Here are the logs:
2016-06-16 10:47:57,268 DEBUG
[org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] -
<Initializing CAS webflow configuration...>
2016-06-16 10:47:58,209 DEBUG
[org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] -
<Retrieved action state realSubmit>
2016-06-16 10:47:58,209 DEBUG
[org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] -
<Added transition mfa-duo to the state realSubmit>
2016-06-16 10:47:58,250 DEBUG
[org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] -
<Registering flow definition [mfa-duo]>
2016-06-16 10:47:58,251 DEBUG
[org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] -
<Added transition mfa-duo to the state
initialAuthenticationRequestValidationCheck>
2016-06-16 10:48:07,964 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Preparing to
schedule job to clean up after tickets...>
2016-06-16 10:48:07,972 DEBUG
[org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Scheduling
DefaultTicketRegistry job>
2016-06-16 10:48:07,973 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistry] -
<DefaultTicketRegistry will clean tickets every 2 minutes>
2016-06-16 10:48:08,300 DEBUG
[org.apereo.cas.web.support.DefaultCasCookieValueManager] - <Using cipher
[class
org.apereo.cas.util.TGCCipherExecutor$$EnhancerBySpringCGLIB$$4072cd3b to
encrypt and decode the cookie>
2016-06-16 10:48:09,143 DEBUG [org.apereo.cas.util.TGCCipherExecutor] -
<Initialized cipher encryption sequence via [A128CBC-HS256]>
2016-06-16 10:48:09,510 DEBUG
[org.apereo.cas.web.view.Cas30JsonResponseView] - <Initializing
Cas30JsonResponseView>
2016-06-16 10:48:09,698 DEBUG
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Loading services
from JsonServiceRegistryDao>
2016-06-16 10:48:09,750 DEBUG
[org.apereo.cas.services.ServiceRegistryConfigWatcher] - <Created service
registry watcher for events of type ENTRY_CREATE>
2016-06-16 10:48:09,752 DEBUG
[org.apereo.cas.services.ServiceRegistryConfigWatcher] - <Watching service
registry directory at
/opt/apache-tomcat-8.0.36/webapps/cas/WEB-INF/classes/services>
2016-06-16 10:48:09,756 DEBUG
[org.apereo.cas.services.AbstractResourceBasedServiceRegistryDao] -
<Started service registry watcher thread>
2016-06-16 10:48:10,619 DEBUG
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered
service ^(http|imaps)://.*>
2016-06-16 10:48:10,619 DEBUG
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered
service ^https://www.apereo.org>
2016-06-16 10:48:10,620 INFO
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services
from JsonServiceRegistryDao.>
2016-06-16 10:48:10,704 DEBUG
[org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <Calculated threshold rate as 1.6666666666666667>
2016-06-16 10:48:10,730 DEBUG
[org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressHandlerInterceptorAdapter]
- <Calculated threshold rate as 1.6666666666666667>
2016-06-16 10:48:10,768 DEBUG
[org.apereo.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <Calculated threshold rate as 1.6666666666666667>
2016-06-16 10:48:10,768 DEBUG
[org.apereo.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <No data source is defined for inspektrIpAddressUsernameThrottle.
