Here are the logs: 2016-06-16 10:47:57,268 DEBUG [org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] - <Initializing CAS webflow configuration...> 2016-06-16 10:47:58,209 DEBUG [org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] - <Retrieved action state realSubmit> 2016-06-16 10:47:58,209 DEBUG [org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] - <Added transition mfa-duo to the state realSubmit> 2016-06-16 10:47:58,250 DEBUG [org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] - <Registering flow definition [mfa-duo]> 2016-06-16 10:47:58,251 DEBUG [org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer] - <Added transition mfa-duo to the state initialAuthenticationRequestValidationCheck> 2016-06-16 10:48:07,964 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Preparing to schedule job to clean up after tickets...> 2016-06-16 10:48:07,972 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Scheduling DefaultTicketRegistry job> 2016-06-16 10:48:07,973 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <DefaultTicketRegistry will clean tickets every 2 minutes> 2016-06-16 10:48:08,300 DEBUG [org.apereo.cas.web.support.DefaultCasCookieValueManager] - <Using cipher [class org.apereo.cas.util.TGCCipherExecutor$$EnhancerBySpringCGLIB$$4072cd3b to encrypt and decode the cookie> 2016-06-16 10:48:09,143 DEBUG [org.apereo.cas.util.TGCCipherExecutor] - <Initialized cipher encryption sequence via [A128CBC-HS256]> 2016-06-16 10:48:09,510 DEBUG [org.apereo.cas.web.view.Cas30JsonResponseView] - <Initializing Cas30JsonResponseView> 2016-06-16 10:48:09,698 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loading services from JsonServiceRegistryDao> 2016-06-16 10:48:09,750 DEBUG [org.apereo.cas.services.ServiceRegistryConfigWatcher] - <Created service registry watcher for events of type ENTRY_CREATE> 2016-06-16 10:48:09,752 DEBUG [org.apereo.cas.services.ServiceRegistryConfigWatcher] - <Watching service registry directory at /opt/apache-tomcat-8.0.36/webapps/cas/WEB-INF/classes/services> 2016-06-16 10:48:09,756 DEBUG [org.apereo.cas.services.AbstractResourceBasedServiceRegistryDao] - <Started service registry watcher thread> 2016-06-16 10:48:10,619 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^(http|imaps)://.*> 2016-06-16 10:48:10,619 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^https://www.apereo.org> 2016-06-16 10:48:10,620 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services from JsonServiceRegistryDao.> 2016-06-16 10:48:10,704 DEBUG [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <Calculated threshold rate as 1.6666666666666667> 2016-06-16 10:48:10,730 DEBUG [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressHandlerInterceptorAdapter] - <Calculated threshold rate as 1.6666666666666667> 2016-06-16 10:48:10,768 DEBUG [org.apereo.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <Calculated threshold rate as 1.6666666666666667> 2016-06-16 10:48:10,768 DEBUG [org.apereo.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <No data source is defined for inspektrIpAddressUsernameThrottle. Ignoring the construction of JDBC template> 2016-06-16 10:48:11,390 INFO [org.apereo.cas.web.CasWebApplicationServletInitializer] - <Started CasWebApplicationServletInitializer in 28.695 seconds (JVM running for 43.827)> 16-Jun-2016 10:48:11.470 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive /opt/apache-tomcat-8.0.36/webapps/cas.war has finished in 42,803 ms 16-Jun-2016 10:48:11.475 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 16-Jun-2016 10:48:11.486 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"] 16-Jun-2016 10:48:11.488 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 42871 ms 2016-06-16 10:48:26,501 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [authenticationFailure.FailedLoginException]> 2016-06-16 10:48:26,502 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en_US] - neither plain properties nor XML> 2016-06-16 10:48:26,504 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [authenticationFailure.FailedLoginException]> 2016-06-16 10:48:26,505 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en_US] - neither plain properties nor XML> 2016-06-16 10:48:26,506 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [authenticationFailure.FailedLoginException] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:26,507 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML> 2016-06-16 10:48:26,509 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML> 2016-06-16 10:48:26,511 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML> 2016-06-16 10:48:26,511 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Loading properties [messages.properties] with encoding 'UTF-8'> 2016-06-16 10:48:26,543 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created http://hadoopdev1.example.com based on org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c> 2016-06-16 10:48:26,544 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor generated service type org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl for: http://hadoopdev1.example.com> 2016-06-16 10:48:27,169 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [cas.login.pagetitle]> 2016-06-16 10:48:27,170 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [cas.login.pagetitle]> 2016-06-16 10:48:27,171 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [cas.login.pagetitle] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,281 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [logo.title]> 2016-06-16 10:48:27,282 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [logo.title]> 2016-06-16 10:48:27,283 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [logo.title] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,294 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.cookies.disabled.title]> 2016-06-16 10:48:27,294 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.cookies.disabled.title]> 2016-06-16 10:48:27,295 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.cookies.disabled.title] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,298 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.cookies.disabled.message]> 2016-06-16 10:48:27,299 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.cookies.disabled.message]> 