Hello,
I'm having the exact same issue as below.
Can anybody help with this or maybe point me in the right direction?
Regards
Jeremy
On Monday, 19 February 2018 20:34:34 UTC+2, Janina Byky wrote:
>
> I'm still getting this error when I use in memory storage. MongoDB is
> disabled.
>
> Qrcode is generated, google app scans it, token field appears and any
> token that I type provides error.
>
> 2018-02-15 09:31:13,970 DEBUG
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[GoogleAuthenticatorAuthenticationHandler] exception details: [Failed to
> authenticate code *253227*].>
> 2018-02-15 09:31:13,971 DEBUG
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>
> - <Credential is not one of username/password and is not accepted by
> handler [LdapAuthenticationHandler]>
> 2018-02-15 09:31:13,972 ERROR
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <*Authentication
> has failed. Credentials may be incorrect or CAS cannot find authentication
> handler that supports [[token=253227]] of type
> [GoogleAuthenticatorTokenCredential]*.>
>
>
> Can anybody help me ?
>
>
> W dniu czwartek, 15 lutego 2018 09:53:52 UTC+1 użytkownik Janina Byky
> napisał:
>>
>> Hello,
>>
>> I'm trying to setup CAS 5.2.2 with Google Authenticator as second auth
>> factor for specified services. CAS is running over LDAP (AD) and GAuth
>> based on mongo. So far everything was great, build succeed, GAuth qrcode
>> appears, user registers and now it's time for TOKEN form. I'm typing all
>> scratch codes and those generated by Google Authenticator, but every single
>> attempt is unsuccessful. Also there's no collection created to store tokens
>> in mongo. Only GAuthRepository is created with proper values of registered
>> users.
>>
>> *cas.properties*
>>
>> cas.authn.accept.users=
>>
>> cas.authn.ldap[0].order=0
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl={CUT}
>> cas.authn.ldap[0].connectionStrategy=DEFAULT
>> cas.authn.ldap[0].useSsl=true
>> cas.authn.ldap[0].connectTimeout=15000
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].baseDn={CUT}
>>
>> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(userPrincipalName={user}))
>> cas.authn.ldap[0].bindDn={CUT}
>> cas.authn.ldap[0].bindCredential={CUT}
>> cas.authn.ldap[0].enhanceWithEntryResolver=true
>> cas.authn.ldap[0].principalAttributeId=sAMAccountName
>> cas.authn.ldap[0].principalAttributePassword=
>> cas.authn.ldap[0].usePasswordPolicy=true
>>
>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,sAMAccountName,memberOf
>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
>> cas.authn.ldap[0].poolPassivator=NONE
>> cas.authn.ldap[0].minPoolSize=2
>> cas.authn.ldap[0].maxPoolSize=15
>>
>>
>> cas.authn.mfa.globalProviderId=mfa-gauth
>> cas.authn.mfa.globalFailureMode=CLOSED
>>
>> cas.authn.mfa.gauth.issuer=TEST
>> cas.authn.mfa.gauth.codeDigits=6
>> cas.authn.mfa.gauth.timeStepSize=60
>> cas.authn.mfa.gauth.windowSize=3
>> cas.authn.mfa.gauth.label=TEST
>> cas.authn.mfa.gauth.rank=0
>>
>> cas.authn.mfa.gauth.cleaner.enabled=true
>> cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000
>> cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000
>>
>> cas.authn.mfa.gauth.bypass.type=DEFAULT
>>
>> cas.authn.mfa.gauth.mongo.clientUri=${mongo.uri}
>> cas.authn.mfa.gauth.mongo.dropCollection=false
>> cas.authn.mfa.gauth.mongo.collection=GAuthRepository
>>
>> cas.authn.mfa.gauth.mongo.tokenCollection=GoogleAuthenticatorMongoDbTokenRepository
>>
>>
>>
>> *pom.xml*
>>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-webapp${app.server}</artifactId>
>> <version>${cas.version}</version>
>> <type>war</type>
>> <scope>runtime</scope>
>> </dependency>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-ldap</artifactId>
>> <version>${cas.version}</version>
>> </dependency>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-saml</artifactId>
>> <version>${cas.version}</version>
>> </dependency>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-gauth</artifactId>
>> <version>${cas.version}</version>
>> </dependency>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-gauth-mongo</artifactId>
>> <version>${cas.version}</version>
>> </dependency>
>>
>>
>> *catalina.log*
>>
>> 2018-02-15 09:31:13,952 DEBUG
>> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver]
>>
>> - <Authentication handlers used for this transaction are
>> [GoogleAuthenticatorAuthenticationHandler,LdapAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]>
>> 2018-02-15 09:31:13,953 DEBUG
>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] -
>> <Received OTP [*253227*]>
>> 2018-02-15 09:31:13,954 DEBUG
>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] -
>> <Received principal id *[j.byky*]>
>> 2018-02-15 09:31:13,970 DEBUG
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <[GoogleAuthenticatorAuthenticationHandler] exception details: [Failed to
>> authenticate code *253227*].>
>> 2018-02-15 09:31:13,971 DEBUG
>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>>
>> - <Credential is not one of username/password and is not accepted by
>> handler [LdapAuthenticationHandler]>
>> 2018-02-15 09:31:13,972 ERROR
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <*Authentication
>> has failed. Credentials may be incorrect or CAS cannot find authentication
>> handler that supports [[token=253227]] of type
>> [GoogleAuthenticatorTokenCredential]*.>
>> 2018-02-15 09:31:13,976 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN
>> =============================================================
>> *WHO: 253227*
>> *WHAT: Supplied credentials: [[token=253227]]*
>> ACTION: AUTHENTICATION_SUCCESS
>> APPLICATION: CAS
>> WHEN: Thu Feb 15 09:31:13 CET 2018
>> CLIENT IP ADDRESS: 10.100.100.20
>> SERVER IP ADDRESS: 10.40.0.2
>> =============================================================
>>
>> >
>> 2018-02-15 09:31:13,978 ERROR
>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] -
>> <1 errors, 0 successes>
>> org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
>> successes
>> at
>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:400)
>>
>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
>> at
>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:380)
>>
>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
>> at
>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:220)
>>
>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
>> at
>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>)
>>
>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
>> at
>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>> at
>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
>>
>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>> at
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>>
>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>> at
>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)
>>
>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>> at
>> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134)
>>
>> ~[inspektr-audit-1.8.0.GA.jar:1.8.0.GA]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> ~[?:1.8.0_162]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>
>> ~[?:1.8.0_162]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>> ~[?:1.8.0_162]
>> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_162]
>> ...
>>
>> 2018-02-15 09:31:13,982 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN
>> =============================================================
>> WHO: *253227*
>> WHAT: [event=error,timestamp=Thu Feb 15 09:31:13 CET
>> 2018,source=OneTimeTokenAuthenticationWebflowEventResolver]
>> ACTION: AUTHENTICATION_EVENT_TRIGGERED
>> APPLICATION: CAS
>> WHEN: Thu Feb 15 09:31:13 CET 2018
>> CLIENT IP ADDRESS: 10.100.100.20
>> SERVER IP ADDRESS: 10.40.0.2
>> =============================================================
>>
>>
>>
>> Can anybody tell me what I'm missing?
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2267c196-5951-4ad1-9d92-f2023de0ff07%40apereo.org.
