Hi Jeremy, "Policy" is the word used in the logs you pasted.
Just a question, authentification works without gauth ? Sincerely, Mickaël Le mardi 5 mars 2019 10:36:57 UTC+1, Jeremy Van Rooyen a écrit : > > Hi Mickaël, > > I'm not sure what you mean by policy. I do have "[TEST]" as gauth issuer. > > See below: > > *cas.authn.mfa.gauth.issuer=TEST* > *cas.authn.mfa.gauth.codeDigits=6* > *cas.authn.mfa.gauth.timeStepSize=60* > *cas.authn.mfa.gauth.windowSize=3* > *cas.authn.mfa.gauth.label=TEST* > *cas.authn.mfa.gauth.rank=0* > *cas.authn.mfa.gauth.name <http://cas.authn.mfa.gauth.name>=TEST* > > *cas.authn.mfa.gauth.bypass.type=DEFAULT* > > I use AD as my auth method. > > Kind Regards > Jeremy > > > On Monday, 4 March 2019 17:55:10 UTC+2, Mickaël wrote: >> >> Jeremy, have you a policy named *[TEST] *? >> What is your auth method ? LDAP, database, AD, other ? >> >> Sincerely, >> >> Mickaël >> >> Le lundi 4 mars 2019 11:09:18 UTC+1, Jeremy Van Rooyen a écrit : >>> >>> Thank you for your feedback Mickaël, much appreciated. >>> >>> I configured cas to use mariadb as mentioned below and I still get the >>> same issue as with mongodb. >>> >>> Time on my server and app is exactly the same. >>> >>> Its very strange though, scratch codes works fine but not generated OTP >>> on Google Authenticator app after scanning the QR code. >>> >>> This is the error that I get: >>> >>> *[org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>> - <Authorization of OTP token [359062] has failed>* >>> *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>> <Authentication has failed. Credentials may be incorrect or CAS cannot find >>> authentication handler that supports [OneTimeTokenCredential(* >>> *token=359062)] of type [GoogleAuthenticatorTokenCredential]. Examine >>> the configuration to ensure a method of authentication is defined and >>> analyze CAS logs at DEBUG level to trace the authentication event.>* >>> *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>> <[TEST] exception details: [Failed to authenticate code 359062].>* >>> *[org.apereo.cas.authentication.DefaultAuthenticationBuilder] - >>> <Recording authentication handler failure under key [TEST]>* >>> >>> I'm not sure what I'm missing at all :-( >>> >>> Kind Regards >>> Jeremy >>> >>> On Monday, 4 March 2019 09:36:12 UTC+2, Mickaël wrote: >>>> >>>> Hi Jeremy, >>>> >>>> This is an extract for configuring CAS to use gauth with my server >>>> MySQL. This server is a MariaDB server on Debian 9. >>>> The encryption key and signing key are generated at each start of the >>>> CAS server and sent to the log file catalina.out You can start it one time >>>> and copy/paste to your configuration file for the next startup. >>>> >>>> cas.authn.mfa.gauth.crypto.encryption.key=XXXXXX >>>> cas.authn.mfa.gauth.crypto.signing.key=XXXXXXX >>>> cas.authn.mfa.gauth.issuer="Name of your service" >>>> cas.authn.mfa.gauth.label="Something that describe the service" >>>> cas.authn.mfa.gauth.jpa.autocommit=true >>>> cas.authn.mfa.gauth.jpa.dialect=org.hibernate.dialect.MySQL5Dialect >>>> cas.authn.mfa.gauth.jpa.ddlAuto=update >>>> cas.authn.mfa.gauth.jpa.driverClass=com.mysql.cj.jdbc.Driver >>>> cas.authn.mfa.gauth.jpa.healthQuery=SELECT 1 FROM >>>> INFORMATION_SCHEMA.SYSTEM_VARIABLES >>>> cas.authn.mfa.gauth.jpa.password=YOUR_BDD_PASSWORD >>>> >>>> cas.authn.mfa.gauth.jpa.url=jdbc:mysql://BDD_SERVER:3306/DATABASE_TO_STORE?serverTimezone=Europe/Paris >>>> cas.authn.mfa.gauth.jpa.user=YOUR_BDD_USER >>>> >>>> Sincerely, Mickaël >>>> >>>> Le ven. 1 mars 2019 à 08:55, Jeremy Van Rooyen <[email protected]> a >>>> écrit : >>>> >>>>> Hi Mickaël, >>>>> >>>>> Can you give me some guidance on the gauth-jpa configuration in the >>>>> cas.properties file if possible? >>>>> >>>>> Much appreciated. >>>>> >>>>> Jeremy >>>>> >>>>> On Friday, 22 February 2019 15:53:22 UTC+2, Jeremy Van Rooyen wrote: >>>>>> >>>>>> Thanks Mickaël, >>>>>> >>>>>> I think I will try with JPA - to store generated otp's in sql db and >>>>>> see what happens. I'm not sure that will solve it but it's worth a try. >>>>>> >>>>>> Would you share your cas.properties so that I can compare >>>>>> configurations if possible? >>>>>> >>>>>> Kind Regards >>>>>> Jeremy >>>>>> >>>>>> On Friday, 22 February 2019 14:01:32 UTC+2, Mickaël wrote: >>>>>>> >>>>>>> andOTP is the name of the app I'm use. It is opensource. >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Mickaël >>>>>>> >>>>>>> Le ven. 22 févr. 2019 à 12:14, Jeremy Van Rooyen < >>>>>>> [email protected]> a écrit : >>>>>>> >>>>>>>> I see your email was cut off :-) >>>>>>>> >>>>>>>> You are using what and OTP? >>>>>>>> >>>>>>>> Kind Regards >>>>>>>> Jeremy >>>>>>>> >>>>>>>> On Friday, 22 February 2019 12:45:10 UTC+2, Mickaël wrote: >>>>>>>>> >>>>>>>>> No problem. >>>>>>>>> >>>>>>>>> Have you test with another app? I'm using andOTP but I don't think >>>>>>>>> the problem is here. >>>>>>>>> >>>>>>>>> Sincerely, >>>>>>>>> >>>>>>>>> Mickaël >>>>>>>>> >>>>>>>>> Le