2016-06-16 10:48:27,299 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.cookies.disabled.message] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,316 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [cas.login.resources.header]> 2016-06-16 10:48:27,320 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [cas.login.resources.header]> 2016-06-16 10:48:27,320 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [cas.login.resources.header] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,321 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [cas.login.resources.wiki]> 2016-06-16 10:48:27,321 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [cas.login.resources.wiki]> 2016-06-16 10:48:27,321 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [cas.login.resources.wiki] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,323 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [cas.login.resources.issuetracker]> 2016-06-16 10:48:27,327 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [cas.login.resources.issuetracker]> 2016-06-16 10:48:27,327 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [cas.login.resources.issuetracker] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,328 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [cas.login.resources.mailinglist]> 2016-06-16 10:48:27,329 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [cas.login.resources.mailinglist]> 2016-06-16 10:48:27,329 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [cas.login.resources.mailinglist] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,340 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [cas.login.pagetitle]> 2016-06-16 10:48:27,340 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [cas.login.pagetitle]> 2016-06-16 10:48:27,341 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [cas.login.pagetitle] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,354 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.instructions]> 2016-06-16 10:48:27,354 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.instructions]> 2016-06-16 10:48:27,355 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.instructions] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,355 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.label.netid]> 2016-06-16 10:48:27,355 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.label.netid]> 2016-06-16 10:48:27,358 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.label.netid] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,360 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.label.netid.accesskey]> 2016-06-16 10:48:27,360 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.label.netid.accesskey]> 2016-06-16 10:48:27,361 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.label.netid.accesskey] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,366 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.label.password]> 2016-06-16 10:48:27,366 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.label.password]> 2016-06-16 10:48:27,366 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.label.password] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,367 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.label.password.accesskey]> 2016-06-16 10:48:27,368 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.label.password.accesskey]> 2016-06-16 10:48:27,368 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.label.password.accesskey] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,371 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.capslock.on]> 2016-06-16 10:48:27,372 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.capslock.on]> 2016-06-16 10:48:27,372 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.capslock.on] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,375 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.button.login]> 2016-06-16 10:48:27,376 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.button.login]> 2016-06-16 10:48:27,376 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.button.login] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,376 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.button.clear]> 2016-06-16 10:48:27,377 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.button.clear]> 2016-06-16 10:48:27,377 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.button.clear] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,380 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [screen.welcome.security]> 2016-06-16 10:48:27,380 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [screen.welcome.security]> 2016-06-16 10:48:27,380 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [screen.welcome.security] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,382 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [copyright]> 2016-06-16 10:48:27,382 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [copyright]> 2016-06-16 10:48:27,383 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [copyright] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:27,980 DEBUG [org.apereo.cas.util.CasSpringBeanJobFactory] - <Created job org.apereo.cas.ticket.registry.DefaultTicketRegistry@48b56df4 for bundle org.quartz.spi.TriggerFiredBundle@5144b57c> 2016-06-16 10:48:27,984 DEBUG [org.apereo.cas.util.CasSpringBeanJobFactory] - <Autowired job per the application context> 2016-06-16 10:48:27,987 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Beginning ticket cleanup...> 2016-06-16 10:48:37,434 DEBUG [org.apereo.cas.WebflowCipherExecutor] - <Successfully decoded value. Result in Base64-encoding is []> 2016-06-16 10:48:37,441 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created http://hadoopdev1.example.com based on org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c> 2016-06-16 10:48:37,441 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor generated service type org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl for: http://hadoopdev1.example.com> 2016-06-16 10:48:37,445 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:48:37,445 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:48:37,445 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:48:37,446 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:48:37,446 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <Authentication handlers used for this transaction are [org.apereo.cas.authentication.LdapAuthenticationHandler@375d92c2, org.apereo.cas.adaptors.duo.DuoAuthenticationHandler@64349f2]> 2016-06-16 10:48:37,447 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for klintholmes> 2016-06-16 10:48:37,461 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [org.ldaptive.auth.AuthenticationResponse@29657540::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, resolvedDn=CN=klintholmes,OU=User,DC=example,DC=com, ldapEntry=[dn=CN=klintholmes,OU=User,DC=example,DC=com[[mail[klinthol...