Yan, In the preserved parameter log, checkForPswdResetToken exists between initializeLoginForm and viewLoginForm. It is missing in yours.
Ray On Thu, 2019-02-07 at 12:04 -0800, Yan Zhou wrote: Hi, thanks for the help, I have not used the customized webflow class Ray provided, because I do not know how to yet. I was looking into this by comparing debug level logging. What I did is to compare the two projects, one is a simple cas5.3.x overlay and the other is mine (after removing any customization of login flow). Still the simple overlay preserves service parameter, and mine does not, even after I removed all customization done to the flow (apparently there must be still some subtle changes to the flow, I just do not know what it is). For some reason, my flowExecutionUrl lost service parameter. This is mine that lost service parameter after incorrect user credential. 2019-02-07 10:42:08,403 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [authenticationFailure] via [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] for this context> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.InitialAuthenticationAction@1d082ed8; result = authenticationFailure> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@1c04a306 expression = authenticationViaFormAction, resultExpression = [null]]; result = authenticationFailure> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@69b93ff2 on = authenticationFailure, to = handleAuthenticationFailure]> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'realSubmit'> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'handleAuthenticationFailure' of flow 'login'> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@5a7334d4 expression = authenticationExceptionHandler, resultExpression = [null]]> 2019-02-07 10:42:08,404 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@76e88b6> 2019-02-07 10:42:08,404 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located current event [authenticationFailure]> 2019-02-07 10:42:08,404 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located error attribute [class org.apereo.cas.authentication.AuthenticationException] with message [1 errors, 0 successes] from the current event> 2019-02-07 10:42:08,406 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Unable to translate handler errors of the authentication exception [org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 successes]. Returning [UNKNOWN]> 2019-02-07 10:42:08,409 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Final event id resolved from the error is [UNKNOWN]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@76e88b6; result = UNKNOWN> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@5a7334d4 expression = authenticationExceptionHandler, resultExpression = [null]]; result = UNKNOWN> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@4b9fecdf on = *, to = initializeLoginForm]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'handleAuthenticationFailure'> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'initializeLoginForm' of flow 'login'> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2b48526a expression = initializeLoginAction, resultExpression = [null]]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.InitializeLoginAction@28a78394> 2019-02-07 10:42:08,410 INFO [org.apereo.cas.web.flow.login.InitializeLoginAction] - <Initialized Quest login sequence, original request URL: http://localhost:8180/cas5/login> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.login.InitializeLoginAction@28a78394; result = success> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2b48526a expression = initializeLoginAction, resultExpression = [null]]; result = success> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@75b36a3f on = success, to = viewLoginForm]> 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'initializeLoginForm'> .............................. 2019-02-07 10:42:08,410 DEBUG [org.springframework.webflow.engine.ViewState] - <Entering state 'viewLoginForm' of flow 'login'> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Assigned key 2551e999-88a9-4540-b31a..................................> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.ViewState] - <Rendering + [ServletMvcView@30813248 view = org.thymeleaf.spring4.view.ThymeleafView@6781c9ef]> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.ViewState] - < Flash scope = map[[empty]]> 2019-02-07 10:42:08,415 DEBUG [org.springframework.webflow.engine.ViewState] - < Messages = [DefaultMessageContext@54943838 sourceMessages = map[[null] -> list[[Message@46ab2bcf source = [null], severity = ERROR, text = 'Invalid credentials.']]]]> 2019-02-07 10:42:08,418 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Rendering MVC [org.thymeleaf.spring4.view.ThymeleafView@6781c9ef] with model map [{passwordManagementEnabled=true, viewScope=map[[empty]], warnCookieValue=false, org.springframework.validation.BindingResult.credential=org.springframework.webflow.mvc.view.BindingModel: 1 errors Error in object 'credential': codes []; arguments []; default message [Invalid credentials.], staticAuthentication=false, flowExecutionUrl=/cas5/login?username=fd&password=f&geolocation=&execution=6334l1YjRDZ5X0Qzb21tZ3pKaXRWRmJxSlRB........, service=AbstractWebApplicationService(id=https://test.com, originalUrl=https://test.com, artifactId=null, principal=null, source=service, loggedOutAlready=false, format=XML, attributes={}), ticketGrantingTicketId=null, googleAnalyticsTrackingId=null, trackGeoLocation=false, flashScope=map[[empty]], registeredService=AbstractRegisteredService(serviceId=^https?://.*, name=CAS-Management3, theme=hcp, informationUrl=null, privacyUrl=null, responseType=null, id=1, description=Management3, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=1, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=https://localhost:8543/ssvenroll/logout, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[]), doChangePassword=false}]> ================================================ the following is the one preserved service parameter after incorrect credential. 2019-02-07 09:27:55,199 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [authenticationFailure] via [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] for this context> 2019-02-07 09:27:55,199 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.InitialAuthenticationAction@723fc09a; result = authenticationFailure> 2019-02-07 09:27:55,199 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@1c4ec4ac expression = authenticationViaFormAction, resultExpression = [null]]; result = authenticationFailure> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@7919640a on = authenticationFailure, to = handleAuthenticationFailure]> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'realSubmit'> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'handleAuthenticationFailure' of flow 'login'> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@522dccba expression = authenticationExceptionHandler, resultExpression = [null]]> 2019-02-07 09:27:55,200 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@575a46b4> 2019-02-07 09:27:55,200 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located current event [authenticationFailure]> 2019-02-07 09:27:55,200 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located error attribute [class org.apereo.cas.authentication.AuthenticationException] with message [0 errors, 0 successes] from the current event> 2019-02-07 09:27:55,202 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Unable to translate handler errors of the authentication exception [org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes]. Returning [UNKNOWN]> 2019-02-07 09:27:55,205 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Final event id resolved from the error is [UNKNOWN]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@575a46b4; result = UNKNOWN> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@522dccba expression = authenticationExceptionHandler, resultExpression = [null]]; result = UNKNOWN> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@51381f10 on = *, to = initializeLoginForm]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'handleAuthenticationFailure'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'initializeLoginForm' of flow 'login'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@2d85dcb3 expression = initializeLoginAction, resultExpression = [null]]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.InitializeLoginAction@5c33f8b7> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.login.InitializeLoginAction@5c33f8b7; result = success> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@2d85dcb3 expression = initializeLoginAction, resultExpression = [null]]; result = success> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@3965ba70 on = success, to = checkForPswdResetToken]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'initializeLoginForm'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'checkForPswdResetToken' of flow 'login'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@6fccb97d on = *, to = viewLoginForm]> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'checkForPswdResetToken'> 2019-02-07 09:27:55,206 DEBUG [org.springframework.webflow.engine.ViewState] - <Entering state 'viewLoginForm' of flow 'login'> 2019-02-07 09:27:55,212 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Assigned key 5a4a05e9-4f13-41e8-859a-........................................> 2019-02-07 09:27:55,212 WARN [org.apereo.cas.services.web.RegisteredServiceThemeResolver] - <Custom theme [hcp] for service [AbstractRegisteredService(serviceId=^https?://.*, name=CAS-Management3, theme=hcp, informationUrl=null, privacyUrl=null, responseType=null, id=1, description=Management3, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=1, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=https://localhost:8543/ssvenroll/logout, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[])] cannot be located. Falling back to default theme...> 2019-02-07 09:27:55,213 DEBUG [org.springframework.webflow.engine.ViewState] - <Rendering + [ServletMvcView@2fa3b937 view = org.thymeleaf.spring4.view.ThymeleafView@16f0e998]> 2019-02-07 09:27:55,213 DEBUG [org.springframework.webflow.engine.ViewState] - < Flash scope = map[[empty]]> 2019-02-07 09:27:55,213 DEBUG [org.springframework.webflow.engine.ViewState] - < Messages = [DefaultMessageContext@133c6c9b sourceMessages = map[[null] -> list[[Message@728eb6f7 source = [null], severity = ERROR, text = 'Invalid credentials.']]]]> 2019-02-07 09:27:55,216 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Rendering MVC [org.thymeleaf.spring4.view.ThymeleafView@16f0e998] with model map [{passwordManagementEnabled=true, viewScope=map[[empty]], warnCookieValue=false, org.springframework.validation.BindingResult.credential=org.springframework.webflow.mvc.view.BindingModel: 1 errors Error in object 'credential': codes []; arguments []; default message [Invalid credentials.], staticAuthentication=false, flowExecutionUrl=/cas5/login?service=https%3A%2F%2Ftest.com&username=d&password=dd&geolocation=&execution=3594802e-...................VR, service=AbstractWebApplicationService(id=https://test.com, originalUrl=https://test.com, artifactId=null, principal=null, source=service, loggedOutAlready=false, format=XML, attributes={}), ticketGrantingTicketId=null, googleAnalyticsTrackingId=null, trackGeoLocation=false, flashScope=map[[empty]], registeredService=AbstractRegisteredService(serviceId=^https?://.*, name=CAS-Management3, theme=hcp, informationUrl=null, privacyUrl=null, responseType=null, id=1, description=Management3, expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, notifyWhenDeleted=false, expirationDate=null), proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, evaluationOrder=1, usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, logoutType=BACK_CHANNEL, requiredHandlers=[], attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, principalAttributesRepository=DefaultPrincipalAttributesRepository(), consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=true, excludedAttributes=null, includeOnlyAttributes=null), authorizedToReleaseCredentialPassword=false, authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null)), multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], failureMode=NOT_SET, principalAttributeNameTrigger=null, principalAttributeValueToMatch=null, bypassEnabled=false), logo=null, logoutUrl=https://localhost:8543/ssvenroll/logout, accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, ssoEnabled=true, unauthorizedRedirectUrl=null, delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[]), requireAllAttributes=true, requiredAttributes={}, rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, contacts=[]), doChangePassword=false}]> On Wednesday, February 6, 2019 at 6:12:52 PM UTC-5, Colin Wilkinson wrote: Hi Yan, As Ray correct pointed out the XML webflow defined is a basic starting point, if search through the you find alot of class extending CasWebflowConfigurer this include the DefaultLoginWebflowConfigurer. During our upgrade from I noticed the same issue that at times the service parameter was going missing, but the page worked fine as long as I did NOT do a refresh. From my investigation the service parameter is stored upon entry into CAS and as long as the page is not force refresh from the user without the service parameter then CAS should work fine. During my investigation I found the following redirect, <end-state id="redirectView" view="externalRedirect:#{requestScope.url}"/> They redirect without the query parameters. There is also a redirectToLogin as well. <end-state id="redirectToLogin" view="externalRedirect:#{'login'}"/> Given that you have started invalid credentials then its more than likely going down the "<transition on="authenticationFailure" to="handleAuthenticationFailure"/>" code and not even hitting your code. Regards, Colin On Thursday, 7 February 2019 05:00:05 UTC+11, Yan Zhou wrote: Hi there, I extended CAS 5.3.4. The app. redirects to CAS login page with service parameter. When I type incorrect credential, I saw the invalid credential message, but I lost service parameter, the screen refreshes to have only the CAS url. What could be missing in my code? Thx! -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1549577545.3601.148.camel%40uvic.ca.