What do you mean by REMOVED in properties .

El viernes, 9 de febrero de 2018, brian mancuso <snidd...@gmail.com>
escribió:

> Hey all,
>
> I was originally trying to setup some custom triggers to determine who
> should use MFA and who is allowed to bypass. I have since been directed
> towards Groovy to simplify things, but I'm still having some trouble.
>
> At this point, the Groovy script's purpose is strictly to test if a
> certain user will bypass MFA while others will not. Here's my setup:
>
> */etc/cas/config/cas.properties*
>
> ##
> # Duo security 2fa authentication provider
> # https://www.duosecurity.com/docs/duoweb#1.-generate-an-akey
> #
> cas.authn.mfa.duo[0].rank=0
> cas.authn.mfa.duo[0].duoApiHost=REMOVED
> cas.authn.mfa.duo[0].duoIntegrationKey=REMOVED
> cas.authn.mfa.duo[0].duoSecretKey=REMOVED
> cas.authn.mfa.duo[0].duoApplicationKey=REMOVED
> cas.authn.mfa.duo[0].id=mfa-duo
> cas.authn.mfa.globalProviderId=mfa-duo
> cas.authn.mfa.globalFailureMode=OPEN
> cas.authn.mfa.duo[0].bypass.type=GROOVY
> cas.authn.mfa.duo[0].bypass.groovy.location=file:///etc/cas/
> selectiveDuo.groovy
>
>
> */etc/cas/selectiveDuo.groovy*
>
> def boolean run(final Object... args) {
>     def authentication = args[0]
>     def principal = args[1]
>     def service = args[2]
>     def provider = args[3]
>     def logger = args[4]
>     def httpRequest = args[5]
>
>     logger.info("Evaluating principal attributes ${principal.attributes}")
>
>     def bypass = principal.attributes['uid']
>     if ((bypass.contains("testuser") && provider.id == "mfa-duo") {
>         logger.info("Skipping bypass for principal ${principal.id}")
>         return false
>     }
>
>     return true
> }
>
>
> When I try to login though, whenever a user would be sent to DUO, I get a
> 500 error:
>
>
> <https://lh3.googleusercontent.com/-bqF7r6WYFDU/Wn2r6Zgza6I/AAAAAAAASso/CtOtDNX7IF0Y2Ua0Eb8GyWbXuYdCSbEJgCLcBGAs/s1600/Screen%2BShot%2B2018-02-09%2Bat%2B9.10.22%2BAM.png>
>
> Here's a small snippet from the output:
>
> 2018-02-09 09:04:05,717 DEBUG [org.apereo.cas.web.
> FlowExecutionExceptionResolver] - <Ignoring the received exception due to
> a type mismatch>
> org.springframework.webflow.execution.FlowExecutionException: Exception
> thrown in state 'viewLoginFormDuo' of flow 'mfa-duo'
> at org.springframework.webflow.engine.impl.FlowExecutionImpl.
> wrap(FlowExecutionImpl.java:573) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.impl.FlowExecutionImpl.
> resume(FlowExecutionImpl.java:263) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
> at 
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_151]
>
> Caused by: 
> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException:
> Error encoding flow execution
> at org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getKey(
> ClientFlowExecutionRepository.java:114) ~[spring-webflow-client-repo-
> 1.0.3.jar:1.0.3]
> at org.springframework.webflow.engine.impl.FlowExecutionImpl.
> assignKey(FlowExecutionImpl.java:419) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.impl.RequestControlContextImpl.
> assignFlowExecutionKey(RequestControlContextImpl.java:193)
> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>
> Caused by: java.io.NotSerializableException: org.springframework.core.io.
> UrlResource
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
> ~[?:1.8.0_151]
> at 
> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
> ~[?:1.8.0_151]
>
> 2018-02-09 09:04:05,717 ERROR 
> [org.springframework.boot.web.support.ErrorPageFilter]
> - <Forwarding to error page from request [/login] due to exception
> [Exception thrown in state 'viewLoginFormDuo' of flow 'mfa-duo']>
> org.springframework.webflow.execution.FlowExecutionException: Exception
> thrown in state 'viewLoginFormDuo' of flow 'mfa-duo'
> at org.springframework.webflow.engine.impl.FlowExecutionImpl.
> wrap(FlowExecutionImpl.java:573) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.impl.FlowExecutionImpl.
> resume(FlowExecutionImpl.java:263) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
> at 
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_151]
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62) ~[?:1.8.0_151]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_151]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_151]
>
> Caused by: 
> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException:
> Error encoding flow execution
> at org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getKey(
> ClientFlowExecutionRepository.java:114) ~[spring-webflow-client-repo-
> 1.0.3.jar:1.0.3]
> at org.springframework.webflow.engine.impl.FlowExecutionImpl.
> assignKey(FlowExecutionImpl.java:419) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.impl.RequestControlContextImpl.
> assignFlowExecutionKey(RequestControlContextImpl.java:193)
> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:170)
> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.State.enter(State.java:194)
> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.Transition.execute(Transition.java:228)
> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.impl.FlowExecutionImpl.
> execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
> at org.springframework.webflow.engine.impl.RequestControlContextImpl.
> execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.4.6.
> RELEASE.jar:2.4.6.RELEASE]
>
> Caused by: java.io.NotSerializableException: org.springframework.core.io.
> UrlResource
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
> ~[?:1.8.0_151]
> at 
> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
> ~[?:1.8.0_151]
> at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
> ~[?:1.8.0_151]
> at 
> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
> ~[?:1.8.0_151]
>
>
> I posted the output to pastebin since it was too large for just posting
> here: https://pastebin.com/yNPk4u7n
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/b3ba67e2-e0ca-4a8e-853b-
> 041343564b9f%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3ba67e2-e0ca-4a8e-853b-041343564b9f%40apereo.org?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifxBEeYKy%3D82GDsmWCfCp9rh%3DQcczuSk1ohDTb3AyfFyQ%40mail.gmail.com.

Reply via email to