@example.com]], [displayName[Klint Holmes]], [memberOf[CN=All Students,OU=Groups,DC=example,DC=com]], [sAMAccountName[klintholmes]]], responseControls=null, messageId=-1], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]> 2016-06-16 10:48:37,461 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <No ldap password policy configuration is defined> 2016-06-16 10:48:37,461 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response returned as result. Creating the final LDAP principal> 2016-06-16 10:48:37,461 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Creating LDAP principal for klintholmes based on CN=klintholmes,OU=User,DC=example,DC=com> 2016-06-16 10:48:37,461 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Retrieved principal id attribute klintholmes> 2016-06-16 10:48:37,461 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [displayName[Klint Holmes]]> 2016-06-16 10:48:37,461 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [mail[klinthol...@example.com]]> 2016-06-16 10:48:37,462 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [memberOf[CN=All Students,OU=Groups,DC=example,DC=com]] is multivalued> 2016-06-16 10:48:37,462 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Created LDAP principal for id klintholmes and 5 attributes> 2016-06-16 10:48:37,489 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler successfully authenticated klintholmes> 2016-06-16 10:48:37,489 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <No resolver configured for LdapAuthenticationHandler. Falling back to handler principal klintholmes> 2016-06-16 10:48:37,505 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated klintholmes with credentials [klintholmes].> 2016-06-16 10:48:37,506 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute map for klintholmes: {LdapAuthenticationHandler.dn=CN=klintholmes,OU=User,DC=example,DC=com, memberOf=[CN=All Students,OU=Groups,DC=example,DC=com], mail=klinthol...@example.com, displayName=Klint Holmes}> 2016-06-16 10:48:37,522 DEBUG [org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to see if target's return value is instance of [Assertion]...> 2016-06-16 10:48:37,523 DEBUG [org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Resolving principal from the delegate principal resolver: [org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver@4b942e75]...> 2016-06-16 10:48:37,523 DEBUG [org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [AuthenticationTransaction] for audit> 2016-06-16 10:48:37,524 DEBUG [org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2016-06-16 10:48:37,524 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: klintholmes WHAT: Supplied credentials: [klintholmes] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Thu Jun 16 10:48:37 MDT 2016 CLIENT IP ADDRESS: 137.*.*.* SERVER IP ADDRESS: 137.*.*.* =============================================================
> 2016-06-16 10:48:37,526 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationTransactionManager] - <Successful authentication; Collecting authentication result [org.apereo.cas.authentication.DefaultAuthentication@b9cc9023]> 2016-06-16 10:48:37,542 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:48:37,542 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:48:37,584 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:48:37,584 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:48:37,598 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:48:37,598 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:48:37,602 DEBUG [org.apereo.cas.adaptors.duo.DuoMultifactorAuthenticationProvider] - <Multifactor failure mode for ^(http|imaps)://.* is defined as CLOSED> 2016-06-16 10:48:37,720 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Connecting socket to api-*******.duosecurity.com/:443 with timeout 5000> 2016-06-16 10:48:37,766 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]> 2016-06-16 10:48:37,767 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]> 2016-06-16 10:48:37,768 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Starting handshake> 2016-06-16 10:48:37,873 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - <Secure session established> 2016-06-16 10:48:37,873 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated protocol: TLSv1.2> 2016-06-16 10:48:37,873 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256> 2016-06-16 10:48:37,874 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < peer principal: CN=*.duosecurity.com, O="Duo Security, Inc.", L=Ann Arbor, ST=Michigan, C=US> 2016-06-16 10:48:37,879 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < peer alternative names: [*.duosecurity.com, duosecurity.com]> 2016-06-16 10:48:37,880 DEBUG [org.apereo.cas.authentication.FileTrustStoreSslSocketFactory] - < issuer principal: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US> 2016-06-16 10:48:37,940 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] - <Response code received from server matched 200.