Hi Mickaël, I'm not sure what you mean by policy. I do have "[TEST]" as gauth issuer.
See below: *cas.authn.mfa.gauth.issuer=TEST* *cas.authn.mfa.gauth.codeDigits=6* *cas.authn.mfa.gauth.timeStepSize=60* *cas.authn.mfa.gauth.windowSize=3* *cas.authn.mfa.gauth.label=TEST* *cas.authn.mfa.gauth.rank=0* *cas.authn.mfa.gauth.name=TEST* *cas.authn.mfa.gauth.bypass.type=DEFAULT* I use AD as my auth method. Kind Regards Jeremy On Monday, 4 March 2019 17:55:10 UTC+2, Mickaël wrote: > > Jeremy, have you a policy named *[TEST] *? > What is your auth method ? LDAP, database, AD, other ? > > Sincerely, > > Mickaël > > Le lundi 4 mars 2019 11:09:18 UTC+1, Jeremy Van Rooyen a écrit : >> >> Thank you for your feedback Mickaël, much appreciated. >> >> I configured cas to use mariadb as mentioned below and I still get the >> same issue as with mongodb. >> >> Time on my server and app is exactly the same. >> >> Its very strange though, scratch codes works fine but not generated OTP >> on Google Authenticator app after scanning the QR code. >> >> This is the error that I get: >> >> *[org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >> - <Authorization of OTP token [359062] has failed>* >> *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <Authentication has failed. Credentials may be incorrect or CAS cannot find >> authentication handler that supports [OneTimeTokenCredential(* >> *token=359062)] of type [GoogleAuthenticatorTokenCredential]. Examine the >> configuration to ensure a method of authentication is defined and analyze >> CAS logs at DEBUG level to trace the authentication event.>* >> *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <[TEST] exception details: [Failed to authenticate code 359062].>* >> *[org.apereo.cas.authentication.DefaultAuthenticationBuilder] - >> <Recording authentication handler failure under key [TEST]>* >> >> I'm not sure what I'm missing at all :-( >> >> Kind Regards >> Jeremy >> >> On Monday, 4 March 2019 09:36:12 UTC+2, Mickaël wrote: >>> >>> Hi Jeremy, >>> >>> This is an extract for configuring CAS to use gauth with my server >>> MySQL. This server is a MariaDB server on Debian 9. >>> The encryption key and signing key are generated at each start of the >>> CAS server and sent to the log file catalina.out You can start it one time >>> and copy/paste to your configuration file for the next startup. >>> >>> cas.authn.mfa.gauth.crypto.encryption.key=XXXXXX >>> cas.authn.mfa.gauth.crypto.signing.key=XXXXXXX >>> cas.authn.mfa.gauth.issuer="Name of your service" >>> cas.authn.mfa.gauth.label="Something that describe the service" >>> cas.authn.mfa.gauth.jpa.autocommit=true >>> cas.authn.mfa.gauth.jpa.dialect=org.hibernate.dialect.MySQL5Dialect >>> cas.authn.mfa.gauth.jpa.ddlAuto=update >>> cas.authn.mfa.gauth.jpa.driverClass=com.mysql.cj.jdbc.Driver >>> cas.authn.mfa.gauth.jpa.healthQuery=SELECT 1 FROM >>> INFORMATION_SCHEMA.SYSTEM_VARIABLES >>> cas.authn.mfa.gauth.jpa.password=YOUR_BDD_PASSWORD >>> >>> cas.authn.mfa.gauth.jpa.url=jdbc:mysql://BDD_SERVER:3306/DATABASE_TO_STORE?serverTimezone=Europe/Paris >>> cas.authn.mfa.gauth.jpa.user=YOUR_BDD_USER >>> >>> Sincerely, Mickaël >>> >>> Le ven. 1 mars 2019 à 08:55, Jeremy Van Rooyen <[email protected]> a >>> écrit : >>> >>>> Hi Mickaël, >>>> >>>> Can you give me some guidance on the gauth-jpa configuration in the >>>> cas.properties file if possible? >>>> >>>> Much appreciated. >>>> >>>> Jeremy >>>> >>>> On Friday, 22 February 2019 15:53:22 UTC+2, Jeremy Van Rooyen wrote: >>>>> >>>>> Thanks Mickaël, >>>>> >>>>> I think I will try with JPA - to store generated otp's in sql db and >>>>> see what happens. I'm not sure that will solve it but it's worth a try. >>>>> >>>>> Would you share your cas.properties so that I can compare >>>>> configurations if possible? >>>>> >>>>> Kind Regards >>>>> Jeremy >>>>> >>>>> On Friday, 22 February 2019 14:01:32 UTC+2, Mickaël wrote: >>>>>> >>>>>> andOTP is the name of the app I'm use. It is opensource. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Mickaël >>>>>> >>>>>> Le ven. 22 févr. 2019 à 12:14, Jeremy Van Rooyen <[email protected]> >>>>>> a écrit : >>>>>> >>>>>>> I see your email was cut off :-) >>>>>>> >>>>>>> You are using what and OTP? >>>>>>> >>>>>>> Kind Regards >>>>>>> Jeremy >>>>>>> >>>>>>> On Friday, 22 February 2019 12:45:10 UTC+2, Mickaël wrote: >>>>>>>> >>>>>>>> No problem. >>>>>>>> >>>>>>>> Have you test with another app? I'm using andOTP but I don't think >>>>>>>> the problem is here. >>>>>>>> >>>>>>>> Sincerely, >>>>>>>> >>>>>>>> Mickaël >>>>>>>> >>>>>>>> Le ven. 22 févr. 2019 à 11:39, Jeremy Van Rooyen < >>>>>>>> [email protected]> a écrit : >>>>>>>> >>>>>>>>> Apologies