Ignoring the construction of JDBC template>
2016-06-16 10:48:11,390 INFO
[org.apereo.cas.web.CasWebApplicationServletInitializer] - <Started
CasWebApplicationServletInitializer in 28.695 seconds (JVM running for
43.827)>
16-Jun-2016 10:48:11.470 INFO [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
application archive /opt/apache-tomcat-8.0.36/webapps/cas.war has finished
in 42,803 ms
16-Jun-2016 10:48:11.475 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["http-nio-8080"]
16-Jun-2016 10:48:11.486 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["ajp-nio-8009"]
16-Jun-2016 10:48:11.488 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in 42871 ms
2016-06-16 10:48:26,501 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[authenticationFailure.FailedLoginException]>
2016-06-16 10:48:26,502 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file
found for [classpath:custom_messages_en_US] - neither plain properties nor
XML>
2016-06-16 10:48:26,504 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[authenticationFailure.FailedLoginException]>
2016-06-16 10:48:26,505 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file
found for [classpath:messages_en_US] - neither plain properties nor XML>
2016-06-16 10:48:26,506 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[authenticationFailure.FailedLoginException] cannot be found in the
language bundle for the locale [en_US]>
2016-06-16 10:48:26,507 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file
found for [classpath:custom_messages_en] - neither plain properties nor XML>
2016-06-16 10:48:26,509 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file
found for [classpath:custom_messages] - neither plain properties nor XML>
2016-06-16 10:48:26,511 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file
found for [classpath:messages_en] - neither plain properties nor XML>
2016-06-16 10:48:26,511 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Loading properties
[messages.properties] with encoding 'UTF-8'>
2016-06-16 10:48:26,543 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created
http://hadoopdev1.example.com based on
org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c>
2016-06-16 10:48:26,544 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor
generated service type
org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl
for: http://hadoopdev1.example.com>
2016-06-16 10:48:27,169 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code [cas.login.pagetitle]>
2016-06-16 10:48:27,170 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [cas.login.pagetitle]>
2016-06-16 10:48:27,171 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[cas.login.pagetitle] cannot be found in the language bundle for the locale
[en_US]>
2016-06-16 10:48:27,281 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code [logo.title]>
2016-06-16 10:48:27,282 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [logo.title]>
2016-06-16 10:48:27,283 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[logo.title] cannot be found in the language bundle for the locale [en_US]>
2016-06-16 10:48:27,294 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.cookies.disabled.title]>
2016-06-16 10:48:27,294 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.cookies.disabled.title]>
2016-06-16 10:48:27,295 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.cookies.disabled.title] cannot be found in the language bundle for
the locale [en_US]>
2016-06-16 10:48:27,298 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.cookies.disabled.message]>
2016-06-16 10:48:27,299 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.cookies.disabled.message]>
2016-06-16 10:48:27,299 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.cookies.disabled.message] cannot be found in the language bundle
for the locale [en_US]>
2016-06-16 10:48:27,316 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[cas.login.resources.header]>
2016-06-16 10:48:27,320 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [cas.login.resources.header]>
2016-06-16 10:48:27,320 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[cas.login.resources.header] cannot be found in the language bundle for the
locale [en_US]>
2016-06-16 10:48:27,321 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[cas.login.resources.wiki]>
2016-06-16 10:48:27,321 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [cas.login.resources.wiki]>
2016-06-16 10:48:27,321 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[cas.login.resources.wiki] cannot be found in the language bundle for the
locale [en_US]>
2016-06-16 10:48:27,323 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[cas.login.resources.issuetracker]>
2016-06-16 10:48:27,327 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[cas.login.resources.issuetracker]>
2016-06-16 10:48:27,327 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[cas.login.resources.issuetracker] cannot be found in the language bundle
for the locale [en_US]>
2016-06-16 10:48:27,328 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[cas.login.resources.mailinglist]>
2016-06-16 10:48:27,329 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[cas.login.resources.mailinglist]>
2016-06-16 10:48:27,329 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[cas.login.resources.mailinglist] cannot be found in the language bundle
for the locale [en_US]>
2016-06-16 10:48:27,340 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code [cas.login.pagetitle]>
2016-06-16 10:48:27,340 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [cas.login.pagetitle]>
2016-06-16 10:48:27,341 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[cas.login.pagetitle] cannot be found in the language bundle for the locale
[en_US]>
2016-06-16 10:48:27,354 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.instructions]>
2016-06-16 10:48:27,354 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.welcome.instructions]>
