Richard, man, thank you. I missed this most basic of things because I
thought I had NTP setup and running. Turns out it stopped running and
timedrift occurred. Manually forcing NTP to update and things are working
smooth as can be right now.
I appreciate you.
On Thursday, February 17, 2022 at 3:40:00 PM UTC-5 richard.frovarp wrote:
> Looks like the clock on your server isn't correct?
>
> 2022-02-17 20:14:10,479 ERROR
> [org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler] - <ID
> Token verification failed>
> Caused by: com.auth0.jwt.exceptions.InvalidClaimException: The Token can't
> be used before Thu Feb 17 20:15:11 UTC 2022.
>
> I don't know about your timezone, but the minute in your log statement is
> before the minute when the token can be used. Looks like you are running
> about 61 seconds ahead?
>
> On 2/17/22 14:34, Michael Santangelo wrote:
>
> Hello all,
>
> We have implemented Duo as an MFA provider in CAS, and it was working
> great in small-scale testing.
>
> We are pushing to a larger user base to test, and are frequently getting
> an error upon completion of the MFA process (after the user has approved
> the push notification):
> ---
> MFA Provider Unavailable
>
> CAS was unable to reach your configured MFA provider at this time. Due to
> failure policies configured for the service you are attempting to access,
> authentication can not be granted at this time.
> ---
>
> When I look at the cas-date.log:
>
> [32m2022-02-17 20:05:36,120 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
> event=success, timestamp=Thu Feb 17 20:05:36 UTC 2022}
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Thu Feb 17 20:05:36 UTC 2022
> CLIENT IP ADDRESS: 10.200.2.209
> SERVER IP ADDRESS: 10.200.1.63
> =============================================================
>
> >
> [32m2022-02-17 20:05:39,993 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: username
> WHAT: [UsernamePasswordCredential(username=username, source=null,
> customFields={})]
> ACTION: AUTHENTICATION_SUCCESS
> APPLICATION: CAS
> WHEN: Thu Feb 17 20:05:39 UTC 2022
> CLIENT IP ADDRESS: 10.200.2.209
> SERVER IP ADDRESS: 10.200.1.63
> =============================================================
>
> >
> [32m2022-02-17 20:05:39,995 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: username
> WHAT: {source=String, event=mfa-duo, timestamp=Thu Feb 17 20:05:39 UTC
> 2022}
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Thu Feb 17 20:05:39 UTC 2022
> CLIENT IP ADDRESS: 10.200.2.209
> SERVER IP ADDRESS: 10.200.1.63
> =============================================================
>
> >
> [32m2022-02-17 20:05:39,998 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: username
> WHAT: {principal=username, execution=true, provider=mfa-duo}
> ACTION: MULTIFACTOR_AUTHENTICATION_BYPASS
> APPLICATION: CAS
> WHEN: Thu Feb 17 20:05:39 UTC 2022
> CLIENT IP ADDRESS: 10.200.2.209
> SERVER IP ADDRESS: 10.200.1.63
> =============================================================
>
> >
> [33m2022-02-17 20:05:40,673 WARN
> [org.apereo.cas.adaptors.duo.authn.BaseDuoSecurityAuthenticationService] -
> <Duo returned an Invalid response with message [Access forbidden] and
> detail [Wrong integration type for this API.] when determining user
> account. This maybe a configuration error in the admin request and Duo will
> still be considered available.>
> [1;31m2022-02-17 20:05:49,874 ERROR
> [org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler] - <ID
> Token verification failed>
> [32m2022-02-17 20:05:49,875 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: *****
> WHAT: [DuoSecurityUniversalPromptCredential(token=*****,
> authentication=org.apereo.cas.authentication.DefaultAuthentication@2b2b031b,
> providerId=mfa-duo)]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Thu Feb 17 20:05:49 UTC 2022
> CLIENT IP ADDRESS: 10.200.2.209
> SERVER IP ADDRESS: 10.200.1.63
> =============================================================
>
> >
> [1;31m2022-02-17 20:05:49,875 ERROR
> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] -
> <1 errors, 0 successes>
> [32m2022-02-17 20:05:49,876 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: ELHb25Fr2JP5NWc8S0jljab45p6wIqx1
> WHAT: {source=DuoSecurityAuthenticationWebflowEventResolver, event=error,
> timestamp=Thu Feb 17 20:05:49 UTC 2022}
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Thu Feb 17 20:05:49 UTC 2022
> CLIENT IP ADDRESS: 10.200.2.209
> SERVER IP ADDRESS: 10.200.1.63
> =============================================================
>
> >
> [32m2022-02-17 20:05:49,877 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: ELHb25Fr2JP5NWc8S0jljab45p6wIqx1
> WHAT: TST-b31b7c0a5048e9995aa54daa5b3d1f8d141c
> ACTION: TICKET_DESTROYED
> APPLICATION: CAS
> WHEN: Thu Feb 17 20:05:49 UTC 2022
> CLIENT IP ADDRESS: 10.200.2.209
> SERVER IP ADDRESS: 10.200.1.63
> =============================================================
>
> ----
>
> When I look at the Stacktrace I see:
>
> 2022-02-17 20:14:10,479 ERROR
> [org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler] - <ID
> Token verification failed>
> com.duosecurity.exception.DuoException: ID Token verification failed
> at
> com.duosecurity.DuoIdTokenValidator.validateAndDecode(DuoIdTokenValidator.java:75)
>
> ~[duo-universal-sdk-1.1.3.jar!/:?]