Mickaël, >>>>>>>>> >>>>>>>>> The webapp server and my smartphone's time is the same yes. >>>>>>>>> >>>>>>>>> Kind Regards >>>>>>>>> Jeremy >>>>>>>>> >>>>>>>>> On Friday, 22 February 2019 10:44:11 UTC+2, Mickaël wrote: >>>>>>>>>> >>>>>>>>>> Jeremy, you don't tell me if the webapp server is at the good >>>>>>>>>> time and your smartphone too. >>>>>>>>>> Token are time based, so if one of the device has not the good >>>>>>>>>> time, you will have problems. >>>>>>>>>> >>>>>>>>>> Sincerely, >>>>>>>>>> >>>>>>>>>> Mickaël >>>>>>>>>> >>>>>>>>>> Le ven. 22 févr. 2019 à 08:45, Jeremy Van Rooyen < >>>>>>>>>> [email protected]> a écrit : >>>>>>>>>> >>>>>>>>>>> Thanks for your feedback Mickaël, >>>>>>>>>>> >>>>>>>>>>> For the second part I'm presented by the qrcode and 5 scratch >>>>>>>>>>> codes. When I scan the qrcode my Google Authenticator app on phone >>>>>>>>>>> accepts >>>>>>>>>>> it. >>>>>>>>>>> >>>>>>>>>>> Then I click on register and enter the token displayed by the >>>>>>>>>>> Google Authenticator app and it says --> "*Credentials are >>>>>>>>>>> rejected/invalid and authentication attempt has failed.*" >>>>>>>>>>> >>>>>>>>>>> This is what I see in the CAS log file: >>>>>>>>>>> >>>>>>>>>>> *DEBUG >>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>>>> <Attempting to authenticate credential >>>>>>>>>>> [OneTimeTokenCredential(token=420195)]>* >>>>>>>>>>> *DEBUG >>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>>>> <Attempting authentication of [420195] using >>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler]>* >>>>>>>>>>> *DEBUG >>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>> - >>>>>>>>>>> <Received OTP [420195]>* >>>>>>>>>>> *DEBUG >>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>> - >>>>>>>>>>> <Received principal id [jeremy]. Attempting to locate account in >>>>>>>>>>> credential >>>>>>>>>>> repository...>* >>>>>>>>>>> *DEBUG >>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>> - >>>>>>>>>>> <Attempting to locate OTP token [420195] in token repository for >>>>>>>>>>> [jeremy]...>* >>>>>>>>>>> *DEBUG >>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>> - >>>>>>>>>>> <Attempting to authorize OTP token [420195]...>* >>>>>>>>>>> * WARN >>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>> - >>>>>>>>>>> <Authorization of OTP token [420195] has failed>* >>>>>>>>>>> >>>>>>>>>>> It sounds to me that when I use the scratch codes it is stored >>>>>>>>>>> in the mongodb and can be found in the token repository (stored in >>>>>>>>>>> db), but >>>>>>>>>>> not for the tokens used on Google Authenticator app? Not sure if my >>>>>>>>>>> understanding is correct? >>>>>>>>>>> >>>>>>>>>>> Thanks in advance >>>>>>>>>>> Jeremy >>>>>>>>>>> >>>>>>>>>>> On Thursday, 21 February 2019 16:50:42 UTC+2, Mickaël wrote: >>>>>>>>>>>> >>>>>>>>>>>> Yes Jeremy, that's what I mean. >>>>>>>>>>>> I'm using JPA for my service registry and the CAS manager >>>>>>>>>>>> webapp but it is the same way. >>>>>>>>>>>> >>>>>>>>>>>> For the second part, are you invited to enter your token code >>>>>>>>>>>> displayed by your Google authenticator app? >>>>>>>>>>>> >>>>>>>>>>>> If it doesn't work, perhaps your server is not at the good >>>>>>>>>>>> time. NTP can help you to fix it. >>>>>>>>>>>> >>>>>>>>>>>> Sincerely, >>>>>>>>>>>> >>>>>>>>>>>> Mickaël >>>>>>>>>>>> >>>>>>>>>>>> Le jeu. 21 févr. 2019 à 13:53, Jeremy Van Rooyen < >>>>>>>>>>>> [email protected]> a écrit : >>>>>>>>>>>> >>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>> >>>>>>>>>>>>> On Thursday, 21 February 2019 14:01:17 UTC+2, Mickaël wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Jeremy, >>>>>>>>>>>>>> >>>>>>>>>>>>>> It is a great news about the scratch codes. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'm not sure to understand your question about qrcode. To >>>>>>>>>>>>>> register a device, it is possible and required when a service is >>>>>>>>>>>>>> registered >>>>>>>>>>>>>> on your CAS with "Google Authentication" as MFA. >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Do you mean that the service "Google Authentication" as MFA >>>>>>>>>>>>> must be registered under the services configuration in json >>>>>>>>>>>>> format? