Hi Jeremy, Have you any record in the table GoogleAuthenticatorRegistrationRecord of your gauth's database ?
Sincerely, Mickaël Le mar. 5 mars 2019 à 13:35, Jeremy Van Rooyen <[email protected]> a écrit : > Yes authentication works 100% without gauth. > > Kind Regards > Jeremy > > On Tuesday, 5 March 2019 13:25:18 UTC+2, Mickaël wrote: >> >> Hi Jeremy, >> >> "Policy" is the word used in the logs you pasted. >> >> Just a question, authentification works without gauth ? >> >> Sincerely, >> Mickaël >> >> >> Le mardi 5 mars 2019 10:36:57 UTC+1, Jeremy Van Rooyen a écrit : >>> >>> Hi Mickaël, >>> >>> I'm not sure what you mean by policy. I do have "[TEST]" as gauth issuer. >>> >>> See below: >>> >>> *cas.authn.mfa.gauth.issuer=TEST* >>> *cas.authn.mfa.gauth.codeDigits=6* >>> *cas.authn.mfa.gauth.timeStepSize=60* >>> *cas.authn.mfa.gauth.windowSize=3* >>> *cas.authn.mfa.gauth.label=TEST* >>> *cas.authn.mfa.gauth.rank=0* >>> *cas.authn.mfa.gauth.name <http://cas.authn.mfa.gauth.name>=TEST* >>> >>> *cas.authn.mfa.gauth.bypass.type=DEFAULT* >>> >>> I use AD as my auth method. >>> >>> Kind Regards >>> Jeremy >>> >>> >>> On Monday, 4 March 2019 17:55:10 UTC+2, Mickaël wrote: >>>> >>>> Jeremy, have you a policy named *[TEST] *? >>>> What is your auth method ? LDAP, database, AD, other ? >>>> >>>> Sincerely, >>>> >>>> Mickaël >>>> >>>> Le lundi 4 mars 2019 11:09:18 UTC+1, Jeremy Van Rooyen a écrit : >>>>> >>>>> Thank you for your feedback Mickaël, much appreciated. >>>>> >>>>> I configured cas to use mariadb as mentioned below and I still get the >>>>> same issue as with mongodb. >>>>> >>>>> Time on my server and app is exactly the same. >>>>> >>>>> Its very strange though, scratch codes works fine but not generated >>>>> OTP on Google Authenticator app after scanning the QR code. >>>>> >>>>> This is the error that I get: >>>>> >>>>> *[org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>> - <Authorization of OTP token [359062] has failed>* >>>>> *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>> <Authentication has failed. Credentials may be incorrect or CAS cannot >>>>> find >>>>> authentication handler that supports [OneTimeTokenCredential(* >>>>> *token=359062)] of type [GoogleAuthenticatorTokenCredential]. Examine >>>>> the configuration to ensure a method of authentication is defined and >>>>> analyze CAS logs at DEBUG level to trace the authentication event.>* >>>>> *[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>> <[TEST] exception details: [Failed to authenticate code 359062].>* >>>>> *[org.apereo.cas.authentication.DefaultAuthenticationBuilder] - >>>>> <Recording authentication handler failure under key [TEST]>* >>>>> >>>>> I'm not sure what I'm missing at all :-( >>>>> >>>>> Kind Regards >>>>> Jeremy >>>>> >>>>> On Monday, 4 March 2019 09:36:12 UTC+2, Mickaël wrote: >>>>>> >>>>>> Hi Jeremy, >>>>>> >>>>>> This is an extract for configuring CAS to use gauth with my server >>>>>> MySQL. This server is a MariaDB server on Debian 9. >>>>>> The encryption key and signing key are generated at each start of the >>>>>> CAS server and sent to the log file catalina.out You can start it one >>>>>> time >>>>>> and copy/paste to your configuration file for the next startup. >>>>>> >>>>>> cas.authn.mfa.gauth.crypto.encryption.key=XXXXXX >>>>>> cas.authn.mfa.gauth.crypto.signing.key=XXXXXXX >>>>>> cas.authn.mfa.gauth.issuer="Name of your service" >>>>>> cas.authn.mfa.gauth.label="Something that describe the service" >>>>>> cas.authn.mfa.gauth.jpa.autocommit=true >>>>>> cas.authn.mfa.gauth.jpa.dialect=org.hibernate.dialect.MySQL5Dialect >>>>>> cas.authn.mfa.gauth.jpa.ddlAuto=update >>>>>> cas.authn.mfa.gauth.jpa.driverClass=com.mysql.cj.jdbc.Driver >>>>>> cas.authn.mfa.gauth.jpa.healthQuery=SELECT 1 FROM >>>>>> INFORMATION_SCHEMA.SYSTEM_VARIABLES >>>>>> cas.authn.mfa.gauth.jpa.password=YOUR_BDD_PASSWORD >>>>>> >>>>>> cas.authn.mfa.gauth.jpa.url=jdbc:mysql://BDD_SERVER:3306/DATABASE_TO_STORE?serverTimezone=Europe/Paris >>>>>> cas.authn.mfa.gauth.jpa.user=YOUR_BDD_USER >>>>>> >>>>>> Sincerely, Mickaël >>>>>> >>>>>> Le ven. 1 mars 2019 à 08:55, Jeremy Van Rooyen <[email protected]> >>>>>> a écrit : >>>>>> >>>>>>> Hi Mickaël, >>>>>>> >>>>>>> Can you give me some guidance on the gauth-jpa configuration in the >>>>>>> cas.properties file if possible? >>>>>>> >>>>>>> Much appreciated. >>>>>>> >>>>>>> Jeremy >>>>>>> >>>>>>> On Friday, 22 February 2019 15:53:22 UTC+2, Jeremy Van Rooyen wrote: >>>>>>>> >>>>>>>> Thanks Mickaël, >>>>>>>> >>>>>>>> I think I will try with JPA - to store generated otp's in sql db >>>>>>>> and see what happens. I'm not sure that will solve it but it's worth a >>>>>>>> try. >>>>>>>> >>>>>>>> Would you share your cas.properties so that I can compare >>>>>>>> configurations if possible? >>>>>>>> >>>>>>>> Kind Regards >>>>>>>> Jeremy >>>>>>>> >>>>>>>> On Friday, 22 February 2019 14:01:32 UTC+2, Mickaël wrote: >>>>>>>>> >>>>>>>>> andOTP is the name of the app I'm use. It is opensource. