Jeremy, have you a policy named *[TEST] *? What is your auth method ? LDAP, database, AD, other ?
Sincerely, Mickaël Le lundi 4 mars 2019 11:09:18 UTC+1, Jeremy Van Rooyen a écrit : > > Thank you for your feedback Mickaël, much appreciated. > > I configured cas to use mariadb as mentioned below and I still get the > same issue as with mongodb. > > Time on my server and app is exactly the same. > > Its very strange though, scratch codes works fine but not generated OTP on > Google Authenticator app after scanning the QR code. > > This is the error that I get: > > *[org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] > - <Authorization of OTP token [359062] has failed>* > *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <Authentication has failed. Credentials may be incorrect or CAS cannot find > authentication handler that supports [OneTimeTokenCredential(* > *token=359062)] of type [GoogleAuthenticatorTokenCredential]. Examine the > configuration to ensure a method of authentication is defined and analyze > CAS logs at DEBUG level to trace the authentication event.>* > *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <[TEST] exception details: [Failed to authenticate code 359062].>* > *[org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording > authentication handler failure under key [TEST]>* > > I'm not sure what I'm missing at all :-( > > Kind Regards > Jeremy > > On Monday, 4 March 2019 09:36:12 UTC+2, Mickaël wrote: >> >> Hi Jeremy, >> >> This is an extract for configuring CAS to use gauth with my server MySQL. >> This server is a MariaDB server on Debian 9. >> The encryption key and signing key are generated at each start of the CAS >> server and sent to the log file catalina.out You can start it one time and >> copy/paste to your configuration file for the next startup. >> >> cas.authn.mfa.gauth.crypto.encryption.key=XXXXXX >> cas.authn.mfa.gauth.crypto.signing.key=XXXXXXX >> cas.authn.mfa.gauth.issuer="Name of your service" >> cas.authn.mfa.gauth.label="Something that describe the service" >> cas.authn.mfa.gauth.jpa.autocommit=true >> cas.authn.mfa.gauth.jpa.dialect=org.hibernate.dialect.MySQL5Dialect >> cas.authn.mfa.gauth.jpa.ddlAuto=update >> cas.authn.mfa.gauth.jpa.driverClass=com.mysql.cj.jdbc.Driver >> cas.authn.mfa.gauth.jpa.healthQuery=SELECT 1 FROM >> INFORMATION_SCHEMA.SYSTEM_VARIABLES >> cas.authn.mfa.gauth.jpa.password=YOUR_BDD_PASSWORD >> >> cas.authn.mfa.gauth.jpa.url=jdbc:mysql://BDD_SERVER:3306/DATABASE_TO_STORE?serverTimezone=Europe/Paris >> cas.authn.mfa.gauth.jpa.user=YOUR_BDD_USER >> >> Sincerely, Mickaël >> >> Le ven. 1 mars 2019 à 08:55, Jeremy Van Rooyen <[email protected]> a >> écrit : >> >>> Hi Mickaël, >>> >>> Can you give me some guidance on the gauth-jpa configuration in the >>> cas.properties file if possible? >>> >>> Much appreciated. >>> >>> Jeremy >>> >>> On Friday, 22 February 2019 15:53:22 UTC+2, Jeremy Van Rooyen wrote: >>>> >>>> Thanks Mickaël, >>>> >>>> I think I will try with JPA - to store generated otp's in sql db and >>>> see what happens. I'm not sure that will solve it but it's worth a try. >>>> >>>> Would you share your cas.properties so that I can compare >>>> configurations if possible? >>>> >>>> Kind Regards >>>> Jeremy >>>> >>>> On Friday, 22 February 2019 14:01:32 UTC+2, Mickaël wrote: >>>>> >>>>> andOTP is the name of the app I'm use. It is opensource. >>>>> >>>>> Regards, >>>>> >>>>> Mickaël >>>>> >>>>> Le ven. 22 févr. 2019 à 12:14, Jeremy Van Rooyen <[email protected]> >>>>> a écrit : >>>>> >>>>>> I see your email was cut off :-) >>>>>> >>>>>> You are using what and OTP? >>>>>> >>>>>> Kind Regards >>>>>> Jeremy >>>>>> >>>>>> On Friday, 22 February 2019 12:45:10 UTC+2, Mickaël wrote: >>>>>>> >>>>>>> No problem. >>>>>>> >>>>>>> Have you test with another app? I'm using andOTP but I don't think >>>>>>> the problem is here. >>>>>>> >>>>>>> Sincerely, >>>>>>> >>>>>>> Mickaël >>>>>>> >>>>>>> Le ven. 22 févr. 2019 à 11:39, Jeremy Van Rooyen < >>>>>>> [email protected]> a écrit : >>>>>>> >>>>>>>> Apologies Mickaël, >>>>>>>> >>>>>>>> The webapp server and my smartphone's time is the same yes. >>>>>>>> >>>>>>>> Kind Regards >>>>>>>> Jeremy >>>>>>>> >>>>>>>> On Friday, 22 February 2019 10:44:11 UTC+2, Mickaël wrote: >>>>>>>>> >>>>>>>>> Jeremy, you don't tell me if the webapp server is at the good time >>>>>>>>> and your smartphone too. >>>>>>>>> Token are time based, so if one of the device has not the good >>>>>>>>> time, you will have problems. >>>>>>>>> >>>>>>>>> Sincerely, >>>>>>>>> >>>>>>>>> Mickaël >>>>>>>>> >>>>>>>>> Le ven. 22 févr. 2019 à 08:45, Jeremy Van Rooyen < >>>>>>>>> [email protected]> a écrit : >>>>>>>>> >>>>>>>>>> Thanks for your feedback Mickaël, >>>>>>>>>> >>>>>>>>>> For the second part I'm presented by the qrcode and 5 scratch >>>>>>>>>> codes. When I scan the qrcode my Google Authenticator app on phone >>>>>>>>>> accepts >>>>>>>>>> it. >>>>>>>>>> >>>>>>>>>> Then I click on register and enter the token displayed by the >>>>>>>>>> Google Authenticator app and it says --> "*Credentials are >>>>>>>>>> rejected/invalid and authentication attempt has failed.