What do you mean by REMOVED in properties . El viernes, 9 de febrero de 2018, brian mancuso <[email protected]> escribió:
> Hey all, > > I was originally trying to setup some custom triggers to determine who > should use MFA and who is allowed to bypass. I have since been directed > towards Groovy to simplify things, but I'm still having some trouble. > > At this point, the Groovy script's purpose is strictly to test if a > certain user will bypass MFA while others will not. Here's my setup: > > */etc/cas/config/cas.properties* > > ## > # Duo security 2fa authentication provider > # https://www.duosecurity.com/docs/duoweb#1.-generate-an-akey > # > cas.authn.mfa.duo[0].rank=0 > cas.authn.mfa.duo[0].duoApiHost=REMOVED > cas.authn.mfa.duo[0].duoIntegrationKey=REMOVED > cas.authn.mfa.duo[0].duoSecretKey=REMOVED > cas.authn.mfa.duo[0].duoApplicationKey=REMOVED > cas.authn.mfa.duo[0].id=mfa-duo > cas.authn.mfa.globalProviderId=mfa-duo > cas.authn.mfa.globalFailureMode=OPEN > cas.authn.mfa.duo[0].bypass.type=GROOVY > cas.authn.mfa.duo[0].bypass.groovy.location=file:///etc/cas/ > selectiveDuo.groovy > > > */etc/cas/selectiveDuo.groovy* > > def boolean run(final Object... args) { > def authentication = args[0] > def principal = args[1] > def service = args[2] > def provider = args[3] > def logger = args[4] > def httpRequest = args[5] > > logger.info("Evaluating principal attributes ${principal.attributes}") > > def bypass = principal.attributes['uid'] > if ((bypass.contains("testuser") && provider.id == "mfa-duo") { > logger.info("Skipping bypass for principal ${principal.id}") > return false > } > > return true > } > > > When I try to login though, whenever a user would be sent to DUO, I get a > 500 error: > > > <https://lh3.googleusercontent.com/-bqF7r6WYFDU/Wn2r6Zgza6I/AAAAAAAASso/CtOtDNX7IF0Y2Ua0Eb8GyWbXuYdCSbEJgCLcBGAs/s1600/Screen%2BShot%2B2018-02-09%2Bat%2B9.10.22%2BAM.png> > > Here's a small snippet from the output: > > 2018-02-09 09:04:05,717 DEBUG [org.apereo.cas.web. > FlowExecutionExceptionResolver] - <Ignoring the received exception due to > a type mismatch> > org.springframework.webflow.execution.FlowExecutionException: Exception > thrown in state 'viewLoginFormDuo' of flow 'mfa-duo' > at org.springframework.webflow.engine.impl.FlowExecutionImpl. > wrap(FlowExecutionImpl.java:573) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.impl.FlowExecutionImpl. > resume(FlowExecutionImpl.java:263) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > at > org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169) > ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_151] > > Caused by: > org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException: > Error encoding flow execution > at org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getKey( > ClientFlowExecutionRepository.java:114) ~[spring-webflow-client-repo- > 1.0.3.jar:1.0.3] > at org.springframework.webflow.engine.impl.FlowExecutionImpl. > assignKey(FlowExecutionImpl.java:419) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.impl.RequestControlContextImpl. > assignFlowExecutionKey(RequestControlContextImpl.java:193) > ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] > > Caused by: java.io.NotSerializableException: org.springframework.core.io. > UrlResource > at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) > ~[?:1.8.0_151] > at > java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) > ~[?:1.8.0_151] > > 2018-02-09 09:04:05,717 ERROR > [org.springframework.boot.web.support.ErrorPageFilter] > - <Forwarding to error page from request [/login] due to exception > [Exception thrown in state 'viewLoginFormDuo' of flow 'mfa-duo']> > org.springframework.webflow.execution.FlowExecutionException: Exception > thrown in state 'viewLoginFormDuo' of flow 'mfa-duo' > at org.springframework.webflow.engine.impl.FlowExecutionImpl. > wrap(FlowExecutionImpl.java:573) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.impl.FlowExecutionImpl. > resume(FlowExecutionImpl.java:263) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > at > org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169) > ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_151] > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) ~[?:1.8.0_151] > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_151] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_151] > > Caused by: > org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException: > Error encoding flow execution > at org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getKey( > ClientFlowExecutionRepository.java:114) ~[spring-webflow-client-repo- > 1.0.3.jar:1.0.3] > at org.springframework.webflow.engine.impl.FlowExecutionImpl. > assignKey(FlowExecutionImpl.java:419) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.impl.RequestControlContextImpl. > assignFlowExecutionKey(RequestControlContextImpl.java:193) > ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:170) > ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.State.enter(State.java:194) > ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.Transition.execute(Transition.java:228) > ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.impl.FlowExecutionImpl. > execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > at org.springframework.webflow.engine.impl.RequestControlContextImpl. > execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.4.6. > RELEASE.jar:2.4.6.RELEASE] > > Caused by: java.io.NotSerializableException: org.springframework.core.io. > UrlResource > at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) > ~[?:1.8.0_151] > at > java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) > ~[?:1.8.0_151] > at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) > ~[?:1.8.0_151] > at > java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) > ~[?:1.8.0_151] > > > I posted the output to pastebin since it was too large for just posting > here: https://pastebin.com/yNPk4u7n > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/b3ba67e2-e0ca-4a8e-853b- > 041343564b9f%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3ba67e2-e0ca-4a8e-853b-041343564b9f%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifxBEeYKy%3D82GDsmWCfCp9rh%3DQcczuSk1ohDTb3AyfFyQ%40mail.gmail.com.
