Thank you for your feedback Mickaël, much appreciated. I configured cas to use mariadb as mentioned below and I still get the same issue as with mongodb.
Time on my server and app is exactly the same. Its very strange though, scratch codes works fine but not generated OTP on Google Authenticator app after scanning the QR code. This is the error that I get: *[org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] - <Authorization of OTP token [359062] has failed>* *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [OneTimeTokenCredential(* *token=359062)] of type [GoogleAuthenticatorTokenCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>* *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[TEST] exception details: [Failed to authenticate code 359062].>* *[org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording authentication handler failure under key [TEST]>* I'm not sure what I'm missing at all :-( Kind Regards Jeremy On Monday, 4 March 2019 09:36:12 UTC+2, Mickaël wrote: > > Hi Jeremy, > > This is an extract for configuring CAS to use gauth with my server MySQL. > This server is a MariaDB server on Debian 9. > The encryption key and signing key are generated at each start of the CAS > server and sent to the log file catalina.out You can start it one time and > copy/paste to your configuration file for the next startup. > > cas.authn.mfa.gauth.crypto.encryption.key=XXXXXX > cas.authn.mfa.gauth.crypto.signing.key=XXXXXXX > cas.authn.mfa.gauth.issuer="Name of your service" > cas.authn.mfa.gauth.label="Something that describe the service" > cas.authn.mfa.gauth.jpa.autocommit=true > cas.authn.mfa.gauth.jpa.dialect=org.hibernate.dialect.MySQL5Dialect > cas.authn.mfa.gauth.jpa.ddlAuto=update > cas.authn.mfa.gauth.jpa.driverClass=com.mysql.cj.jdbc.Driver > cas.authn.mfa.gauth.jpa.healthQuery=SELECT 1 FROM > INFORMATION_SCHEMA.SYSTEM_VARIABLES > cas.authn.mfa.gauth.jpa.password=YOUR_BDD_PASSWORD > > cas.authn.mfa.gauth.jpa.url=jdbc:mysql://BDD_SERVER:3306/DATABASE_TO_STORE?serverTimezone=Europe/Paris > cas.authn.mfa.gauth.jpa.user=YOUR_BDD_USER > > Sincerely, Mickaël > > Le ven. 1 mars 2019 à 08:55, Jeremy Van Rooyen <[email protected] > <javascript:>> a écrit : > >> Hi Mickaël, >> >> Can you give me some guidance on the gauth-jpa configuration in the >> cas.properties file if possible? >> >> Much appreciated. >> >> Jeremy >> >> On Friday, 22 February 2019 15:53:22 UTC+2, Jeremy Van Rooyen wrote: >>> >>> Thanks Mickaël, >>> >>> I think I will try with JPA - to store generated otp's in sql db and see >>> what happens. I'm not sure that will solve it but it's worth a try. >>> >>> Would you share your cas.properties so that I can compare configurations >>> if possible? >>> >>> Kind Regards >>> Jeremy >>> >>> On Friday, 22 February 2019 14:01:32 UTC+2, Mickaël wrote: >>>> >>>> andOTP is the name of the app I'm use. It is opensource. >>>> >>>> Regards, >>>> >>>> Mickaël >>>> >>>> Le ven. 22 févr. 2019 à 12:14, Jeremy Van Rooyen <[email protected]> >>>> a écrit : >>>> >>>>> I see your email was cut off :-) >>>>> >>>>> You are using what and OTP? >>>>> >>>>> Kind Regards >>>>> Jeremy >>>>> >>>>> On Friday, 22 February 2019 12:45:10 UTC+2, Mickaël wrote: >>>>>> >>>>>> No problem. >>>>>> >>>>>> Have you test with another app? I'm using andOTP but I don't think >>>>>> the problem is here. >>>>>> >>>>>> Sincerely, >>>>>> >>>>>> Mickaël >>>>>> >>>>>> Le ven. 22 févr. 2019 à 11:39, Jeremy Van Rooyen <[email protected]> >>>>>> a écrit : >>>>>> >>>>>>> Apologies Mickaël, >>>>>>> >>>>>>> The webapp server and my smartphone's time is the same yes. >>>>>>> >>>>>>> Kind Regards >>>>>>> Jeremy >>>>>>> >>>>>>> On Friday, 22 February 2019 10:44:11 UTC+2, Mickaël wrote: >>>>>>>> >>>>>>>> Jeremy, you don't tell me if the webapp server is at the good time >>>>>>>> and your smartphone too. >>>>>>>> Token are time based, so if one of the device has not the good >>>>>>>> time, you will have problems. >>>>>>>> >>>>>>>> Sincerely, >>>>>>>> >>>>>>>> Mickaël >>>>>>>> >>>>>>>> Le ven. 22 févr. 2019 à 08:45, Jeremy Van Rooyen < >>>>>>>> [email protected]> a écrit : >>>>>>>> >>>>>>>>> Thanks for your feedback Mickaël, >>>>>>>>> >>>>>>>>> For the second part I'm presented by the qrcode and 5 scratch >>>>>>>>> codes. When I scan the qrcode my Google Authenticator app on phone >>>>>>>>> accepts >>>>>>>>> it. >>>>>>>>> >>>>>>>>> Then I click on register and enter the token displayed by the >>>>>>>>> Google Authenticator app and it says --> "*Credentials are >>>>>>>>> rejected/invalid and authentication attempt has failed.