Hello Alfonso*,*
Have you found a solution ? I have the same problem, i am running cas 6.1.2
with hazelcast and after debuging the simple mfa flow i found that the OTP
is created in a cache named TST and read in a cache named CASMFA. If you
activate the health actuator, you can see the two different cache and only
the tst cache is populated with the token.
On Friday, October 11, 2019 at 9:40:36 AM UTC+2, Alfonso Vera wrote:
>
> Hi all
> watching the log
> The ticket for mfa-simple is generated correctly and sent via SMS to the
> user
>
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Adding ticket
> *[CAS-811937*] with ttl [30s]>
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket
> [TransientSessionTicketImpl(super=CAS-811937, service=null, properties={})]>
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded
> original ticket id [CAS-811937] to *[*
> *285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc*
> 4]>
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded
> ticket
> [EncodedTicket(id=285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4)]>
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map
> name [transientSessionTicketsCache] for ticket definition
> [DefaultTicketDefinition(implementationClass=class
> org.apereo.cas.ticket.TransientSessionTicketImpl, *prefix=TST*,
> properties=DefaultTicketDefinitionProperties(cascade=false,
> storageName=transientSessionTicketsCache, storageTimeout=300,
> storagePassword=null), order=2147483647)]>
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located
> Hazelcast map instance [transientSessionTicketsCache]>
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Added ticket
> [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4]
>
> with ttl [30s]>
> [org.apereo.cas.mfa.simple.web.flow.CasSimpleSendTokenAction] -*
> <Successfully submitted token via SMS to [zzzzzzzzzzz*
> *]>*
>
> later the user ....
>
>
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Attempting authentication of *[CAS-811937] *using [mfa-simple]>
> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
> <Received token [*CAS-811937*]>
> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
> <Received principal id [zzzzzzzzzzz]. Attempting to locate token in
> registry...>
> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded
> original to [
> *285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4*
> ]>
> [org.apereo.cas.ticket.DefaultTicketCatalog] -* <Ticket definition for
> [CAS-811937] cannot be found in the ticket catalog which only contains the
> following ticket types: [[TGT, ST, RT, AT, PT, TST, OC, SART, PGT, SATQ,
> ODT]]>*
> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <No ticket
> definition could be found in the catalog to match [CAS-811937]>
> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
> <Authorization of token [CAS-811937] has failed. Token is not found in
> registry>
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Authentication has failed. Credentials may be incorrect or CAS cannot find
> authentication handler that supports
> [CasSimpleMultifactorTokenCredential()] of type
> [CasSimpleMultifactorTokenCredential]. Examine the configuration to ensure
> a method of authentication is defined and analyze CAS logs at DEBUG level
> to trace the authentication event.>
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[mfa-simple] exception details: [Failed to authenticate code CAS-811937].
>
>
> This is my configuration:
>
> cas.smsProvider.rest.method=POST
> cas.smsProvider.rest.url=https://xxxxxx/sms.php
>
> cas.authn.mfa.simple.sms.from=XXXXXX
> cas.authn.mfa.simple.sms.attributeName=TelephoneNumber
> cas.authn.mfa.simple.name=mfa-simple
> cas.authn.mfa.simple.order=1
> cas.authn.mfa.simple.timeToKillInSeconds=30
>
> cas.authn.mfa.globalPrincipalAttributeNameTriggers=memberof
> cas.authn.mfa.globalPrincipalAttributeValueRegex=xxxxx
>
>
> Its like that encoding the ticket works fine but later the ticket isn't TST
>
>
> Any suggestion will be welcome
>
>
>
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/27c5825c-44ec-4432-80fb-67b999336e96%40apereo.org.
