Hello,
i've have found a quick solution, not sure if it is the right way to fix
the problem but it will work for our POC =>
duplicate the class CasSimpleMultifactorAuthenticationTicketFactory for the
apereo git repository, put it in the package org.apereo.cas.mfa.simple in
your war overlay.
and change the constant PREFIX (l23) to TST :
public static final String PREFIX = "TST";
On Friday, December 13, 2019 at 10:36:57 AM UTC+1, Nono wrote:
>
> Hello Alfonso*,*
>
> Have you found a solution ? I have the same problem, i am running cas
> 6.1.2 with hazelcast and after debuging the simple mfa flow i found that
> the OTP is created in a cache named TST and read in a cache named CASMFA.
> If you activate the health actuator, you can see the two different cache
> and only the tst cache is populated with the token.
>
> On Friday, October 11, 2019 at 9:40:36 AM UTC+2, Alfonso Vera wrote:
>>
>> Hi all
>> watching the log
>> The ticket for mfa-simple is generated correctly and sent via SMS to the
>> user
>>
>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Adding ticket
>> *[CAS-811937*] with ttl [30s]>
>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding
>> ticket [TransientSessionTicketImpl(super=CAS-811937, service=null,
>> properties={})]>
>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded
>> original ticket id [CAS-811937] to *[*
>> *285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc*
>> 4]>
>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created
>> encoded ticket
>> [EncodedTicket(id=285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4)]>
>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map
>> name [transientSessionTicketsCache] for ticket definition
>> [DefaultTicketDefinition(implementationClass=class
>> org.apereo.cas.ticket.TransientSessionTicketImpl, *prefix=TST*,
>> properties=DefaultTicketDefinitionProperties(cascade=false,
>> storageName=transientSessionTicketsCache, storageTimeout=300,
>> storagePassword=null), order=2147483647)]>
>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located
>> Hazelcast map instance [transientSessionTicketsCache]>
>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Added ticket
>> [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4]
>>
>> with ttl [30s]>
>> [org.apereo.cas.mfa.simple.web.flow.CasSimpleSendTokenAction] -*
>> <Successfully submitted token via SMS to [zzzzzzzzzzz*
>> *]>*
>>
>> later the user ....
>>
>>
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Attempting authentication of *[CAS-811937] *using [mfa-simple]>
>> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
>> <Received token [*CAS-811937*]>
>> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
>> <Received principal id [zzzzzzzzzzz]. Attempting to locate token in
>> registry...>
>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded
>> original to [
>> *285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4*
>> ]>
>> [org.apereo.cas.ticket.DefaultTicketCatalog] -* <Ticket definition for
>> [CAS-811937] cannot be found in the ticket catalog which only contains the
>> following ticket types: [[TGT, ST, RT, AT, PT, TST, OC, SART, PGT, SATQ,
>> ODT]]>*
>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <No ticket
>> definition could be found in the catalog to match [CAS-811937]>
>> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
>> <Authorization of token [CAS-811937] has failed. Token is not found in
>> registry>
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports
>> [CasSimpleMultifactorTokenCredential()] of type
>> [CasSimpleMultifactorTokenCredential]. Examine the configuration to ensure
>> a method of authentication is defined and analyze CAS logs at DEBUG level
>> to trace the authentication event.>
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <[mfa-simple] exception details: [Failed to authenticate code CAS-811937].
>>
>>
>> This is my configuration:
>>
>> cas.smsProvider.rest.method=POST
>> cas.smsProvider.rest.url=https://xxxxxx/sms.php
>>
>> cas.authn.mfa.simple.sms.from=XXXXXX
>> cas.authn.mfa.simple.sms.attributeName=TelephoneNumber
>> cas.authn.mfa.simple.name=mfa-simple
>> cas.authn.mfa.simple.order=1
>> cas.authn.mfa.simple.timeToKillInSeconds=30
>>
>> cas.authn.mfa.globalPrincipalAttributeNameTriggers=memberof
>> cas.authn.mfa.globalPrincipalAttributeValueRegex=xxxxx
>>
>>
>> Its like that encoding the ticket works fine but later the ticket isn't
>> TST
>>
>>
>> Any suggestion will be welcome
>>
>>
>>
>>
>>
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1afb2022-eb3e-40b1-ae15-c4ce957a3935%40apereo.org.
