Hi, thanks for the help, I have not used the customized webflow class Ray provided, because I do not know how to yet. I was looking into this by comparing debug level logging.
What I did is to compare the two projects, one is a simple cas5.3.x overlay and the other is mine (after removing any customization of login flow). Still the simple overlay preserves service parameter, and mine does not, even after I removed all customization done to the flow (apparently there must be still some subtle changes to the flow, I just do not know what it is). For some reason, my flowExecutionUrl lost service parameter. *This is mine that lost service parameter after incorrect user credential.* 2019-02-07 10:42:08,403 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [authenticationFailure] via [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] for this context> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.InitialAuthenticationAction@1d082ed8; result = authenticationFailure> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@1c04a306 expression = authenticationViaFormAction, resultExpression = [null]]; result = authenticationFailure> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@69b93ff2 on = authenticationFailure, to = handleAuthenticationFailure]> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'realSubmit'> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'handleAuthenticationFailure' of flow 'login'> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@5a7334d4 expression = authenticationExceptionHandler, resultExpression = [null]]> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@76e88b6> 2019-02-07 10:42:08,404 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located current event [authenticationFailure]> 2019-02-07 10:42:08,404 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located error attribute [class org.apereo.cas.authentication.AuthenticationException] with message [1 errors, 0 successes] from the current event> 2019-02-07 10:42:08,406 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Unable to translate handler errors of the authentication exception [org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 successes]. Returning [UNKNOWN]> 2019-02-07 10:42:08,409 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Final event id resolved from the error is [UNKNOWN]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@76e88b6; result = UNKNOWN> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@5a7334d4 expression = authenticationExceptionHandler, resultExpression = [null]]; result = UNKNOWN> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@4b9fecdf on = *, to = initializeLoginForm]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'handleAuthenticationFailure'> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'initializeLoginForm' of flow 'login'> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2b48526a expression = initializeLoginAction, resultExpression = [null]]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.InitializeLoginAction@28a78394> 2019-02-07 10:42:08,410 INFO [org.apereo.cas.web.flow.login.InitializeLoginAction] - <Initialized Quest login sequence, original request URL: http://localhost:8180/cas5/login> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.login.InitializeLoginAction@28a78394; result = success> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2b48526a expression = initializeLoginAction, resultExpression = [null]]; result = success> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@75b36a3f on = success, to = viewLoginForm]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'initializeLoginForm'> .............................. 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.ViewState] - <Entering state 'viewLoginForm' of flow 'login'> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Assigned key 2551e999-88a9-4540-b31a..................................> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.ViewState] - <Rendering + [ServletMvcView@30813248 view = org.thymeleaf.spring4.view.ThymeleafView@6781c9ef]> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.ViewState] - < Flash scope = map[[empty]]> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.ViewState] - < Messages = [DefaultMessageContext@54943838 sourceMessages = map[[null] -> list[[Message@46ab2bcf source = [null], severity = ERROR, text = 'Invalid credentials.']]]]> 2019-02-07 10:42:08,418 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Rendering MVC [org.thymeleaf.spring4.view.ThymeleafView@6781c9ef] with model map [{passwordManagementEnabled=true, viewScope=map[[empty]], warnCookieValue=false, org.springframework.validation.BindingResult.credential=org.springframework.webflow.mvc.view.BindingModel: 1 errors Error in object 'credential': codes []; arguments []; default message [Invalid credentials.], staticAuthentication=false, *flowExecutionUrl=/cas5/login?username=fd&password=f* &geolocation=&execution=6334l1YjRDZ5X0Qzb21tZ3pKaXRWRmJxSlRB........, service=AbstractWebApplicationService(id=https://test.com, originalUrl=https://test.com, artifactId=null, principal=null, source=service, loggedOutAlready=false, format=XML, attributes={}), ticketGrantingTicketId=null, googleAnalyticsTrackingId=null, trackGeoLocation=false, flashScope=map[[empty]], registeredService=AbstractRegisteredService(serviceId=^https?://.*, name=CAS-Management3, theme=hcp, informationUrl=null, privacyUrl=null, responseType=null, id=1, description=Management3, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=1, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=https://localhost:8543/ssvenroll/logout, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[]), doChangePassword=false}]> ================================================ *the following is the one preserved service parameter after incorrect credential.