*" >>>>>>>>>> >>>>>>>>>> This is what I see in the CAS log file: >>>>>>>>>> >>>>>>>>>> *DEBUG >>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>>> <Attempting to authenticate credential >>>>>>>>>> [OneTimeTokenCredential(token=420195)]>* >>>>>>>>>> *DEBUG >>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>>> <Attempting authentication of [420195] using >>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler]>* >>>>>>>>>> *DEBUG >>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>> - >>>>>>>>>> <Received OTP [420195]>* >>>>>>>>>> *DEBUG >>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>> - >>>>>>>>>> <Received principal id [jeremy]. Attempting to locate account in >>>>>>>>>> credential >>>>>>>>>> repository...>* >>>>>>>>>> *DEBUG >>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>> - >>>>>>>>>> <Attempting to locate OTP token [420195] in token repository for >>>>>>>>>> [jeremy]...>* >>>>>>>>>> *DEBUG >>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>> - >>>>>>>>>> <Attempting to authorize OTP token [420195]...>* >>>>>>>>>> * WARN >>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>> - >>>>>>>>>> <Authorization of OTP token [420195] has failed>* >>>>>>>>>> >>>>>>>>>> It sounds to me that when I use the scratch codes it is stored in >>>>>>>>>> the mongodb and can be found in the token repository (stored in db), >>>>>>>>>> but >>>>>>>>>> not for the tokens used on Google Authenticator app? Not sure if my >>>>>>>>>> understanding is correct? >>>>>>>>>> >>>>>>>>>> Thanks in advance >>>>>>>>>> Jeremy >>>>>>>>>> >>>>>>>>>> On Thursday, 21 February 2019 16:50:42 UTC+2, Mickaël wrote: >>>>>>>>>>> >>>>>>>>>>> Yes Jeremy, that's what I mean. >>>>>>>>>>> I'm using JPA for my service registry and the CAS manager webapp >>>>>>>>>>> but it is the same way. >>>>>>>>>>> >>>>>>>>>>> For the second part, are you invited to enter your token code >>>>>>>>>>> displayed by your Google authenticator app? >>>>>>>>>>> >>>>>>>>>>> If it doesn't work, perhaps your server is not at the good time. >>>>>>>>>>> NTP can help you to fix it. >>>>>>>>>>> >>>>>>>>>>> Sincerely, >>>>>>>>>>> >>>>>>>>>>> Mickaël >>>>>>>>>>> >>>>>>>>>>> Le jeu. 21 févr. 2019 à 13:53, Jeremy Van Rooyen < >>>>>>>>>>> [email protected]> a écrit : >>>>>>>>>>> >>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>> >>>>>>>>>>>> On Thursday, 21 February 2019 14:01:17 UTC+2, Mickaël wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Hi Jeremy, >>>>>>>>>>>>> >>>>>>>>>>>>> It is a great news about the scratch codes. >>>>>>>>>>>>> >>>>>>>>>>>>> I'm not sure to understand your question about qrcode. To >>>>>>>>>>>>> register a device, it is possible and required when a service is >>>>>>>>>>>>> registered >>>>>>>>>>>>> on your CAS with "Google Authentication" as MFA. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Do you mean that the service "Google Authentication" as MFA >>>>>>>>>>>> must be registered under the services configuration in json format? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> So, at the first login without a registered device, user will >>>>>>>>>>>>> be ask to scan the qrcode on the screen and save (or print) the >>>>>>>>>>>>> scratch >>>>>>>>>>>>> codes. After clilk on the next button, user should enter is token >>>>>>>>>>>>> in the >>>>>>>>>>>>> field to finish the registration and be redirected to the service. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> This is what happens exactly the way you explain it here. So >>>>>>>>>>>> when I scan the qrcode with my phone it does not take the codes >>>>>>>>>>>> generated >>>>>>>>>>>> on the Google Authenticator app. It however does take the on >>>>>>>>>>>> screen codes. >>>>>>>>>>>> >>>>>>>>>>>> I hope this clears up my question? >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Does it answer to your question Jeremy ? >>>>>>>>>>>>> >>>>>>>>>>>>> My own question about this system, how to unregistered a >>>>>>>>>>>>> device in case of change of device or loss ? I don't know URL to >>>>>>>>>>>>> do that... >>>>>>>>>>>>> >>>>>>>>>>>>> Sincerely, >>>>>>>>>>>>> >>>>>>>>>>>>> Mickaël >>>>>>>>>>>>> >>>>>>>>>>>>> Le jeudi 21 février 2019 11:32:54 UTC+1, Jeremy Van Rooyen a >>>>>>>>>>>>> écrit : >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks for your reply. >>>>>>>>>>>>>> >>>>>>>>>>>>>> So after playing around a bit more it seems like the on >>>>>>>>>>>>>> screen scratch codes is being stored in the mongodb and using >>>>>>>>>>>>>> that it >>>>>>>>>>>>>> allows me to authenticate perfectly. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The next question is how would one register via the qrcode >>>>>>>>>>>>>> using the Google Authenticator app on phone? Or am I not >>>>>>>>>>>>>> understanding >>>>>>>>>>>>>> something? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Kind Regards >>>>>>>>>>>>>> Jeremy >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tuesday, 19 February 2019 10:30:29 UTC+2, Mickaël wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Are you sure there is anything register in your Mongo >>>>>>>>>>>>>>> database ? Scratch codes and token are store in DB for each >>>>>>>>>>>>>>> user in 2 >>>>>>>>>>>>>>> different tables. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It is strange to see that, normally "WHO" is the user, not >>>>>>>>>>>>>>> the token : >>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> For information, I am using gauth with MariaDB without any >>>>>>>>>>>>>>> issue. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Le jeudi 15 février 2018 09:53:52 UTC+1, Janina Byky a >>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I'm trying to setup CAS 5.2.2 with Google Authenticator as >>>>>>>>>>>>>>>> second auth factor for specified services. CAS is running over >>>>>>>>>>>>>>>> LDAP (AD) >>>>>>>>>>>>>>>> and GAuth based on mongo. So far everything was great, build >>>>>>>>>>>>>>>> succeed, GAuth >>>>>>>>>>>>>>>> qrcode appears, user registers and now it's time for TOKEN >>>>>>>>>>>>>>>> form. I'm typing >>>>>>>>>>>>>>>> all scratch codes and those generated by Google Authenticator, >>>>>>>>>>>>>>>> but every >>>>>>>>>>>>>>>> single attempt is unsuccessful. Also there's no collection >>>>>>>>>>>>>>>> created to store >>>>>>>>>>>>>>>> tokens in mongo. Only GAuthRepository is created with proper >>>>>>>>>>>>>>>> values of >>>>>>>>>>>>>>>> registered users. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> *cas.properties* >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.accept.users= >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.ldap[0].order=0 >>>>>>>>>>>>>>>> cas.authn.ldap[0].type=AUTHENTICATED >>>>>>>>>>>>>>>> cas.authn.ldap[0].ldapUrl={CUT} >>>>>>>>>>>>>>>> cas.authn.ldap[0].connectionStrategy=DEFAULT >>>>>>>>>>>>>>>> cas.authn.ldap[0].useSsl=true >>>>>>>>>>>>>>>> cas.authn.ldap[0].connectTimeout=15000 >>>>>>>>>>>>>>>> cas.authn.ldap[0].subtreeSearch=true >>>>>>>>>>>>>>>> cas.authn.ldap[0].baseDn={CUT} >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(userPrincipalName={user})) >>>>>>>>>>>>>>>> cas.authn.ldap[0].bindDn={CUT} >>>>>>>>>>>>>>>> cas.authn.ldap[0].bindCredential={CUT} >>>>>>>>>>>>>>>> cas.authn.ldap[0].enhanceWithEntryResolver=true >>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeId=sAMAccountName >>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributePassword= >>>>>>>>>>>>>>>> cas.authn.ldap[0].usePasswordPolicy=true >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,sAMAccountName,memberOf >>>>>>>>>>>>>>>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >>>>>>>>>>>>>>>> cas.authn.ldap[0].poolPassivator=NONE >>>>>>>>>>>>>>>> cas.authn.ldap[0].minPoolSize=2 >>>>>>>>>>>>>>>> cas.authn.ldap[0].maxPoolSize=15 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.mfa.globalProviderId=mfa-gauth >>>>>>>>>>>>>>>> cas.authn.mfa.globalFailureMode=CLOSED >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.issuer=TEST >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.codeDigits=6 >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.timeStepSize=60 >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.windowSize=3 >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.label=TEST >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.rank=0 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.enabled=true >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.bypass.type=DEFAULT >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.clientUri=${mongo.uri} >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.dropCollection=false >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.collection=GAuthRepository >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.tokenCollection=GoogleAuthenticatorMongoDbTokenRepository >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> *pom.xml* >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <artifactId>cas-server-webapp${app.server}</artifactId> >>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>> <type>war</type> >>>>>>>>>>>>>>>> <scope>runtime</scope> >>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>> <artifactId>cas-server-support-ldap</artifactId> >>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>> <artifactId>cas-server-support-saml</artifactId> >>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth</artifactId> >>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth-mongo</artifactId> >>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> *catalina.log* >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,952 DEBUG >>>>>>>>>>>>>>>> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> - <Authentication handlers used for this transaction are >>>>>>>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler,LdapAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,953 DEBUG >>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>> <Received OTP [*253227*]> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,954 DEBUG >>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>> <Received principal id *[j.byky*]> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,970 DEBUG >>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>> <[GoogleAuthenticatorAuthenticationHandler] exception details: >>>>>>>>>>>>>>>> [Failed to >>>>>>>>>>>>>>>> authenticate code *253227*].> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,971 DEBUG >>>>>>>>>>>>>>>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> - <Credential is not one of username/password and is not >>>>>>>>>>>>>>>> accepted by >>>>>>>>>>>>>>>> handler [LdapAuthenticationHandler]> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,972 ERROR >>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>> - <*Authentication >>>>>>>>>>>>>>>> has failed. Credentials may be incorrect or CAS cannot find >>>>>>>>>>>>>>>> authentication >>>>>>>>>>>>>>>> handler that supports [[token=253227]] of type >>>>>>>>>>>>>>>> [GoogleAuthenticatorTokenCredential]*.> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,976 INFO >>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_SUCCESS >>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,978 ERROR >>>>>>>>>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] >>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>> <1 errors, 0 successes> >>>>>>>>>>>>>>>> org.apereo.cas.authentication.AuthenticationException: 1 >>>>>>>>>>>>>>>> errors, 0 successes >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:400) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:380) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:220) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[inspektr-audit-1.8.0.GA.jar:1.8.0.GA] >>>>>>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>>>>>>>>>>>>>>> Method) ~[?:1.8.0_162] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>> ... >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2018-02-15 09:31:13,982 INFO >>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>> WHO: *253227* >>>>>>>>>>>>>>>> WHAT: [event=error,timestamp=Thu Feb 15 09:31:13 CET >>>>>>>>>>>>>>>> 2018,source=OneTimeTokenAuthenticationWebflowEventResolver] >>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_EVENT_TRIGGERED >>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Can anybody tell me what I'm missing? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>> --- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org >>>>>>>>>>>> >>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>> . >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>> --- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org >>>>>>>>>> >>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> -- >>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "CAS Community" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org >>>>>>>> >>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org >>>>>> >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ae31439-0dcc-410e-a570-9d1baa395ecf%40apereo.org.
