Gregory,
I'm seeing the same error message now on CAS 6.3. Did your issue get
resolved?
Thanks for your help.
On Saturday, February 6, 2021 at 2:36:04 PM UTC-6 Gregory G wrote:
> Hello,
>
> I currently dev for migrate from 6.2.5 to 6.3.1
>
> And i have an error when i try to access a service with 2FA enabled but
> bypassed by reverse proxy
>
> No specific flows are defined, only bypass
> *#Google Auth Bypass*
> *cas.authn.mfa.gauth.bypass.http-request-headers=remote_user*
> *cas.authn.mfa.gauth.bypass.principal-attribute-name=cas2faEnabled*
> *cas.authn.mfa.gauth.bypass.principal-attribute-value=FALSE*
>
> So if a user (aka test1, with 2FA enabled in LDAP) connect to a service (
> test.lab.local) : all it's ok
> my second user (aka test2, without 2FA enabled) all is ok
>
> and my first user came with his PKI, and nginx reverse proxy set
> remote_user header to cas has this error :
> *org.springframework.webflow.engine.NoMatchingTransitionException: No
> transition was matched on the event(s) signaled by the [1] action(s) that
> executed in this action state 'remoteAuthenticate' of flow 'login';
> transitions must be defined to handle action result outcomes -- possible
> flow configuration error? Note: the eventIds signaled were:
> 'array<String>['generateServiceTicket']', while the supported set of
> transitional criteria for this action state is
> 'array<TransitionCriteria>[success, error, authenticationFailure,
> mfa-gauth]'*
> but he can access to cas.lab.local without error.
> [image: Capture d’écran 2021-02-06 à 21.33.10.png]
> we see the MFA is bypassed in attributes.
>
> The service i try to reach is very simple :
> *{*
> *"@class" : "org.apereo.cas.services.RegexRegisteredService",*
> *"serviceId" : "^(https|http)://localhost.*",*
> *"name" : "localhost",*
> *"id" : 2,*
> *"description" : "Allows only localhost services",*
> *"evaluationOrder" : 0*
> *}*
>
>
>
> PS : this scenario is production scenario in place since CAS 5.2
>
> Thanks for your help
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3c97e974-dc67-4190-b8ef-958bc0fbca20n%40apereo.org.