2016-06-16 10:48:27,355 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.instructions] cannot be found in the language bundle for
the locale [en_US]>
2016-06-16 10:48:27,355 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.label.netid]>
2016-06-16 10:48:27,355 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [screen.welcome.label.netid]>
2016-06-16 10:48:27,358 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.label.netid] cannot be found in the language bundle for the
locale [en_US]>
2016-06-16 10:48:27,360 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.label.netid.accesskey]>
2016-06-16 10:48:27,360 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.welcome.label.netid.accesskey]>
2016-06-16 10:48:27,361 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.label.netid.accesskey] cannot be found in the language
bundle for the locale [en_US]>
2016-06-16 10:48:27,366 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.label.password]>
2016-06-16 10:48:27,366 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.welcome.label.password]>
2016-06-16 10:48:27,366 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.label.password] cannot be found in the language bundle for
the locale [en_US]>
2016-06-16 10:48:27,367 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.label.password.accesskey]>
2016-06-16 10:48:27,368 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.welcome.label.password.accesskey]>
2016-06-16 10:48:27,368 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.label.password.accesskey] cannot be found in the language
bundle for the locale [en_US]>
2016-06-16 10:48:27,371 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code [screen.capslock.on]>
2016-06-16 10:48:27,372 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [screen.capslock.on]>
2016-06-16 10:48:27,372 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.capslock.on] cannot be found in the language bundle for the locale
[en_US]>
2016-06-16 10:48:27,375 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.button.login]>
2016-06-16 10:48:27,376 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.welcome.button.login]>
2016-06-16 10:48:27,376 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.button.login] cannot be found in the language bundle for
the locale [en_US]>
2016-06-16 10:48:27,376 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.button.clear]>
2016-06-16 10:48:27,377 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code
[screen.welcome.button.clear]>
2016-06-16 10:48:27,377 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.button.clear] cannot be found in the language bundle for
the locale [en_US]>
2016-06-16 10:48:27,380 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[screen.welcome.security]>
2016-06-16 10:48:27,380 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [screen.welcome.security]>
2016-06-16 10:48:27,380 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[screen.welcome.security] cannot be found in the language bundle for the
locale [en_US]>
2016-06-16 10:48:27,382 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code [copyright]>
2016-06-16 10:48:27,382 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [copyright]>
2016-06-16 10:48:27,383 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[copyright] cannot be found in the language bundle for the locale [en_US]>
2016-06-16 10:48:27,980 DEBUG [org.apereo.cas.util.CasSpringBeanJobFactory]
- <Created job
org.apereo.cas.ticket.registry.DefaultTicketRegistry@48b56df4 for bundle
org.quartz.spi.TriggerFiredBundle@5144b57c>
2016-06-16 10:48:27,984 DEBUG [org.apereo.cas.util.CasSpringBeanJobFactory]
- <Autowired job per the application context>
2016-06-16 10:48:27,987 DEBUG
[org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Beginning ticket
cleanup...>
2016-06-16 10:48:37,434 DEBUG [org.apereo.cas.WebflowCipherExecutor] -
<Successfully decoded value. Result in Base64-encoding is []>
2016-06-16 10:48:37,441 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created
http://hadoopdev1.example.com based on
org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c>
2016-06-16 10:48:37,441 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor
generated service type
org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl
for: http://hadoopdev1.example.com>
2016-06-16 10:48:37,445 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:48:37,445 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:48:37,445 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:48:37,446 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:48:37,446 DEBUG
[org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver]
- <Authentication handlers used for this transaction are
[org.apereo.cas.authentication.LdapAuthenticationHandler@375d92c2,
org.apereo.cas.adaptors.duo.DuoAuthenticationHandler@64349f2]>
2016-06-16 10:48:37,447 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting
LDAP authentication for klintholmes>
2016-06-16 10:48:37,461 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response:
[org.ldaptive.auth.AuthenticationResponse@29657540::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
resolvedDn=CN=klintholmes,OU=User,DC=example,DC=com,
ldapEntry=[dn=CN=klintholmes,OU=User,DC=example,DC=com[[mail[klinthol...@example.com]],
[displayName[Klint Holmes]], [memberOf[CN=All
Students,OU=Groups,DC=example,DC=com]], [sAMAccountName[klintholmes]]],
responseControls=null, messageId=-1], accountState=null, result=true,
resultCode=SUCCESS, message=null, controls=null]>
2016-06-16 10:48:37,461 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <No ldap
password policy configuration is defined>
2016-06-16 10:48:37,461 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response
returned as result. Creating the final LDAP principal>
2016-06-16 10:48:37,461 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Creating LDAP
principal for klintholmes based on CN=klintholmes,OU=User,DC=example,DC=com>
