Hello all,
We have implemented Duo as an MFA provider in CAS, and it was working
great in small-scale testing.
We are pushing to a larger user base to test, and are frequently
getting an error upon completion of the MFA process (after the user
has approved the push notification):
---
MFA Provider Unavailable
CAS was unable to reach your configured MFA provider at this time. Due
to failure policies configured for the service you are attempting to
access, authentication can not be granted at this time.
---
When I look at the cas-date.log:
[32m2022-02-17 20:05:36,120 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT:
{source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success, timestamp=Thu Feb 17 20:05:36 UTC 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Thu Feb 17 20:05:36 UTC 2022
CLIENT IP ADDRESS: 10.200.2.209
SERVER IP ADDRESS: 10.200.1.63
=============================================================
>
[32m2022-02-17 20:05:39,993 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: username
WHAT: [UsernamePasswordCredential(username=username, source=null,
customFields={})]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Feb 17 20:05:39 UTC 2022
CLIENT IP ADDRESS: 10.200.2.209
SERVER IP ADDRESS: 10.200.1.63
=============================================================
>
[32m2022-02-17 20:05:39,995 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: username
WHAT: {source=String, event=mfa-duo, timestamp=Thu Feb 17 20:05:39 UTC
2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Thu Feb 17 20:05:39 UTC 2022
CLIENT IP ADDRESS: 10.200.2.209
SERVER IP ADDRESS: 10.200.1.63
=============================================================
>
[32m2022-02-17 20:05:39,998 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: username
WHAT: {principal=username, execution=true, provider=mfa-duo}
ACTION: MULTIFACTOR_AUTHENTICATION_BYPASS
APPLICATION: CAS
WHEN: Thu Feb 17 20:05:39 UTC 2022
CLIENT IP ADDRESS: 10.200.2.209
SERVER IP ADDRESS: 10.200.1.63
=============================================================
>
[33m2022-02-17 20:05:40,673 WARN
[org.apereo.cas.adaptors.duo.authn.BaseDuoSecurityAuthenticationService]
- <Duo returned an Invalid response with message [Access forbidden]
and detail [Wrong integration type for this API.] when determining
user account. This maybe a configuration error in the admin request
and Duo will still be considered available.>
[1;31m2022-02-17 20:05:49,874 ERROR
[org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler] -
<ID Token verification failed>
[32m2022-02-17 20:05:49,875 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: *****
WHAT: [DuoSecurityUniversalPromptCredential(token=*****,
authentication=org.apereo.cas.authentication.DefaultAuthentication@2b2b031b,
providerId=mfa-duo)]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Feb 17 20:05:49 UTC 2022
CLIENT IP ADDRESS: 10.200.2.209
SERVER IP ADDRESS: 10.200.1.63
=============================================================
>
[1;31m2022-02-17 20:05:49,875 ERROR
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver]
- <1 errors, 0 successes>
[32m2022-02-17 20:05:49,876 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: ELHb25Fr2JP5NWc8S0jljab45p6wIqx1
WHAT: {source=DuoSecurityAuthenticationWebflowEventResolver,
event=error, timestamp=Thu Feb 17 20:05:49 UTC 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Thu Feb 17 20:05:49 UTC 2022
CLIENT IP ADDRESS: 10.200.2.209
SERVER IP ADDRESS: 10.200.1.63
=============================================================
>
[32m2022-02-17 20:05:49,877 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: ELHb25Fr2JP5NWc8S0jljab45p6wIqx1
WHAT: TST-b31b7c0a5048e9995aa54daa5b3d1f8d141c
ACTION: TICKET_DESTROYED
APPLICATION: CAS
WHEN: Thu Feb 17 20:05:49 UTC 2022
CLIENT IP ADDRESS: 10.200.2.209
SERVER IP ADDRESS: 10.200.1.63
=============================================================
----
When I look at the Stacktrace I see:
2022-02-17 20:14:10,479 ERROR
[org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler] -
<ID Token verification failed>
com.duosecurity.exception.DuoException: ID Token verification failed
at
com.duosecurity.DuoIdTokenValidator.validateAndDecode(DuoIdTokenValidator.java:75)
~[duo-universal-sdk-1.1.3.jar!/:?]
at
com.duosecurity.Client.exchangeAuthorizationCodeFor2FAResult(Client.java:339)
~[duo-universal-sdk-1.1.3.jar!/:?]
at
com.duosecurity.Client.exchangeAuthorizationCodeFor2FAResult(Client.java:304)
~[duo-universal-sdk-1.1.3.jar!/:?]
at
org.apereo.cas.adaptors.duo.authn.UniversalPromptDuoSecurityAuthenticationService.authenticateInternal(UniversalPromptDuoSecurityAuthenticationService.java:79)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.authn.BaseDuoSecurityAuthenticationService.authenticate(BaseDuoSecurityAuthenticationService.java:80)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler.authenticateDuoUniversalPromptCredential(DuoSecurityAuthenticationHandler.java:121)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler.doAuthentication(DuoSecurityAuthenticationHandler.java:77)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:44)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateAndResolvePrincipal(DefaultAuthenticationManager.java:201)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:302)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:68)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:?]
at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
at
jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown Source)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
~[spring-aop-5.3.15.jar!/:5.3.15]
at com.sun.proxy.$Proxy226.authenticate(Unknown Source) ~[?:?]
