I am trying to get CAS 5.3.9 working with Google Authenticator MFA, but I am getting the following error:
Error: Exception thrown executing org.apereo.cas.trusted.web.flow.MultifactorAuthenticationVerifyTrustAction@7b20419f in state 'verifyTrustedDevice' of flow 'mfa-gauth' -- action execution attributes were 'map['resolvedAuthenticationEvents' -> set[mfa-gauth]]' The config is below: cas.server.name: https://******** cas.server.prefix: ${cas.server.name}/cas cas.logout.followServiceRedirects=true cas.view.templatePrefixes[0]=file:///etc/cas/templates logging.config=file:/etc/cas/config/log4j2.xml cas.serviceRegistry.json.location=file:/etc/cas/services cas.authn.accept.users= cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldaps://********* cas.authn.ldap[0].bindDn=********* cas.authn.ldap[0].bindCredential=********* cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].poolPassivator=BIND cas.authn.ldap[0].baseDn=********* cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].searchFilter=(*********) cas.authn.ldap[0].principalAttributeId=cn cas.authn.ldap[0].principalAttributeList=********* cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=UDC_IDENTIFIER cas.authn.attributeRepository.ldap[0].attributes.mail=email cas.authn.attributeRepository.ldap[0].attributes.givenName=firstName cas.authn.attributeRepository.ldap[0].attributes.sn=lastName cas.authn.attributeRepository.ldap[0].attributes.cn=user cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf ### Authy setup cas.authn.mfa.authy.apiKey=********* cas.authn.mfa.authy.apiUrl=********* cas.authn.mfa.authy.phoneAttribute=mobile cas.authn.mfa.authy.mailAttribute=extenstionattribute1 cas.authn.mfa.authy.countryCode=1 cas.authn.mfa.authy.forceVerification=true cas.authn.mfa.authy.trustedDeviceEnabled=false cas.authn.mfa.authy.name=castest ### Google Authenticator setup #cas.authn.mfa.globalProviderId=mfa-gauth cas.authn.mfa.gauth.issuer=Messiah_College_CAS cas.authn.mfa.gauth.label=Username cas.authn.mfa.gauth.windowSize=3 cas.authn.mfa.gauth.codeDigits=6 cas.authn.mfa.gauth.timeStepSize=30 cas.authn.mfa.gauth.rank=0 cas.authn.mfa.gauth.trustedDeviceEnabled=true cas.authn.mfa.gauth.name=castest cas.authn.mfa.gauth.json.location=file:/etc/cas/config/gauth.json #cas.authn.mfa.gauth.rest.endpointUrl=https://*********/processGauth.php cas.authn.mfa.gauth.crypto.encryption.key=********* cas.authn.mfa.gauth.crypto.encryption.keySize=256 cas.authn.mfa.gauth.crypto.signing.key=********* cas.authn.mfa.gauth.crypto.signing.keySize=512 cas.authn.mfa.gauth.crypto.enabled=true #cas.authn.mfa.gauth.cleaner.enabled=true #cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 #cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 cas.authn.mfa.trusted.authenticationContextAttribute=isFromTrustedMultifactorAuthentication cas.authn.mfa.trusted.deviceRegistrationEnabled=true cas.authn.mfa.trusted.expiration=30 cas.authn.mfa.trusted.timeUnit=DAYS cas.authn.mfa.trusted.json.location=file:/etc/cas/config/trusted-dev.json #cas.authn.mfa.trusted.rest.endpoint=https://*********/trustedBrowser/index.php cas.authn.mfa.trusted.crypto.encryption.key=********* cas.authn.mfa.trusted.crypto.encryption.keySize=256 cas.authn.mfa.trusted.crypto.signing.key=********* cas.authn.mfa.trusted.crypto.signing.keySize=512 cas.authn.mfa.trusted.crypto.enabled=true cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.encryption.key=********* cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.encryption.keySize=256 cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.signing.key=********* cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.signing.keySize=512 cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.enabled=true cas.tgc.crypto.encryption.key=********* cas.tgc.crypto.encryption.keySize=256 cas.tgc.crypto.signing.key=********* cas.tgc.crypto.signing.keySize=512 cas.tgc.crypto.enabled=true cas.webflow.crypto.signing.key=********* cas.webflow.crypto.signing.keySize=512 cas.webflow.crypto.encryption.key=********* cas.webflow.crypto.encryption.keySize=16 cas.webflow.crypto.enabled=true cas.monitor.endpoints.enabled=true cas.monitor.endpoints.sensitive=false cas.monitor.freeMemThreshold=10 cas.ticket.st.numberOfUses=1 cas.ticket.st.timeToKillInSeconds=300 cas.ticket.tgt.maxTimeToLiveInSeconds=36000 cas.ticket.tgt.timeToKillInSeconds=28000 cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=36000 # cas.ticket.tgt.rememberMe.enabled=false # cas.ticket.tgt.rememberMe.timeToKillInSeconds=1 cas.interrupt.rest.url=https://*********/interrupts/process.php cas.interrupt.rest.method=GET My ultimate goal is to get this to work using a REST call so that I can store the user and device information (I have asked that in a different thread <https://groups.google.com/a/apereo.org/forum/#!msg/cas-user/yMiO4EMULGs/iOW8zjQWCwAJ>) but at this point, I am not sure why the JSON file-based is throwing the error. Any thoughts would be greatly appreciated! Thanks, Shawn -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8c554bb6-7d89-4c6a-927b-375f5fa019d4%40apereo.org.