2016-06-16 10:48:37,461 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Retrieved
principal id attribute klintholmes>
2016-06-16 10:48:37,461 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
principal attribute: [displayName[Klint Holmes]]>
2016-06-16 10:48:37,461 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
principal attribute: [mail[klinthol...@example.com]]>
2016-06-16 10:48:37,462 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
principal attribute: [memberOf[CN=All
Students,OU=Groups,DC=example,DC=com]] is multivalued>
2016-06-16 10:48:37,462 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Created LDAP
principal for id klintholmes and 5 attributes>
2016-06-16 10:48:37,489 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler successfully authenticated klintholmes>
2016-06-16 10:48:37,489 DEBUG
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <No
resolver configured for LdapAuthenticationHandler. Falling back to handler
principal klintholmes>
2016-06-16 10:48:37,505 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated klintholmes with credentials [klintholmes].>
2016-06-16 10:48:37,506 DEBUG
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Attribute map for klintholmes:
{LdapAuthenticationHandler.dn=CN=klintholmes,OU=User,DC=example,DC=com,
memberOf=[CN=All Students,OU=Groups,DC=example,DC=com],
mail=klinthol...@example.com, displayName=Klint Holmes}>
2016-06-16 10:48:37,522 DEBUG
[org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] -
<Trying to see if target's return value is instance of [Assertion]...>
2016-06-16 10:48:37,523 DEBUG
[org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] -
<Resolving principal from the delegate principal resolver:
[org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver@4b942e75]...>
2016-06-16 10:48:37,523 DEBUG
[org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [AuthenticationTransaction] for audit>
2016-06-16 10:48:37,524 DEBUG
[org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [UsernamePasswordCredential] for audit>
2016-06-16 10:48:37,524 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: klintholmes
WHAT: Supplied credentials: [klintholmes]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Jun 16 10:48:37 MDT 2016
CLIENT IP ADDRESS: 137.*.*.*
SERVER IP ADDRESS: 137.*.*.*
=============================================================
>
2016-06-16 10:48:37,526 DEBUG
[org.apereo.cas.authentication.DefaultAuthenticationTransactionManager] -
<Successful authentication; Collecting authentication result
[org.apereo.cas.authentication.DefaultAuthentication@b9cc9023]>
2016-06-16 10:48:37,542 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:48:37,542 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:48:37,584 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:48:37,584 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:48:37,598 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:48:37,598 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:48:37,602 DEBUG
[org.apereo.cas.adaptors.duo.DuoMultifactorAuthenticationProvider] -
<Multifactor failure mode for ^(http|imaps)://.* is defined as CLOSED>
2016-06-16 10:48:37,720 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] -
<Connecting socket to api-*******.duosecurity.com/:443 with timeout 5000>
2016-06-16 10:48:37,766 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled
protocols: [TLSv1, TLSv1.1, TLSv1.2]>
2016-06-16 10:48:37,767 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled
cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]>
2016-06-16 10:48:37,768 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Starting
handshake>
2016-06-16 10:48:37,873 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Secure
session established>
2016-06-16 10:48:37,873 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <
negotiated protocol: TLSv1.2>
2016-06-16 10:48:37,873 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <
negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256>
2016-06-16 10:48:37,874 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < peer
principal: CN=*.duosecurity.com, O="Duo Security, Inc.", L=Ann Arbor,
ST=Michigan, C=US>
2016-06-16 10:48:37,879 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < peer
alternative names: [*.duosecurity.com, duosecurity.com]>
2016-06-16 10:48:37,880 DEBUG
[org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < issuer
principal: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com,
O=DigiCert Inc, C=US>
2016-06-16 10:48:37,940 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] -
<Response code received from server matched 200.>
2016-06-16 10:48:37,955 DEBUG
[org.apereo.cas.adaptors.duo.DuoAuthenticationService] - <Received Duo ping
response {"response": "pong", "stat": "OK"}>
2016-06-16 10:48:37,984 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:48:37,984 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:48:38,001 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:48:38,001 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:48:38,019 INFO
[org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for
cookies for warn cookie generator to: /cas/ >
2016-06-16 10:48:38,032 INFO
[org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for
cookies for TGC cookie generator to: /cas/ >
2016-06-16 10:48:38,043 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created
http://hadoopdev1.example.com based on
org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c>
2016-06-16 10:48:38,044 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor
generated service type
org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl
for: http://hadoopdev1.example.com>
2016-06-16 10:48:38,105 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created
http://hadoopdev1.example.com based on
org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c>
2016-06-16 10:48:38,114 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor
generated service type
org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl
for: http://hadoopdev1.example.com>
2016-06-16 10:48:38,149 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code
[cas.mfa.duologin.pagetitle]>
2016-06-16 10:48:38,149 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [cas.mfa.duologin.pagetitle]>
2016-06-16 10:48:38,150 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[cas.mfa.duologin.pagetitle] cannot be found in the language bundle for the
locale [en_US]>
2016-06-16 10:48:38,156 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code [logo.title]>
2016-06-16 10:48:38,157 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [logo.title]>
2016-06-16 10:48:38,158 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[logo.title] cannot be found in the language bundle for the locale [en_US]>
2016-06-16 10:48:38,169 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:custom_messages_en_US] for the code [copyright]>
2016-06-16 10:48:38,170 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language
bundle [classpath:messages_en_US] for the code [copyright]>
2016-06-16 10:48:38,171 DEBUG
[org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code
[copyright] cannot be found in the language bundle for the locale [en_US]>
2016-06-16 10:49:03,067 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created
http://hadoopdev1.example.com based on
org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c>
2016-06-16 10:49:03,067 DEBUG
[org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor
generated service type
org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl
for: http://hadoopdev1.example.com>
2016-06-16 10:49:03,098 DEBUG [org.apereo.cas.web.support.WebUtils] -
<Evaluating request to determine if warning cookie should be generated>
2016-06-16 10:49:03,099 DEBUG
[org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2016-06-16 10:49:03,100 DEBUG
[org.apereo.cas.adaptors.duo.web.flow.DuoAuthenticationWebflowEventResolver]
- <Handling authentication transaction for credential
org.apereo.cas.adaptors.duo.DuoCredential@475bf673[username=klintholmes,signedDuoResponse=AUTH]>
2016-06-16 10:49:03,101 DEBUG
[org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver]
- <Authentication handlers used for this transaction are
[org.apereo.cas.authentication.LdapAuthenticationHandler@375d92c2,
org.apereo.cas.adaptors.duo.DuoAuthenticationHandler@64349f2]>
2016-06-16 10:49:03,105 DEBUG
[org.apereo.cas.adaptors.duo.DuoAuthenticationService] - <Calling
DuoWeb.verifyResponse with signed request token 'AUTH|'>
2016-06-16 10:49:03,106 DEBUG
[org.apereo.cas.adaptors.duo.DuoAuthenticationHandler] - <Response from Duo
verify: [klintholmes]>
2016-06-16 10:49:03,107 INFO
[org.apereo.cas.adaptors.duo.DuoAuthenticationHandler] - <Successful Duo
authentication for [klintholmes]>
2016-06-16 10:49:03,110 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<DuoAuthenticationHandler successfully authenticated
org.apereo.cas.adaptors.duo.DuoCredential@4]>
2016-06-16 10:49:03,110 DEBUG
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <No
resolver configured for DuoAuthenticationHandler. Falling back to handler
principal klintholmes>
2016-06-16 10:49:03,111 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated klintholmes with credentials
[org.apereo.cas.adaptors.duo.DuoCredential@4.>
2016-06-16 10:49:03,111 DEBUG
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Attribute map for klintholmes: {}>
2016-06-16 10:49:03,131 DEBUG [org.apereo.cas.util.CollectionUtils] -
<Converting attribute [DuoAuthenticationHandler]>
2016-06-16 10:49:03,139 DEBUG
[org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] -
<Trying to see if target's return value is instance of [Assertion]...>
2016-06-16 10:49:03,139 DEBUG
[org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] -
<Resolving principal from the delegate principal resolver:
[org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver@4b942e75]...>
2016-06-16 10:49:03,139 DEBUG
[org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [AuthenticationTransaction] for audit>
2016-06-16 10:49:03,139 DEBUG
[org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [DuoCredential] for audit>
2016-06-16 10:49:03,140 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
On Thursday, June 16, 2016 at 9:52:34 AM UTC-6, Misagh Moayyed wrote:
>
> You’re going to have share logs, at DEBUG, so we can trace the activity.
>
>
>
> *From:* cas...@apereo.org <javascript:> [mailto:cas...@apereo.org
> <javascript:>] *On Behalf Of *Klint
> *Sent:* Thursday, June 16, 2016 7:55 AM
> *To:* CAS Developer <cas...@apereo.org <javascript:>>
> *Subject:* [cas-dev] CAS v5 M2 Principal Attribute Per Application (Duo)
>
>
>
>
>
> I just started testing the new latest v5 M2 preview and was have been
> working on getting the mfa-duo setup, everything seems to be working fine
> except it does not seem to honor the "principalAttributeNameTrigger" and
> "principalAttributeValueToMatch" to filter which users are forced to use
> Duo to login for a service. All users are forced to use Duo.
>
>
>
>
>
> Current Service Definition:
>
>
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^(http|imaps)://.*",
>
> "name" : "HTTPS and IMAPS",
>
> "id" : 100,
>
> "multifactorPolicy" : {
>
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
>
> "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [
> "mfa-duo" ] ],
>
> "principalAttributeNameTrigger" : "memberOf",
>
> "principalAttributeValueToMatch" : "duo_users"
>
> }
>
> }
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Developer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-dev+u...@apereo.org <javascript:>.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
>
--
You received this message because you are subscribed to the Google Groups "CAS
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-dev+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
