key=xxxx
cas.authn.oauth.access-token.crypto.encryption.key=xxxx
cas.authn.oauth.access-token.crypto.signing.key=xxxx


# Tickets
cas.tgc.crypto.encryption.key=xxxx
cas.tgc.crypto.signing.key=xxxx

# Consent
cas.consent.core.crypto.encryption.key=xxxx
cas.consent.core.crypto.signing.key=xxxx


# Password Management
cas.webflow.crypto.signing.key=xxxx
cas.webflow.crypto.encryption.key=xxxx
cas.authn.pm.reset.crypto.encryption.key=xxxx
cas.authn.pm.reset.crypto.signing.key=xxxx
cas.authn.pm.forgot-username.enabled=false

# Enable PM module and Password History
cas.authn.pm.core.enabled=true
cas.authn.pm.history.core.enabled=true


# Enable Questions and Answers for PM
cas.authn.pm.reset.security-questions-enabled=false

# Password Management Database Connection Info
cas.authn.pm.jdbc.user=cas
cas.authn.pm.jdbc.password=xxxx
cas.authn.pm.jdbc.driver-class=org.mariadb.jdbc.Driver
cas.authn.pm.jdbc.dialect=org.hibernate.dialect.MariaDBDialect
cas.authn.pm.jdbc.url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
cas.authn.pm.jdbc.password-encoder.type=SSHA

# Queries Needed to Support PM functionality
cas.authn.pm.jdbc.sql-get-security-questions=SELECT question, answer FROM questions WHERE login=?
cas.authn.pm.jdbc.sql-find-email=SELECT email FROM users WHERE login=?
# cas.authn.pm.jdbc.sql-find-phone=SELECT phone FROM users WHERE login=?
cas.authn.pm.jdbc.sql-find-user=SELECT login FROM users WHERE email=?
cas.authn.pm.jdbc.sql-change-password=UPDATE users SET password=?, expired=0 WHERE login=?

# Password Requirements Policy
# Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character
cas.authn.pm.core.password-policy-pattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%*?&\\-+=_])[A-Za-z\\d$@$!%*?&\\-+=_]{8,10}

# SMTP Settings
spring.mail.host=localhost
spring.mail.port=25
spring.mail.username=
spring.mail.password=
spring.mail.properties.mail.smtp.auth=false

# Password Reset Email Info
cas.authn.pm.reset.mail.from=C...@xxxx.xx
cas.authn.pm.reset.mail.subject=Change password
cas.authn.pm.reset.mail.reply-to=C...@xxxx.xx
cas.authn.pm.reset.mail.html=true
cas.authn.pm.reset.mail.attribute-name=email
cas.authn.pm.reset.expiration=PT15M

The follpowing dependencies are configured in the overlay:

    implementation "org.apereo.cas:cas-server-support-audit-jdbc"
    implementation "org.apereo.cas:cas-server-support-consent-webflow"
    implementation "org.apereo.cas:cas-server-support-consent-jdbc"
    implementation "org.apereo.cas:cas-server-support-jdbc"
    implementation "org.apereo.cas:cas-server-support-oidc"
    implementation "org.apereo.cas:cas-server-support-pm-webflow"
    implementation "org.apereo.cas:cas-server-support-pm-jdbc"
    implementation "org.apereo.cas:cas-server-support-saml-idp"
    implementation "org.apereo.cas:cas-server-support-json-service-registry"
    implementation "org.apereo.cas:cas-server-support-jdbc-drivers"


    testImplementation "org.springframework.boot:spring-boot-starter-test"

Any hint is appreciated.

Cheers,

Tom Reijnders

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67ddaff50142a1f580b79215949ece0e6543281c.camel%40uvic.ca.