ven. 22 févr. 2019 à 11:39, Jeremy Van Rooyen < >>>>>>>>> [email protected]> a écrit : >>>>>>>>> >>>>>>>>>> Apologies Mickaël, >>>>>>>>>> >>>>>>>>>> The webapp server and my smartphone's time is the same yes. >>>>>>>>>> >>>>>>>>>> Kind Regards >>>>>>>>>> Jeremy >>>>>>>>>> >>>>>>>>>> On Friday, 22 February 2019 10:44:11 UTC+2, Mickaël wrote: >>>>>>>>>>> >>>>>>>>>>> Jeremy, you don't tell me if the webapp server is at the good >>>>>>>>>>> time and your smartphone too. >>>>>>>>>>> Token are time based, so if one of the device has not the good >>>>>>>>>>> time, you will have problems. >>>>>>>>>>> >>>>>>>>>>> Sincerely, >>>>>>>>>>> >>>>>>>>>>> Mickaël >>>>>>>>>>> >>>>>>>>>>> Le ven. 22 févr. 2019 à 08:45, Jeremy Van Rooyen < >>>>>>>>>>> [email protected]> a écrit : >>>>>>>>>>> >>>>>>>>>>>> Thanks for your feedback Mickaël, >>>>>>>>>>>> >>>>>>>>>>>> For the second part I'm presented by the qrcode and 5 scratch >>>>>>>>>>>> codes. When I scan the qrcode my Google Authenticator app on phone >>>>>>>>>>>> accepts >>>>>>>>>>>> it. >>>>>>>>>>>> >>>>>>>>>>>> Then I click on register and enter the token displayed by the >>>>>>>>>>>> Google Authenticator app and it says --> "*Credentials are >>>>>>>>>>>> rejected/invalid and authentication attempt has failed.*" >>>>>>>>>>>> >>>>>>>>>>>> This is what I see in the CAS log file: >>>>>>>>>>>> >>>>>>>>>>>> *DEBUG >>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>>>>> <Attempting to authenticate credential >>>>>>>>>>>> [OneTimeTokenCredential(token=420195)]>* >>>>>>>>>>>> *DEBUG >>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>>>>>>> <Attempting authentication of [420195] using >>>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler]>* >>>>>>>>>>>> *DEBUG >>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>> - >>>>>>>>>>>> <Received OTP [420195]>* >>>>>>>>>>>> *DEBUG >>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>> - >>>>>>>>>>>> <Received principal id [jeremy]. Attempting to locate account in >>>>>>>>>>>> credential >>>>>>>>>>>> repository...>* >>>>>>>>>>>> *DEBUG >>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>> - >>>>>>>>>>>> <Attempting to locate OTP token [420195] in token repository for >>>>>>>>>>>> [jeremy]...>* >>>>>>>>>>>> *DEBUG >>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>> - >>>>>>>>>>>> <Attempting to authorize OTP token [420195]...>* >>>>>>>>>>>> * WARN >>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>> - >>>>>>>>>>>> <Authorization of OTP token [420195] has failed>* >>>>>>>>>>>> >>>>>>>>>>>> It sounds to me that when I use the scratch codes it is stored >>>>>>>>>>>> in the mongodb and can be found in the token repository (stored in >>>>>>>>>>>> db), but >>>>>>>>>>>> not for the tokens used on Google Authenticator app? Not sure if >>>>>>>>>>>> my >>>>>>>>>>>> understanding is correct? >>>>>>>>>>>> >>>>>>>>>>>> Thanks in advance >>>>>>>>>>>> Jeremy >>>>>>>>>>>> >>>>>>>>>>>> On Thursday, 21 February 2019 16:50:42 UTC+2, Mickaël wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Yes Jeremy, that's what I mean. >>>>>>>>>>>>> I'm using JPA for my service registry and the CAS manager >>>>>>>>>>>>> webapp but it is the same way. >>>>>>>>>>>>> >>>>>>>>>>>>> For the second part, are you invited to enter your token code >>>>>>>>>>>>> displayed by your Google authenticator app? >>>>>>>>>>>>> >>>>>>>>>>>>> If it doesn't work, perhaps your server is not at the good >>>>>>>>>>>>> time. NTP can help you to fix it. >>>>>>>>>>>>> >>>>>>>>>>>>> Sincerely, >>>>>>>>>>>>> >>>>>>>>>>>>> Mickaël >>>>>>>>>>>>> >>>>>>>>>>>>> Le jeu. 21 févr. 2019 à 13:53, Jeremy Van Rooyen < >>>>>>>>>>>>> [email protected]> a écrit : >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Thursday, 21 February 2019 14:01:17 UTC+2, Mickaël wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Jeremy, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It is a great news about the scratch codes. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'm not sure to understand your question about qrcode. To >>>>>>>>>>>>>>> register a device, it is possible and required when a service >>>>>>>>>>>>>>> is registered >>>>>>>>>>>>>>> on your CAS with "Google Authentication" as MFA. >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Do you mean that the service "Google Authentication" as MFA >>>>>>>>>>>>>> must be registered under the services configuration in json >>>>>>>>>>>>>> format? >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> So, at the first login without a registered device, user >>>>>>>>>>>>>>> will be ask to scan the qrcode on the screen and save (or >>>>>>>>>>>>>>> print) the >>>>>>>>>>>>>>> scratch codes. After clilk on the next button, user should >>>>>>>>>>>>>>> enter is token >>>>>>>>>>>>>>> in the field to finish the registration and be redirected to >>>>>>>>>>>>>>> the service. >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> This is what happens exactly the way you explain it here. So >>>>>>>>>>>>>> when I scan the qrcode with my phone it does not take the codes >>>>>>>>>>>>>> generated >>>>>>>>>>>>>> on the Google Authenticator app. It however does take the on >>>>>>>>>>>>>> screen codes. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I hope this clears up my question? >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Does it answer to your question Jeremy ? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> My own question about this system, how to unregistered a >>>>>>>>>>>>>>> device in case of change of device or loss ? I don't know URL >>>>>>>>>>>>>>> to do that... >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Sincerely, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Le jeudi 21 février 2019 11:32:54 UTC+1, Jeremy Van Rooyen a >>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks for your reply. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> So after playing around a bit more it seems like the on >>>>>>>>>>>>>>>> screen scratch codes is being stored in the mongodb and using >>>>>>>>>>>>>>>> that it >>>>>>>>>>>>>>>> allows me to authenticate perfectly. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The next question is how would one register via the qrcode >>>>>>>>>>>>>>>> using the Google Authenticator app on phone? Or am I not >>>>>>>>>>>>>>>> understanding >>>>>>>>>>>>>>>> something? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Kind Regards >>>>>>>>>>>>>>>> Jeremy >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Tuesday, 19 February 2019 10:30:29 UTC+2, Mickaël wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Are you sure there is anything register in your Mongo >>>>>>>>>>>>>>>>> database ? Scratch codes and token are store in DB for each >>>>>>>>>>>>>>>>> user in 2 >>>>>>>>>>>>>>>>> different tables. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> It is strange to see that, normally "WHO" is the user, not >>>>>>>>>>>>>>>>> the token : >>>>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> For information, I am using gauth with MariaDB without any >>>>>>>>>>>>>>>>> issue. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Le jeudi 15 février 2018 09:53:52 UTC+1, Janina Byky a >>>>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I'm trying to setup CAS 5.2.2 with Google Authenticator >>>>>>>>>>>>>>>>>> as second auth factor for specified services. CAS is running >>>>>>>>>>>>>>>>>> over LDAP (AD) >>>>>>>>>>>>>>>>>> and GAuth based on mongo. So far everything was great, build >>>>>>>>>>>>>>>>>> succeed, GAuth >>>>>>>>>>>>>>>>>> qrcode appears, user registers and now it's time for TOKEN >>>>>>>>>>>>>>>>>> form. I'm typing >>>>>>>>>>>>>>>>>> all scratch codes and those generated by Google >>>>>>>>>>>>>>>>>> Authenticator, but every >>>>>>>>>>>>>>>>>> single attempt is unsuccessful. Also there's no collection >>>>>>>>>>>>>>>>>> created to store >>>>>>>>>>>>>>>>>> tokens in mongo. Only GAuthRepository is created with proper >>>>>>>>>>>>>>>>>> values of >>>>>>>>>>>>>>>>>> registered users. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> *cas.properties* >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.accept.users= >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].order=0 >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].type=AUTHENTICATED >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].ldapUrl={CUT} >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].connectionStrategy=DEFAULT >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].useSsl=true >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].connectTimeout=15000 >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].subtreeSearch=true >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].baseDn={CUT} >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(userPrincipalName={user})) >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].bindDn={CUT} >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].bindCredential={CUT} >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].enhanceWithEntryResolver=true >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeId=sAMAccountName >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributePassword= >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].usePasswordPolicy=true >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,sAMAccountName,memberOf >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].poolPassivator=NONE >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].minPoolSize=2 >>>>>>>>>>>>>>>>>> cas.authn.ldap[0].maxPoolSize=15 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.mfa.globalProviderId=mfa-gauth >>>>>>>>>>>>>>>>>> cas.authn.mfa.globalFailureMode=CLOSED >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.issuer=TEST >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.codeDigits=6 >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.timeStepSize=60 >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.windowSize=3 >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.label=TEST >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.rank=0 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.enabled=true >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.bypass.type=DEFAULT >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.clientUri=${mongo.uri} >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.dropCollection=false >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.collection=GAuthRepository >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.tokenCollection=GoogleAuthenticatorMongoDbTokenRepository >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> *pom.xml* >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> <artifactId>cas-server-webapp${app.server}</artifactId> >>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>> <type>war</type> >>>>>>>>>>>>>>>>>> <scope>runtime</scope> >>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-ldap</artifactId> >>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-saml</artifactId> >>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth</artifactId> >>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth-mongo</artifactId> >>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> *catalina.log* >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,952 DEBUG >>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> - <Authentication handlers used for this transaction are >>>>>>>>>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler,LdapAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,953 DEBUG >>>>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>> <Received OTP [*253227*]> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,954 DEBUG >>>>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>> <Received principal id *[j.byky*]> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,970 DEBUG >>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>> <[GoogleAuthenticatorAuthenticationHandler] exception >>>>>>>>>>>>>>>>>> details: [Failed to >>>>>>>>>>>>>>>>>> authenticate code *253227*].> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,971 DEBUG >>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> - <Credential is not one of username/password and is not >>>>>>>>>>>>>>>>>> accepted by >>>>>>>>>>>>>>>>>> handler [LdapAuthenticationHandler]> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,972 ERROR >>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>>>> - <*Authentication >>>>>>>>>>>>>>>>>> has failed. Credentials may be incorrect or CAS cannot find >>>>>>>>>>>>>>>>>> authentication >>>>>>>>>>>>>>>>>> handler that supports [[token=253227]] of type >>>>>>>>>>>>>>>>>> [GoogleAuthenticatorTokenCredential]*.> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,976 INFO >>>>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_SUCCESS >>>>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,978 ERROR >>>>>>>>>>>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] >>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>> <1 errors, 0 successes> >>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.AuthenticationException: 1 >>>>>>>>>>>>>>>>>> errors, 0 successes >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:400) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:380) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:220) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[inspektr-audit-1.8.0.GA.jar:1.8.0.GA] >>>>>>>>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>>>>>>>>>>>>>>>>> Method) ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>> ... >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,982 INFO >>>>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>> WHO: *253227* >>>>>>>>>>>>>>>>>> WHAT: [event=error,timestamp=Thu Feb 15 09:31:13 CET >>>>>>>>>>>>>>>>>> 2018,source=OneTimeTokenAuthenticationWebflowEventResolver] >>>>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_EVENT_TRIGGERED >>>>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Can anybody tell me what I'm missing? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>>>> --- >>>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org >>>>>>>>>>>>>> >>>>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>>>> . >>>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>> --- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org >>>>>>>>>>>> >>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>> . >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>> --- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org >>>>>>>>>> >>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> -- >>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "CAS Community" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org >>>>>>>> >>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org >>>>> >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f21fbf61-f382-448e-b514-91c4e7f50921%40apereo.org.