> 2016-06-16 10:48:37,955 DEBUG [org.apereo.cas.adaptors.duo.DuoAuthenticationService] - <Received Duo ping response {"response": "pong", "stat": "OK"}> 2016-06-16 10:48:37,984 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:48:37,984 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:48:38,001 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:48:38,001 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:48:38,019 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: /cas/ > 2016-06-16 10:48:38,032 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for TGC cookie generator to: /cas/ > 2016-06-16 10:48:38,043 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created http://hadoopdev1.example.com based on org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c> 2016-06-16 10:48:38,044 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor generated service type org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl for: http://hadoopdev1.example.com> 2016-06-16 10:48:38,105 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created http://hadoopdev1.example.com based on org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c> 2016-06-16 10:48:38,114 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor generated service type org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl for: http://hadoopdev1.example.com> 2016-06-16 10:48:38,149 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [cas.mfa.duologin.pagetitle]> 2016-06-16 10:48:38,149 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [cas.mfa.duologin.pagetitle]> 2016-06-16 10:48:38,150 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [cas.mfa.duologin.pagetitle] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:38,156 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [logo.title]> 2016-06-16 10:48:38,157 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [logo.title]> 2016-06-16 10:48:38,158 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [logo.title] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:48:38,169 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_en_US] for the code [copyright]> 2016-06-16 10:48:38,170 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [copyright]> 2016-06-16 10:48:38,171 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <The code [copyright] cannot be found in the language bundle for the locale [en_US]> 2016-06-16 10:49:03,067 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created http://hadoopdev1.example.com based on org.apereo.cas.authentication.principal.WebApplicationServiceFactory@702a9b2c> 2016-06-16 10:49:03,067 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Extractor generated service type org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl for: http://hadoopdev1.example.com> 2016-06-16 10:49:03,098 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2016-06-16 10:49:03,099 DEBUG [org.apereo.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2016-06-16 10:49:03,100 DEBUG [org.apereo.cas.adaptors.duo.web.flow.DuoAuthenticationWebflowEventResolver] - <Handling authentication transaction for credential org.apereo.cas.adaptors.duo.DuoCredential@475bf673[username=klintholmes,signedDuoResponse=AUTH]> 2016-06-16 10:49:03,101 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <Authentication handlers used for this transaction are [org.apereo.cas.authentication.LdapAuthenticationHandler@375d92c2, org.apereo.cas.adaptors.duo.DuoAuthenticationHandler@64349f2]> 2016-06-16 10:49:03,105 DEBUG [org.apereo.cas.adaptors.duo.DuoAuthenticationService] - <Calling DuoWeb.verifyResponse with signed request token 'AUTH|'> 2016-06-16 10:49:03,106 DEBUG [org.apereo.cas.adaptors.duo.DuoAuthenticationHandler] - <Response from Duo verify: [klintholmes]> 2016-06-16 10:49:03,107 INFO [org.apereo.cas.adaptors.duo.DuoAuthenticationHandler] - <Successful Duo authentication for [klintholmes]> 2016-06-16 10:49:03,110 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <DuoAuthenticationHandler successfully authenticated org.apereo.cas.adaptors.duo.DuoCredential@4]> 2016-06-16 10:49:03,110 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <No resolver configured for DuoAuthenticationHandler. Falling back to handler principal klintholmes> 2016-06-16 10:49:03,111 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated klintholmes with credentials [org.apereo.cas.adaptors.duo.DuoCredential@4.> 2016-06-16 10:49:03,111 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute map for klintholmes: {}> 2016-06-16 10:49:03,131 DEBUG [org.apereo.cas.util.CollectionUtils] - <Converting attribute [DuoAuthenticationHandler]> 2016-06-16 10:49:03,139 DEBUG [org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to see if target's return value is instance of [Assertion]...> 2016-06-16 10:49:03,139 DEBUG [org.apereo.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Resolving principal from the delegate principal resolver: [org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver@4b942e75]...> 2016-06-16 10:49:03,139 DEBUG [org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [AuthenticationTransaction] for audit> 2016-06-16 10:49:03,139 DEBUG [org.apereo.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [DuoCredential] for audit> 2016-06-16 10:49:03,140 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= On Thursday, June 16, 2016 at 9:52:34 AM UTC-6, Misagh Moayyed wrote: > > You’re going to have share logs, at DEBUG, so we can trace the activity. > > > > *From:* cas...@apereo.org <javascript:> [mailto:cas...@apereo.org > <javascript:>] *On Behalf Of *Klint > *Sent:* Thursday, June 16, 2016 7:55 AM > *To:* CAS Developer <cas...@apereo.org <javascript:>> > *Subject:* [cas-dev] CAS v5 M2 Principal Attribute Per Application (Duo) > > > > > > I just started testing the new latest v5 M2 preview and was have been > working on getting the mfa-duo setup, everything seems to be working fine > except it does not seem to honor the "principalAttributeNameTrigger" and > "principalAttributeValueToMatch" to filter which users are forced to use > Duo to login for a service. All users are forced to use Duo. > > > > > > Current Service Definition: > > > > { > > "@class" : "org.apereo.cas.services.RegexRegisteredService", > > "serviceId" : "^(http|imaps)://.*", > > "name" : "HTTPS and IMAPS", > > "id" : 100, > > "multifactorPolicy" : { > > "@class" : > "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy", > > "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ > "mfa-duo" ] ], > > "principalAttributeNameTrigger" : "memberOf", > > "principalAttributeValueToMatch" : "duo_users" > > } > > } > > > > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Developer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-dev+u...@apereo.org <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/. > -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.