at
org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:33)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:60)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.handleAuthenticationTransactionAndGrantTicketGrantingTicket(AbstractCasWebflowEventResolver.java:158)
~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveInternal(DuoSecurityAuthenticationWebflowEventResolver.java:30)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:107)
~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:112)
~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveSingle(DuoSecurityAuthenticationWebflowEventResolver.java:38)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
jdk.internal.reflect.GeneratedMethodAccessor205.invoke(Unknown Source)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
at
jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown Source)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
~[spring-aop-5.3.15.jar!/:5.3.15]
at com.sun.proxy.$Proxy229.resolveSingle(Unknown Source) ~[?:?]
at
org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityAuthenticationWebflowAction.doExecute(DuoSecurityAuthenticationWebflowAction.java:23)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.doExecute(DuoSecurityUniversalPromptValidateLoginAction.java:71)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.State.enter(State.java:194)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.Flow.start(Flow.java:527)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
~[javax.servlet-api-4.0.1.jar!/:4.0.1]
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
~[javax.servlet-api-4.0.1.jar!/:4.0.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204)
~[spring-security-web-5.6.1.jar!/:5.6.1]
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
~[spring-security-web-5.6.1.jar!/:5.6.1]
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
~[spring-boot-actuator-2.6.3.jar!/:2.6.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:104)
~[cas-server-core-logging-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
~[inspektr-common-1.8.17.GA.jar!/:1.8.17.GA]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:769)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: com.auth0.jwt.exceptions.InvalidClaimException: The Token
can't be used before Thu Feb 17 20:15:11 UTC 2022.
at
com.auth0.jwt.JWTVerifier.assertDateIsPast(JWTVerifier.java:448)
~[java-jwt-3.3.0.jar!/:?]
at
com.auth0.jwt.JWTVerifier.assertValidDateClaim(JWTVerifier.java:434)
~[java-jwt-3.3.0.jar!/:?]
at
com.auth0.jwt.JWTVerifier.verifyClaims(JWTVerifier.java:376)
~[java-jwt-3.3.0.jar!/:?]
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:355)
~[java-jwt-3.3.0.jar!/:?]
at
com.duosecurity.DuoIdTokenValidator.validateAndDecode(DuoIdTokenValidator.java:73)
~[duo-universal-sdk-1.1.3.jar!/:?]
... 137 more
2022-02-17 20:14:10,480 ERROR
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver]
- <1 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
successes
at
org.apereo.cas.authentication.DefaultAuthenticationManager.evaluateFinalAuthentication(DefaultAuthenticationManager.java:348)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:326)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:68)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:?]
at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
at
jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown Source)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
~[spring-aop-5.3.15.jar!/:5.3.15]
at com.sun.proxy.$Proxy226.authenticate(Unknown Source) ~[?:?]
at
org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:33)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:60)
~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.handleAuthenticationTransactionAndGrantTicketGrantingTicket(AbstractCasWebflowEventResolver.java:158)
~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveInternal(DuoSecurityAuthenticationWebflowEventResolver.java:30)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:107)
~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:112)
~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveSingle(DuoSecurityAuthenticationWebflowEventResolver.java:38)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
jdk.internal.reflect.GeneratedMethodAccessor205.invoke(Unknown Source)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
at
jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown Source)
~[?:?]
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
~[spring-aop-5.3.15.jar!/:5.3.15]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
~[spring-aop-5.3.15.jar!/:5.3.15]
at com.sun.proxy.$Proxy229.resolveSingle(Unknown Source) ~[?:?]
at
org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityAuthenticationWebflowAction.doExecute(DuoSecurityAuthenticationWebflowAction.java:23)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.doExecute(DuoSecurityUniversalPromptValidateLoginAction.java:71)
~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.State.enter(State.java:194)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.Flow.start(Flow.java:527)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264)
~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
~[javax.servlet-api-4.0.1.jar!/:4.0.1]
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
~[spring-webmvc-5.3.15.jar!/:5.3.15]
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
~[javax.servlet-api-4.0.1.jar!/:4.0.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62)
~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204)
~[spring-security-web-5.6.1.jar!/:5.6.1]
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
~[spring-security-web-5.6.1.jar!/:5.6.1]
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
~[spring-boot-actuator-2.6.3.jar!/:2.6.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:104)
~[cas-server-core-logging-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
~[inspektr-common-1.8.17.GA.jar!/:1.8.17.GA]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
~[spring-web-5.3.15.jar!/:5.3.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
~[tomcat-catalina-9.0.58.jar!/:9.0.58]
at org.apache.catalina.core.Stand
---
The things that stand out to me are:
<Duo returned an Invalid response with message [Access forbidden] and
detail [Wrong integration type for this API.] when determining user
account. This maybe a configuration error in the admin request and Duo
will still be considered available.>
[1;31m2022-02-17 20:05:49,874 ERROR
[org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler] -
<ID Token verification failed>
and I'm not sure where to begin looking.
We are using CAS Snapshot 6.5.0 from 2/10/22.
It is weird, when I reboot the server, restarting all services, it
works for a few minutes for everyone, but then dies out fairly
quickly. I'm just not sure where or what to check for this because it
starts out working and then stops working.
6.5.0-SNAPSHOT 2/10/22, 5:07 PM
6.5.0-SNAPSHOT 2/10/22, 5:07 PM
6.5.0-SNAPSHOT 2/10/22, 5:07 PM
6.5.0-SNAPSHOT 2/10/22, 5:07 PM
6.5.0-SNAPSHOT 2/10/22, 5:07 PM
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2050fab9-68d9-4a9e-bf36-c36619d4aeedn%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/2050fab9-68d9-4a9e-bf36-c36619d4aeedn%40apereo.org?utm_medium=email&utm_source=footer>.