*" >>>>>>>>> >>>>>>>>> This is what I see in the CAS log file: >>>>>>>>> >>>>>>>>> *DEBUG >>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>> <Attempting to authenticate credential >>>>>>>>> [OneTimeTokenCredential(token=420195)]>* >>>>>>>>> *DEBUG >>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>> <Attempting authentication of [420195] using >>>>>>>>> [GoogleAuthenticatorAuthenticationHandler]>* >>>>>>>>> *DEBUG >>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>> - >>>>>>>>> <Received OTP [420195]>* >>>>>>>>> *DEBUG >>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>> - >>>>>>>>> <Received principal id [jeremy]. Attempting to locate account in >>>>>>>>> credential >>>>>>>>> repository...>* >>>>>>>>> *DEBUG >>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>> - >>>>>>>>> <Attempting to locate OTP token [420195] in token repository for >>>>>>>>> [jeremy]...>* >>>>>>>>> *DEBUG >>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>> - >>>>>>>>> <Attempting to authorize OTP token [420195]...>* >>>>>>>>> * WARN >>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>> - >>>>>>>>> <Authorization of OTP token [420195] has failed>* >>>>>>>>> >>>>>>>>> It sounds to me that when I use the scratch codes it is stored in >>>>>>>>> the mongodb and can be found in the token repository (stored in db), >>>>>>>>> but >>>>>>>>> not for the tokens used on Google Authenticator app? Not sure if my >>>>>>>>> understanding is correct? >>>>>>>>> >>>>>>>>> Thanks in advance >>>>>>>>> Jeremy >>>>>>>>> >>>>>>>>> On Thursday, 21 February 2019 16:50:42 UTC+2, Mickaël wrote: >>>>>>>>>> >>>>>>>>>> Yes Jeremy, that's what I mean. >>>>>>>>>> I'm using JPA for my service registry and the CAS manager webapp >>>>>>>>>> but it is the same way. >>>>>>>>>> >>>>>>>>>> For the second part, are you invited to enter your token code >>>>>>>>>> displayed by your Google authenticator app? >>>>>>>>>> >>>>>>>>>> If it doesn't work, perhaps your server is not at the good time. >>>>>>>>>> NTP can help you to fix it. >>>>>>>>>> >>>>>>>>>> Sincerely, >>>>>>>>>> >>>>>>>>>> Mickaël >>>>>>>>>> >>>>>>>>>> Le jeu. 21 févr. 2019 à 13:53, Jeremy Van Rooyen < >>>>>>>>>> [email protected]> a écrit : >>>>>>>>>> >>>>>>>>>>> Hi Mickaël, >>>>>>>>>>> >>>>>>>>>>> On Thursday, 21 February 2019 14:01:17 UTC+2, Mickaël wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hi Jeremy, >>>>>>>>>>>> >>>>>>>>>>>> It is a great news about the scratch codes. >>>>>>>>>>>> >>>>>>>>>>>> I'm not sure to understand your question about qrcode. To >>>>>>>>>>>> register a device, it is possible and required when a service is >>>>>>>>>>>> registered >>>>>>>>>>>> on your CAS with "Google Authentication" as MFA. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Do you mean that the service "Google Authentication" as MFA must >>>>>>>>>>> be registered under the services configuration in json format? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> So, at the first login without a registered device, user will >>>>>>>>>>>> be ask to scan the qrcode on the screen and save (or print) the >>>>>>>>>>>> scratch >>>>>>>>>>>> codes. After clilk on the next button, user should enter is token >>>>>>>>>>>> in the >>>>>>>>>>>> field to finish the registration and be redirected to the service. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This is what happens exactly the way you explain it here. So >>>>>>>>>>> when I scan the qrcode with my phone it does not take the codes >>>>>>>>>>> generated >>>>>>>>>>> on the Google Authenticator app. It however does take the on screen >>>>>>>>>>> codes. >>>>>>>>>>> >>>>>>>>>>> I hope this clears up my question? >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Does it answer to your question Jeremy ? >>>>>>>>>>>> >>>>>>>>>>>> My own question about this system, how to unregistered a device >>>>>>>>>>>> in case of change of device or loss ? I don't know URL to do >>>>>>>>>>>> that... >>>>>>>>>>>> >>>>>>>>>>>> Sincerely, >>>>>>>>>>>> >>>>>>>>>>>> Mickaël >>>>>>>>>>>> >>>>>>>>>>>> Le jeudi 21 février 2019 11:32:54 UTC+1, Jeremy Van Rooyen a >>>>>>>>>>>> écrit : >>>>>>>>>>>>> >>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks for your reply. >>>>>>>>>>>>> >>>>>>>>>>>>> So after playing around a bit more it seems like the on screen >>>>>>>>>>>>> scratch codes is being stored in the mongodb and using that it >>>>>>>>>>>>> allows me to >>>>>>>>>>>>> authenticate perfectly. >>>>>>>>>>>>> >>>>>>>>>>>>> The next question is how would one register via the qrcode >>>>>>>>>>>>> using the Google Authenticator app on phone? Or am I not >>>>>>>>>>>>> understanding >>>>>>>>>>>>> something? >>>>>>>>>>>>> >>>>>>>>>>>>> Kind Regards >>>>>>>>>>>>> Jeremy >>>>>>>>>>>>> >>>>>>>>>>>>> On Tuesday, 19 February 2019 10:30:29 UTC+2, Mickaël wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Are you sure there is anything register in your Mongo >>>>>>>>>>>>>> database ? Scratch codes and token are store in DB for each user >>>>>>>>>>>>>> in 2 >>>>>>>>>>>>>> different tables. >>>>>>>>>>>>>> >>>>>>>>>>>>>> It is strange to see that, normally "WHO" is the user, not >>>>>>>>>>>>>> the token : >>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>> >>>>>>>>>>>>>> For information, I am using gauth with MariaDB without any >>>>>>>>>>>>>> issue. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>> >>>>>>>>>>>>>> Le jeudi 15 février 2018 09:53:52 UTC+1, Janina Byky a écrit : >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'm trying to setup CAS 5.2.2 with Google Authenticator as >>>>>>>>>>>>>>> second auth factor for specified services. CAS is running over >>>>>>>>>>>>>>> LDAP (AD) >>>>>>>>>>>>>>> and GAuth based on mongo. So far everything was great, build >>>>>>>>>>>>>>> succeed, GAuth >>>>>>>>>>>>>>> qrcode appears, user registers and now it's time for TOKEN >>>>>>>>>>>>>>> form. I'm typing >>>>>>>>>>>>>>> all scratch codes and those generated by Google Authenticator, >>>>>>>>>>>>>>> but every >>>>>>>>>>>>>>> single attempt is unsuccessful. Also there's no collection >>>>>>>>>>>>>>> created to store >>>>>>>>>>>>>>> tokens in mongo. Only GAuthRepository is created with proper >>>>>>>>>>>>>>> values of >>>>>>>>>>>>>>> registered users. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> *cas.properties* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.accept.users= >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.ldap[0].order=0 >>>>>>>>>>>>>>> cas.authn.ldap[0].type=AUTHENTICATED >>>>>>>>>>>>>>> cas.authn.ldap[0].ldapUrl={CUT} >>>>>>>>>>>>>>> cas.authn.ldap[0].connectionStrategy=DEFAULT >>>>>>>>>>>>>>> cas.authn.ldap[0].useSsl=true >>>>>>>>>>>>>>> cas.authn.ldap[0].connectTimeout=15000 >>>>>>>>>>>>>>> cas.authn.ldap[0].subtreeSearch=true >>>>>>>>>>>>>>> cas.authn.ldap[0].baseDn={CUT} >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(userPrincipalName={user})) >>>>>>>>>>>>>>> cas.authn.ldap[0].bindDn={CUT} >>>>>>>>>>>>>>> cas.authn.ldap[0].bindCredential={CUT} >>>>>>>>>>>>>>> cas.authn.ldap[0].enhanceWithEntryResolver=true >>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeId=sAMAccountName >>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributePassword= >>>>>>>>>>>>>>> cas.authn.ldap[0].usePasswordPolicy=true >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,sAMAccountName,memberOf >>>>>>>>>>>>>>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >>>>>>>>>>>>>>> cas.authn.ldap[0].poolPassivator=NONE >>>>>>>>>>>>>>> cas.authn.ldap[0].minPoolSize=2 >>>>>>>>>>>>>>> cas.authn.ldap[0].maxPoolSize=15 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.mfa.globalProviderId=mfa-gauth >>>>>>>>>>>>>>> cas.authn.mfa.globalFailureMode=CLOSED >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.mfa.gauth.issuer=TEST >>>>>>>>>>>>>>> cas.authn.mfa.gauth.codeDigits=6 >>>>>>>>>>>>>>> cas.authn.mfa.gauth.timeStepSize=60 >>>>>>>>>>>>>>> cas.authn.mfa.gauth.windowSize=3 >>>>>>>>>>>>>>> cas.authn.mfa.gauth.label=TEST >>>>>>>>>>>>>>> cas.authn.mfa.gauth.rank=0 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.enabled=true >>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 >>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.mfa.gauth.bypass.type=DEFAULT >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.clientUri=${mongo.uri} >>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.dropCollection=false >>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.collection=GAuthRepository >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.tokenCollection=GoogleAuthenticatorMongoDbTokenRepository >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> *pom.xml* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <artifactId>cas-server-webapp${app.server}</artifactId> >>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>> <type>war</type> >>>>>>>>>>>>>>> <scope>runtime</scope> >>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>> <artifactId>cas-server-support-ldap</artifactId> >>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>> <artifactId>cas-server-support-saml</artifactId> >>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth</artifactId> >>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth-mongo</artifactId> >>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> *catalina.log* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,952 DEBUG >>>>>>>>>>>>>>> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> - <Authentication handlers used for this transaction are >>>>>>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler,LdapAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,953 DEBUG >>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>> - >>>>>>>>>>>>>>> <Received OTP [*253227*]> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,954 DEBUG >>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>> - >>>>>>>>>>>>>>> <Received principal id *[j.byky*]> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,970 DEBUG >>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>> - >>>>>>>>>>>>>>> <[GoogleAuthenticatorAuthenticationHandler] exception details: >>>>>>>>>>>>>>> [Failed to >>>>>>>>>>>>>>> authenticate code *253227*].> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,971 DEBUG >>>>>>>>>>>>>>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> - <Credential is not one of username/password and is not >>>>>>>>>>>>>>> accepted by >>>>>>>>>>>>>>> handler [LdapAuthenticationHandler]> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,972 ERROR >>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>> - <*Authentication >>>>>>>>>>>>>>> has failed. Credentials may be incorrect or CAS cannot find >>>>>>>>>>>>>>> authentication >>>>>>>>>>>>>>> handler that supports [[token=253227]] of type >>>>>>>>>>>>>>> [GoogleAuthenticatorTokenCredential]*.> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,976 INFO >>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>> ACTION: AUTHENTICATION_SUCCESS >>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> 2018-02-15 09:31:13,978 ERROR >>>>>>>>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] >>>>>>>>>>>>>>> - >>>>>>>>>>>>>>> <1 errors, 0 successes> >>>>>>>>>>>>>>> org.apereo.cas.authentication.AuthenticationException: 1 >>>>>>>>>>>>>>> errors, 0 successes >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:400) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:380) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:220) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[inspektr-audit-1.8.0.GA.jar:1.8.0.GA] >>>>>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>>>>>>>>>>>>>> Method) ~[?:1.8.0_162] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>> ... >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2018-02-15 09:31:13,982 INFO >>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>> WHO: *253227* >>>>>>>>>>>>>>> WHAT: [event=error,timestamp=Thu Feb 15 09:31:13 CET >>>>>>>>>>>>>>> 2018,source=OneTimeTokenAuthenticationWebflowEventResolver] >>>>>>>>>>>>>>> ACTION: AUTHENTICATION_EVENT_TRIGGERED >>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can anybody tell me what I'm missing? >>>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org >>>>>>>>>>> >>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "CAS Community" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org >>>>>>> >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org >>>>> >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce3b86a2-0923-4b46-9722-046cc892ac4d%40apereo.org.
