Hi Nono
Sorry for the delay
We have patched exactly the same
El vie., 13 dic. 2019 a las 11:41, Nono (<[email protected]>)
escribió:
> Hello,
>
> i've have found a quick solution, not sure if it is the right way to fix
> the problem but it will work for our POC =>
>
> duplicate the class CasSimpleMultifactorAuthenticationTicketFactory for
> the apereo git repository, put it in the package org.apereo.cas.mfa.simple
> in your war overlay.
> and change the constant PREFIX (l23) to TST :
>
> public static final String PREFIX = "TST";
>
>
>
>
> On Friday, December 13, 2019 at 10:36:57 AM UTC+1, Nono wrote:
>>
>> Hello Alfonso*,*
>>
>> Have you found a solution ? I have the same problem, i am running cas
>> 6.1.2 with hazelcast and after debuging the simple mfa flow i found that
>> the OTP is created in a cache named TST and read in a cache named CASMFA.
>> If you activate the health actuator, you can see the two different cache
>> and only the tst cache is populated with the token.
>>
>> On Friday, October 11, 2019 at 9:40:36 AM UTC+2, Alfonso Vera wrote:
>>>
>>> Hi all
>>> watching the log
>>> The ticket for mfa-simple is generated correctly and sent via SMS to the
>>> user
>>>
>>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Adding
>>> ticket *[CAS-811937*] with ttl [30s]>
>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding
>>> ticket [TransientSessionTicketImpl(super=CAS-811937, service=null,
>>> properties={})]>
>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded
>>> original ticket id [CAS-811937] to *[*
>>> *285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc*
>>> 4]>
>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created
>>> encoded ticket
>>> [EncodedTicket(id=285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4)]>
>>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Locating map
>>> name [transientSessionTicketsCache] for ticket definition
>>> [DefaultTicketDefinition(implementationClass=class
>>> org.apereo.cas.ticket.TransientSessionTicketImpl, *prefix=TST*,
>>> properties=DefaultTicketDefinitionProperties(cascade=false,
>>> storageName=transientSessionTicketsCache, storageTimeout=300,
>>> storagePassword=null), order=2147483647)]>
>>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Located
>>> Hazelcast map instance [transientSessionTicketsCache]>
>>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <Added ticket
>>> [285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4]
>>> with ttl [30s]>
>>> [org.apereo.cas.mfa.simple.web.flow.CasSimpleSendTokenAction] -*
>>> <Successfully submitted token via SMS to [zzzzzzzzzzz*
>>> *]>*
>>>
>>> later the user ....
>>>
>>>
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <Attempting authentication of *[CAS-811937] *using [mfa-simple]>
>>> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
>>> <Received token [*CAS-811937*]>
>>> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
>>> <Received principal id [zzzzzzzzzzz]. Attempting to locate token in
>>> registry...>
>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded
>>> original to [
>>> *285cd5a0e685fd1337f7dda6a60a848691dca84e5360b54beb95696e369fba18455477846cbda7850c4f6c79b5902b158f8e9c653edbc2d826a46beda0c73bc4*
>>> ]>
>>> [org.apereo.cas.ticket.DefaultTicketCatalog] -* <Ticket definition for
>>> [CAS-811937] cannot be found in the ticket catalog which only contains the
>>> following ticket types: [[TGT, ST, RT, AT, PT, TST, OC, SART, PGT, SATQ,
>>> ODT]]>*
>>> [org.apereo.cas.ticket.registry.HazelcastTicketRegistry] - <No ticket
>>> definition could be found in the catalog to match [CAS-811937]>
>>> [org.apereo.cas.mfa.simple.CasSimpleMultifactorAuthenticationHandler] -
>>> <Authorization of token [CAS-811937] has failed. Token is not found in
>>> registry>
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>>> authentication handler that supports
>>> [CasSimpleMultifactorTokenCredential()] of type
>>> [CasSimpleMultifactorTokenCredential]. Examine the configuration to ensure
>>> a method of authentication is defined and analyze CAS logs at DEBUG level
>>> to trace the authentication event.>
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <[mfa-simple] exception details: [Failed to authenticate code CAS-811937].
>>>
>>>
>>> This is my configuration:
>>>
>>> cas.smsProvider.rest.method=POST
>>> cas.smsProvider.rest.url=https://xxxxxx/sms.php
>>>
>>> cas.authn.mfa.simple.sms.from=XXXXXX
>>> cas.authn.mfa.simple.sms.attributeName=TelephoneNumber
>>> cas.authn.mfa.simple.name=mfa-simple
>>> cas.authn.mfa.simple.order=1
>>> cas.authn.mfa.simple.timeToKillInSeconds=30
>>>
>>> cas.authn.mfa.globalPrincipalAttributeNameTriggers=memberof
>>> cas.authn.mfa.globalPrincipalAttributeValueRegex=xxxxx
>>>
>>>
>>> Its like that encoding the ticket works fine but later the ticket isn't
>>> TST
>>>
>>>
>>> Any suggestion will be welcome
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1afb2022-eb3e-40b1-ae15-c4ce957a3935%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1afb2022-eb3e-40b1-ae15-c4ce957a3935%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
----------------------
Alfonso "Bersuit" Vera
http://about.me/alfonso.vera
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH5qZ4VYsR_hPSUKCixj1nT8%3DGmPpmAWb2bgX1kPXvQrJszJ9g%40mail.gmail.com.