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> So, at the first login without a registered device, user will >>>>>>>>>>>>>> be ask to scan the qrcode on the screen and save (or print) the >>>>>>>>>>>>>> scratch >>>>>>>>>>>>>> codes. After clilk on the next button, user should enter is >>>>>>>>>>>>>> token in the >>>>>>>>>>>>>> field to finish the registration and be redirected to the >>>>>>>>>>>>>> service. >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> This is what happens exactly the way you explain it here. So >>>>>>>>>>>>> when I scan the qrcode with my phone it does not take the codes >>>>>>>>>>>>> generated >>>>>>>>>>>>> on the Google Authenticator app. It however does take the on >>>>>>>>>>>>> screen codes. >>>>>>>>>>>>> >>>>>>>>>>>>> I hope this clears up my question? >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Does it answer to your question Jeremy ? >>>>>>>>>>>>>> >>>>>>>>>>>>>> My own question about this system, how to unregistered a >>>>>>>>>>>>>> device in case of change of device or loss ? I don't know URL to >>>>>>>>>>>>>> do that... >>>>>>>>>>>>>> >>>>>>>>>>>>>> Sincerely, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>> >>>>>>>>>>>>>> Le jeudi 21 février 2019 11:32:54 UTC+1, Jeremy Van Rooyen a >>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks for your reply. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> So after playing around a bit more it seems like the on >>>>>>>>>>>>>>> screen scratch codes is being stored in the mongodb and using >>>>>>>>>>>>>>> that it >>>>>>>>>>>>>>> allows me to authenticate perfectly. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The next question is how would one register via the qrcode >>>>>>>>>>>>>>> using the Google Authenticator app on phone? Or am I not >>>>>>>>>>>>>>> understanding >>>>>>>>>>>>>>> something? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Kind Regards >>>>>>>>>>>>>>> Jeremy >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tuesday, 19 February 2019 10:30:29 UTC+2, Mickaël wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Are you sure there is anything register in your Mongo >>>>>>>>>>>>>>>> database ? Scratch codes and token are store in DB for each >>>>>>>>>>>>>>>> user in 2 >>>>>>>>>>>>>>>> different tables. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> It is strange to see that, normally "WHO" is the user, not >>>>>>>>>>>>>>>> the token : >>>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> For information, I am using gauth with MariaDB without any >>>>>>>>>>>>>>>> issue. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Le jeudi 15 février 2018 09:53:52 UTC+1, Janina Byky a >>>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I'm trying to setup CAS 5.2.2 with Google Authenticator as >>>>>>>>>>>>>>>>> second auth factor for specified services. CAS is running >>>>>>>>>>>>>>>>> over LDAP (AD) >>>>>>>>>>>>>>>>> and GAuth based on mongo. So far everything was great, build >>>>>>>>>>>>>>>>> succeed, GAuth >>>>>>>>>>>>>>>>> qrcode appears, user registers and now it's time for TOKEN >>>>>>>>>>>>>>>>> form. I'm typing >>>>>>>>>>>>>>>>> all scratch codes and those generated by Google >>>>>>>>>>>>>>>>> Authenticator, but every >>>>>>>>>>>>>>>>> single attempt is unsuccessful. Also there's no collection >>>>>>>>>>>>>>>>> created to store >>>>>>>>>>>>>>>>> tokens in mongo. Only GAuthRepository is created with proper >>>>>>>>>>>>>>>>> values of >>>>>>>>>>>>>>>>> registered users. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> *cas.properties* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.accept.users= >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.ldap[0].order=0 >>>>>>>>>>>>>>>>> cas.authn.ldap[0].type=AUTHENTICATED >>>>>>>>>>>>>>>>> cas.authn.ldap[0].ldapUrl={CUT} >>>>>>>>>>>>>>>>> cas.authn.ldap[0].connectionStrategy=DEFAULT >>>>>>>>>>>>>>>>> cas.authn.ldap[0].useSsl=true >>>>>>>>>>>>>>>>> cas.authn.ldap[0].connectTimeout=15000 >>>>>>>>>>>>>>>>> cas.authn.ldap[0].subtreeSearch=true >>>>>>>>>>>>>>>>> cas.authn.ldap[0].baseDn={CUT} >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(userPrincipalName={user})) >>>>>>>>>>>>>>>>> cas.authn.ldap[0].bindDn={CUT} >>>>>>>>>>>>>>>>> cas.authn.ldap[0].bindCredential={CUT} >>>>>>>>>>>>>>>>> cas.authn.ldap[0].enhanceWithEntryResolver=true >>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeId=sAMAccountName >>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributePassword= >>>>>>>>>>>>>>>>> cas.authn.ldap[0].usePasswordPolicy=true >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,sAMAccountName,memberOf >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >>>>>>>>>>>>>>>>> cas.authn.ldap[0].poolPassivator=NONE >>>>>>>>>>>>>>>>> cas.authn.ldap[0].minPoolSize=2 >>>>>>>>>>>>>>>>> cas.authn.ldap[0].maxPoolSize=15 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.mfa.globalProviderId=mfa-gauth >>>>>>>>>>>>>>>>> cas.authn.mfa.globalFailureMode=CLOSED >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.issuer=TEST >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.codeDigits=6 >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.timeStepSize=60 >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.windowSize=3 >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.label=TEST >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.rank=0 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.enabled=true >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.bypass.type=DEFAULT >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.clientUri=${mongo.uri} >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.dropCollection=false >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.collection=GAuthRepository >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.tokenCollection=GoogleAuthenticatorMongoDbTokenRepository >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> *pom.xml* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <artifactId>cas-server-webapp${app.server}</artifactId> >>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>> <type>war</type> >>>>>>>>>>>>>>>>> <scope>runtime</scope> >>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <artifactId>cas-server-support-ldap</artifactId> >>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <artifactId>cas-server-support-saml</artifactId> >>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth</artifactId> >>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth-mongo</artifactId> >>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> *catalina.log* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,952 DEBUG >>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> - <Authentication handlers used for this transaction are >>>>>>>>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler,LdapAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,953 DEBUG >>>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>> <Received OTP [*253227*]> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,954 DEBUG >>>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>> <Received principal id *[j.byky*]> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,970 DEBUG >>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>> <[GoogleAuthenticatorAuthenticationHandler] exception >>>>>>>>>>>>>>>>> details: [Failed to >>>>>>>>>>>>>>>>> authenticate code *253227*].> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,971 DEBUG >>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> - <Credential is not one of username/password and is not >>>>>>>>>>>>>>>>> accepted by >>>>>>>>>>>>>>>>> handler [LdapAuthenticationHandler]> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,972 ERROR >>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>>> - <*Authentication >>>>>>>>>>>>>>>>> has failed. Credentials may be incorrect or CAS cannot find >>>>>>>>>>>>>>>>> authentication >>>>>>>>>>>>>>>>> handler that supports [[token=253227]] of type >>>>>>>>>>>>>>>>> [GoogleAuthenticatorTokenCredential]*.> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,976 INFO >>>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_SUCCESS >>>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,978 ERROR >>>>>>>>>>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] >>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>> <1 errors, 0 successes> >>>>>>>>>>>>>>>>> org.apereo.cas.authentication.AuthenticationException: 1 >>>>>>>>>>>>>>>>> errors, 0 successes >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:400) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:380) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:220) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[inspektr-audit-1.8.0.GA.jar:1.8.0.GA] >>>>>>>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>>>>>>>>>>>>>>>> Method) ~[?:1.8.0_162] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>> ... >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,982 INFO >>>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>> WHO: *253227* >>>>>>>>>>>>>>>>> WHAT: [event=error,timestamp=Thu Feb 15 09:31:13 CET >>>>>>>>>>>>>>>>> 2018,source=OneTimeTokenAuthenticationWebflowEventResolver] >>>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_EVENT_TRIGGERED >>>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Can anybody tell me what I'm missing? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>>> --- >>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org >>>>>>>>>>>>> >>>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>>> . >>>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org >>>>>>>>>>> >>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "CAS Community" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org >>>>>>> >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9f00129-93e7-41f4-95c2-95f63937830f%40apereo.org.