* 2019-02-07 09:27:55,199 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [authenticationFailure] via [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] for this context> 2019-02-07 09:27:55,199 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.InitialAuthenticationAction@723fc09a; result = authenticationFailure> 2019-02-07 09:27:55,199 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@1c4ec4ac expression = authenticationViaFormAction, resultExpression = [null]]; result = authenticationFailure> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@7919640a on = authenticationFailure, to = handleAuthenticationFailure]> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'realSubmit'> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'handleAuthenticationFailure' of flow 'login'> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@522dccba expression = authenticationExceptionHandler, resultExpression = [null]]> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@575a46b4> 2019-02-07 09:27:55,200 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located current event [authenticationFailure]> 2019-02-07 09:27:55,200 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located error attribute [class org.apereo.cas.authentication.AuthenticationException] with message [0 errors, 0 successes] from the current event> 2019-02-07 09:27:55,202 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Unable to translate handler errors of the authentication exception [org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes]. Returning [UNKNOWN]> 2019-02-07 09:27:55,205 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Final event id resolved from the error is [UNKNOWN]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@575a46b4; result = UNKNOWN> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@522dccba expression = authenticationExceptionHandler, resultExpression = [null]]; result = UNKNOWN> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@51381f10 on = *, to = initializeLoginForm]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'handleAuthenticationFailure'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'initializeLoginForm' of flow 'login'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2d85dcb3 expression = initializeLoginAction, resultExpression = [null]]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.InitializeLoginAction@5c33f8b7> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.login.InitializeLoginAction@5c33f8b7; result = success> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2d85dcb3 expression = initializeLoginAction, resultExpression = [null]]; result = success> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@3965ba70 on = success, to = checkForPswdResetToken]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'initializeLoginForm'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'checkForPswdResetToken' of flow 'login'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@6fccb97d on = *, to = viewLoginForm]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'checkForPswdResetToken'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.ViewState] - <Entering state 'viewLoginForm' of flow 'login'> 2019-02-07 09:27:55,212 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Assigned key 5a4a05e9-4f13-41e8-859a-........................................> 2019-02-07 09:27:55,212 WARN [org.apereo.cas.services.web.RegisteredServiceThemeResolver] - <Custom theme [hcp] for service [AbstractRegisteredService(serviceId=^https?://.*, name=CAS-Management3, theme=hcp, informationUrl=null, privacyUrl=null, responseType=null, id=1, description=Management3, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=1, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=https://localhost:8543/ssvenroll/logout, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[])] cannot be located. Falling back to default theme...> 2019-02-07 09:27:55,213 DEBUG [org.springframework.webflow.engine.ViewState] - <Rendering + [ServletMvcView@2fa3b937 view = org.thymeleaf.spring4.view.ThymeleafView@16f0e998]> 2019-02-07 09:27:55,213 DEBUG [org.springframework.webflow.engine.ViewState] - < Flash scope = map[[empty]]> 2019-02-07 09:27:55,213 DEBUG [org.springframework.webflow.engine.ViewState] - < Messages = [DefaultMessageContext@133c6c9b sourceMessages = map[[null] -> list[[Message@728eb6f7 source = [null], severity = ERROR, text = 'Invalid credentials.']]]]> 2019-02-07 09:27:55,216 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Rendering MVC [org.thymeleaf.spring4.view.ThymeleafView@16f0e998] with model map [{passwordManagementEnabled=true, viewScope=map[[empty]], warnCookieValue=false, org.springframework.validation.BindingResult.credential=org.springframework.webflow.mvc.view.BindingModel: 1 errors Error in object 'credential': codes []; arguments []; default message [Invalid credentials.], staticAuthentication=false, *flowExecutionUrl=/cas5/login?service=https%3A%2F%2Ftest.com* &username=d&password=dd&geolocation=&execution=3594802e-...................VR, service=AbstractWebApplicationService(id=https://test.com, originalUrl=https://test.com, artifactId=null, principal=null, source=service, loggedOutAlready=false, format=XML, attributes={}), ticketGrantingTicketId=null, googleAnalyticsTrackingId=null, trackGeoLocation=false, flashScope=map[[empty]], registeredService=AbstractRegisteredService(serviceId=^https?://.*, name=CAS-Management3, theme=hcp, informationUrl=null, privacyUrl=null, responseType=null, id=1, description=Management3, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=1, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=https://localhost:8543/ssvenroll/logout, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[]), doChangePassword=false}]> On Wednesday, February 6, 2019 at 6:12:52 PM UTC-5, Colin Wilkinson wrote: > > Hi Yan, > > As Ray correct pointed out the XML webflow defined is a basic starting > point, if search through the you find alot of class extending > Cas*Webflow*Configurer > this include the DefaultLoginWebflowConfigurer. > > During our upgrade from I noticed the same issue that at times the service > parameter was going missing, but the page worked fine as long as I did NOT > do a refresh. From my investigation the service parameter is stored upon > entry into CAS and as long as the page is not force refresh from the user > without the service parameter then CAS should work fine. > > During my investigation I found the following redirect, > <end-state id="redirectView" view="externalRedirect:#{requestScope.url}"/> > > They redirect without the query parameters. There is also a > redirectToLogin as well. > <end-state id="redirectToLogin" view="externalRedirect:#{'login'}"/> > > Given that you have started invalid credentials then its more than likely > going down the "<transition on="authenticationFailure" > to="handleAuthenticationFailure"/>" code and not even hitting your code. > > > Regards, > Colin > > On Thursday, 7 February 2019 05:00:05 UTC+11, Yan Zhou wrote: >> >> Hi there, >> >> I extended CAS 5.3.4. The app. redirects to CAS login page with service >> parameter. >> >> When I type incorrect credential, I saw the invalid credential message, >> but I lost service parameter, the screen refreshes to have only the CAS url. >> >> What could be missing in my code? >> >> Thx! >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8c971a99-eb54-4bf8-a47c-1d1aae99c776%40apereo.org.