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Mickaël >>>>>>>>> >>>>>>>>> Le ven. 22 févr. 2019 à 12:14, Jeremy Van Rooyen < >>>>>>>>> [email protected]> a écrit : >>>>>>>>> >>>>>>>>>> I see your email was cut off :-) >>>>>>>>>> >>>>>>>>>> You are using what and OTP? >>>>>>>>>> >>>>>>>>>> Kind Regards >>>>>>>>>> Jeremy >>>>>>>>>> >>>>>>>>>> On Friday, 22 February 2019 12:45:10 UTC+2, Mickaël wrote: >>>>>>>>>>> >>>>>>>>>>> No problem. >>>>>>>>>>> >>>>>>>>>>> Have you test with another app? I'm using andOTP but I don't >>>>>>>>>>> think the problem is here. >>>>>>>>>>> >>>>>>>>>>> Sincerely, >>>>>>>>>>> >>>>>>>>>>> Mickaël >>>>>>>>>>> >>>>>>>>>>> Le ven. 22 févr. 2019 à 11:39, Jeremy Van Rooyen < >>>>>>>>>>> [email protected]> a écrit : >>>>>>>>>>> >>>>>>>>>>>> Apologies Mickaël, >>>>>>>>>>>> >>>>>>>>>>>> The webapp server and my smartphone's time is the same yes. >>>>>>>>>>>> >>>>>>>>>>>> Kind Regards >>>>>>>>>>>> Jeremy >>>>>>>>>>>> >>>>>>>>>>>> On Friday, 22 February 2019 10:44:11 UTC+2, Mickaël wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Jeremy, you don't tell me if the webapp server is at the good >>>>>>>>>>>>> time and your smartphone too. >>>>>>>>>>>>> Token are time based, so if one of the device has not the good >>>>>>>>>>>>> time, you will have problems. >>>>>>>>>>>>> >>>>>>>>>>>>> Sincerely, >>>>>>>>>>>>> >>>>>>>>>>>>> Mickaël >>>>>>>>>>>>> >>>>>>>>>>>>> Le ven. 22 févr. 2019 à 08:45, Jeremy Van Rooyen < >>>>>>>>>>>>> [email protected]> a écrit : >>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks for your feedback Mickaël, >>>>>>>>>>>>>> >>>>>>>>>>>>>> For the second part I'm presented by the qrcode and 5 scratch >>>>>>>>>>>>>> codes. When I scan the qrcode my Google Authenticator app on >>>>>>>>>>>>>> phone accepts >>>>>>>>>>>>>> it. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Then I click on register and enter the token displayed by the >>>>>>>>>>>>>> Google Authenticator app and it says --> "*Credentials are >>>>>>>>>>>>>> rejected/invalid and authentication attempt has failed.*" >>>>>>>>>>>>>> >>>>>>>>>>>>>> This is what I see in the CAS log file: >>>>>>>>>>>>>> >>>>>>>>>>>>>> *DEBUG >>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>> - >>>>>>>>>>>>>> <Attempting to authenticate credential >>>>>>>>>>>>>> [OneTimeTokenCredential(token=420195)]>* >>>>>>>>>>>>>> *DEBUG >>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>> - >>>>>>>>>>>>>> <Attempting authentication of [420195] using >>>>>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler]>* >>>>>>>>>>>>>> *DEBUG >>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>> - >>>>>>>>>>>>>> <Received OTP [420195]>* >>>>>>>>>>>>>> *DEBUG >>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>> - >>>>>>>>>>>>>> <Received principal id [jeremy]. Attempting to locate account in >>>>>>>>>>>>>> credential >>>>>>>>>>>>>> repository...>* >>>>>>>>>>>>>> *DEBUG >>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>> - >>>>>>>>>>>>>> <Attempting to locate OTP token [420195] in token repository for >>>>>>>>>>>>>> [jeremy]...>* >>>>>>>>>>>>>> *DEBUG >>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>> - >>>>>>>>>>>>>> <Attempting to authorize OTP token [420195]...>* >>>>>>>>>>>>>> * WARN >>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>> - >>>>>>>>>>>>>> <Authorization of OTP token [420195] has failed>* >>>>>>>>>>>>>> >>>>>>>>>>>>>> It sounds to me that when I use the scratch codes it is >>>>>>>>>>>>>> stored in the mongodb and can be found in the token repository >>>>>>>>>>>>>> (stored in >>>>>>>>>>>>>> db), but not for the tokens used on Google Authenticator app? >>>>>>>>>>>>>> Not sure if >>>>>>>>>>>>>> my understanding is correct? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks in advance >>>>>>>>>>>>>> Jeremy >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Thursday, 21 February 2019 16:50:42 UTC+2, Mickaël wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Yes Jeremy, that's what I mean. >>>>>>>>>>>>>>> I'm using JPA for my service registry and the CAS manager >>>>>>>>>>>>>>> webapp but it is the same way. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> For the second part, are you invited to enter your token >>>>>>>>>>>>>>> code displayed by your Google authenticator app? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If it doesn't work, perhaps your server is not at the good >>>>>>>>>>>>>>> time. NTP can help you to fix it. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Sincerely, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Le jeu. 21 févr. 2019 à 13:53, Jeremy Van Rooyen < >>>>>>>>>>>>>>> [email protected]> a écrit : >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Thursday, 21 February 2019 14:01:17 UTC+2, Mickaël wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Jeremy, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> It is a great news about the scratch codes. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I'm not sure to understand your question about qrcode. To >>>>>>>>>>>>>>>>> register a device, it is possible and required when a service >>>>>>>>>>>>>>>>> is registered >>>>>>>>>>>>>>>>> on your CAS with "Google Authentication" as MFA. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Do you mean that the service "Google Authentication" as MFA >>>>>>>>>>>>>>>> must be registered under the services configuration in json >>>>>>>>>>>>>>>> format? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> So, at the first login without a registered device, user >>>>>>>>>>>>>>>>> will be ask to scan the qrcode on the screen and save (or >>>>>>>>>>>>>>>>> print) the >>>>>>>>>>>>>>>>> scratch codes. After clilk on the next button, user should >>>>>>>>>>>>>>>>> enter is token >>>>>>>>>>>>>>>>> in the field to finish the registration and be redirected to >>>>>>>>>>>>>>>>> the service. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> This is what happens exactly the way you explain it here. >>>>>>>>>>>>>>>> So when I scan the qrcode with my phone it does not take the >>>>>>>>>>>>>>>> codes >>>>>>>>>>>>>>>> generated on the Google Authenticator app. It however does >>>>>>>>>>>>>>>> take the on >>>>>>>>>>>>>>>> screen codes. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I hope this clears up my question? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Does it answer to your question Jeremy ? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> My own question about this system, how to unregistered a >>>>>>>>>>>>>>>>> device in case of change of device or loss ? I don't know URL >>>>>>>>>>>>>>>>> to do that... >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Sincerely, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Le jeudi 21 février 2019 11:32:54 UTC+1, Jeremy Van Rooyen >>>>>>>>>>>>>>>>> a écrit : >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Mickaël, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks for your reply. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> So after playing around a bit more it seems like the on >>>>>>>>>>>>>>>>>> screen scratch codes is being stored in the mongodb and >>>>>>>>>>>>>>>>>> using that it >>>>>>>>>>>>>>>>>> allows me to authenticate perfectly. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The next question is how would one register via the >>>>>>>>>>>>>>>>>> qrcode using the Google Authenticator app on phone? Or am I >>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>> understanding something? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Kind Regards >>>>>>>>>>>>>>>>>> Jeremy >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Tuesday, 19 February 2019 10:30:29 UTC+2, Mickaël >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Are you sure there is anything register in your Mongo >>>>>>>>>>>>>>>>>>> database ? Scratch codes and token are store in DB for each >>>>>>>>>>>>>>>>>>> user in 2 >>>>>>>>>>>>>>>>>>> different tables. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> It is strange to see that, normally "WHO" is the user, >>>>>>>>>>>>>>>>>>> not the token : >>>>>>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> For information, I am using gauth with MariaDB without >>>>>>>>>>>>>>>>>>> any issue. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Mickaël >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Le jeudi 15 février 2018 09:53:52 UTC+1, Janina Byky a >>>>>>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I'm trying to setup CAS 5.2.2 with Google Authenticator >>>>>>>>>>>>>>>>>>>> as second auth factor for specified services. CAS is >>>>>>>>>>>>>>>>>>>> running over LDAP (AD) >>>>>>>>>>>>>>>>>>>> and GAuth based on mongo. So far everything was great, >>>>>>>>>>>>>>>>>>>> build succeed, GAuth >>>>>>>>>>>>>>>>>>>> qrcode appears, user registers and now it's time for TOKEN >>>>>>>>>>>>>>>>>>>> form. I'm typing >>>>>>>>>>>>>>>>>>>> all scratch codes and those generated by Google >>>>>>>>>>>>>>>>>>>> Authenticator, but every >>>>>>>>>>>>>>>>>>>> single attempt is unsuccessful. Also there's no collection >>>>>>>>>>>>>>>>>>>> created to store >>>>>>>>>>>>>>>>>>>> tokens in mongo. Only GAuthRepository is created with >>>>>>>>>>>>>>>>>>>> proper values of >>>>>>>>>>>>>>>>>>>> registered users. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> *cas.properties* >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.accept.users= >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].order=0 >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].type=AUTHENTICATED >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].ldapUrl={CUT} >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].connectionStrategy=DEFAULT >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].useSsl=true >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].connectTimeout=15000 >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].subtreeSearch=true >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].baseDn={CUT} >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(userPrincipalName={user})) >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].bindDn={CUT} >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].bindCredential={CUT} >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].enhanceWithEntryResolver=true >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeId=sAMAccountName >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributePassword= >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].usePasswordPolicy=true >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,sAMAccountName,memberOf >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].poolPassivator=NONE >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].minPoolSize=2 >>>>>>>>>>>>>>>>>>>> cas.authn.ldap[0].maxPoolSize=15 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.globalProviderId=mfa-gauth >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.globalFailureMode=CLOSED >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.issuer=TEST >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.codeDigits=6 >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.timeStepSize=60 >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.windowSize=3 >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.label=TEST >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.rank=0 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.enabled=true >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.bypass.type=DEFAULT >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.clientUri=${mongo.uri} >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.dropCollection=false >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.collection=GAuthRepository >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cas.authn.mfa.gauth.mongo.tokenCollection=GoogleAuthenticatorMongoDbTokenRepository >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> *pom.xml* >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <artifactId>cas-server-webapp${app.server}</artifactId> >>>>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>>>> <type>war</type> >>>>>>>>>>>>>>>>>>>> <scope>runtime</scope> >>>>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-ldap</artifactId> >>>>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-saml</artifactId> >>>>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth</artifactId> >>>>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>>>> <dependency> >>>>>>>>>>>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <artifactId>cas-server-support-gauth-mongo</artifactId> >>>>>>>>>>>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>>>>>>>>>>> </dependency> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> *catalina.log* >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,952 DEBUG >>>>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] >>>>>>>>>>>>>>>>>>>> - <Authentication handlers used for this transaction are >>>>>>>>>>>>>>>>>>>> [GoogleAuthenticatorAuthenticationHandler,LdapAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,953 DEBUG >>>>>>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>>>> <Received OTP [*253227*]> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,954 DEBUG >>>>>>>>>>>>>>>>>>>> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] >>>>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>>>> <Received principal id *[j.byky*]> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,970 DEBUG >>>>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>>>> <[GoogleAuthenticatorAuthenticationHandler] exception >>>>>>>>>>>>>>>>>>>> details: [Failed to >>>>>>>>>>>>>>>>>>>> authenticate code *253227*].> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,971 DEBUG >>>>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >>>>>>>>>>>>>>>>>>>> - <Credential is not one of username/password and is not >>>>>>>>>>>>>>>>>>>> accepted by >>>>>>>>>>>>>>>>>>>> handler [LdapAuthenticationHandler]> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,972 ERROR >>>>>>>>>>>>>>>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] >>>>>>>>>>>>>>>>>>>> - <*Authentication >>>>>>>>>>>>>>>>>>>> has failed. Credentials may be incorrect or CAS cannot >>>>>>>>>>>>>>>>>>>> find authentication >>>>>>>>>>>>>>>>>>>> handler that supports [[token=253227]] of type >>>>>>>>>>>>>>>>>>>> [GoogleAuthenticatorTokenCredential]*.> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,976 INFO >>>>>>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>>>> *WHO: 253227* >>>>>>>>>>>>>>>>>>>> *WHAT: Supplied credentials: [[token=253227]]* >>>>>>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_SUCCESS >>>>>>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,978 ERROR >>>>>>>>>>>>>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] >>>>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>>>> <1 errors, 0 successes> >>>>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.AuthenticationException: >>>>>>>>>>>>>>>>>>>> 1 errors, 0 successes >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:400) >>>>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:380) >>>>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:220) >>>>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>) >>>>>>>>>>>>>>>>>>>> ~[cas-server-core-authentication-5.2.2.jar:5.2.2] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>>>>>>>>>>>>>>>>>>> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) >>>>>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) >>>>>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) >>>>>>>>>>>>>>>>>>>> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134) >>>>>>>>>>>>>>>>>>>> ~[inspektr-audit-1.8.0.GA.jar:1.8.0.GA] >>>>>>>>>>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>>>>>>>>>>>>>>>>>>> Method) ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>>>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>>>>>>>>>>>>>>>>>> ~[?:1.8.0_162] >>>>>>>>>>>>>>>>>>>> ... >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 2018-02-15 09:31:13,982 INFO >>>>>>>>>>>>>>>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>>>>>>>>>>>>>>>>> - <Audit >>>>>>>>>>>>>>>>>>>> trail record BEGIN >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>>>> WHO: *253227* >>>>>>>>>>>>>>>>>>>> WHAT: [event=error,timestamp=Thu Feb 15 09:31:13 CET >>>>>>>>>>>>>>>>>>>> 2018,source=OneTimeTokenAuthenticationWebflowEventResolver] >>>>>>>>>>>>>>>>>>>> ACTION: AUTHENTICATION_EVENT_TRIGGERED >>>>>>>>>>>>>>>>>>>> APPLICATION: CAS >>>>>>>>>>>>>>>>>>>> WHEN: Thu Feb 15 09:31:13 CET 2018 >>>>>>>>>>>>>>>>>>>> CLIENT IP ADDRESS: 10.100.100.20 >>>>>>>>>>>>>>>>>>>> SERVER IP ADDRESS: 10.40.0.2 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ============================================================= >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Can anybody tell me what I'm missing? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails >>>>>>>>>>>>>>>> from it, send an email to [email protected]. >>>>>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org >>>>>>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/57f5e936-6e6e-422c-9fb1-5140e5408eda%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>>>>>> . >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>>>> --- >>>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org >>>>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/141bb8a9-d702-4511-95b6-ce8004cb3ff4%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>>>> . >>>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>> --- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org >>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16c20cee-e056-4d0b-afee-e237fe673185%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>>> . >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>> --- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org >>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc0b95f7-a7ad-4c8e-8b03-82b9bd30ef0e%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa1b3141-e8e4-4900-8f2d-26b4c3f9fc4d%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/3045fc3f-0646-4f53-9a4f-c6d9afdac7d2%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3045fc3f-0646-4f53-9a4f-c6d9afdac7d2%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAM2C0GypQ7S%3DW%2BZyVPnHEBJAvmsk3xb249XD3qd7tpEWaFmp2Q%40mail.gmail.com.