> at
> com.duosecurity.Client.exchangeAuthorizationCodeFor2FAResult(Client.java:339)
> ~[duo-universal-sdk-1.1.3.jar!/:?]
> at
> com.duosecurity.Client.exchangeAuthorizationCodeFor2FAResult(Client.java:304)
> ~[duo-universal-sdk-1.1.3.jar!/:?]
> at
> org.apereo.cas.adaptors.duo.authn.UniversalPromptDuoSecurityAuthenticationService.authenticateInternal(UniversalPromptDuoSecurityAuthenticationService.java:79)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.authn.BaseDuoSecurityAuthenticationService.authenticate(BaseDuoSecurityAuthenticationService.java:80)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler.authenticateDuoUniversalPromptCredential(DuoSecurityAuthenticationHandler.java:121)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler.doAuthentication(DuoSecurityAuthenticationHandler.java:77)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:44)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateAndResolvePrincipal(DefaultAuthenticationManager.java:201)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:302)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:68)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
>
> ~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
> at jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown
> Source) ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at com.sun.proxy.$Proxy226.authenticate(Unknown Source) ~[?:?]
> at
> org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:33)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:60)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.handleAuthenticationTransactionAndGrantTicketGrantingTicket(AbstractCasWebflowEventResolver.java:158)
>
> ~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveInternal(DuoSecurityAuthenticationWebflowEventResolver.java:30)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:107)
>
> ~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:112)
>
> ~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveSingle(DuoSecurityAuthenticationWebflowEventResolver.java:38)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at jdk.internal.reflect.GeneratedMethodAccessor205.invoke(Unknown
> Source) ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
>
> ~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
> at jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown
> Source) ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at com.sun.proxy.$Proxy229.resolveSingle(Unknown Source) ~[?:?]
> at
> org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityAuthenticationWebflowAction.doExecute(DuoSecurityAuthenticationWebflowAction.java:23)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.doExecute(DuoSecurityUniversalPromptValidateLoginAction.java:71)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at org.springframework.webflow.engine.State.enter(State.java:194)
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at org.springframework.webflow.engine.Flow.start(Flow.java:527)
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204)
>
> ~[spring-security-web-5.6.1.jar!/:5.6.1]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
>
> ~[spring-security-web-5.6.1.jar!/:5.6.1]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
>
> ~[spring-boot-actuator-2.6.3.jar!/:2.6.3]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:104)
>
> ~[cas-server-core-logging-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
>
> ~[inspektr-common-1.8.17.GA.jar!/:1.8.17.GA]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:769)
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359)
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
>
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735)
>
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
>
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
>
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>
> ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
> at java.lang.Thread.run(Thread.java:829) [?:?]
> Caused by: com.auth0.jwt.exceptions.InvalidClaimException: The Token can't
> be used before Thu Feb 17 20:15:11 UTC 2022.
> at
> com.auth0.jwt.JWTVerifier.assertDateIsPast(JWTVerifier.java:448)
> ~[java-jwt-3.3.0.jar!/:?]
> at
> com.auth0.jwt.JWTVerifier.assertValidDateClaim(JWTVerifier.java:434)
> ~[java-jwt-3.3.0.jar!/:?]
> at com.auth0.jwt.JWTVerifier.verifyClaims(JWTVerifier.java:376)
> ~[java-jwt-3.3.0.jar!/:?]
> at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:355)
> ~[java-jwt-3.3.0.jar!/:?]
> at
> com.duosecurity.DuoIdTokenValidator.validateAndDecode(DuoIdTokenValidator.java:73)
>
> ~[duo-universal-sdk-1.1.3.jar!/:?]
> ... 137 more
> 2022-02-17 20:14:10,480 ERROR
> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] -
> <1 errors, 0 successes>
> org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
> successes
> at
> org.apereo.cas.authentication.DefaultAuthenticationManager.evaluateFinalAuthentication(DefaultAuthenticationManager.java:348)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:326)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:68)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
>
> ~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
> at jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown
> Source) ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at com.sun.proxy.$Proxy226.authenticate(Unknown Source) ~[?:?]
> at
> org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:33)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:60)
>
> ~[cas-server-core-authentication-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.handleAuthenticationTransactionAndGrantTicketGrantingTicket(AbstractCasWebflowEventResolver.java:158)
>
> ~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveInternal(DuoSecurityAuthenticationWebflowEventResolver.java:30)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:107)
>
> ~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:112)
>
> ~[cas-server-core-webflow-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.web.flow.DuoSecurityAuthenticationWebflowEventResolver.resolveSingle(DuoSecurityAuthenticationWebflowEventResolver.java:38)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at jdk.internal.reflect.GeneratedMethodAccessor205.invoke(Unknown
> Source) ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:186)
>
> ~[inspektr-audit-1.8.17.GA.jar!/:1.8.17.GA]
> at jdk.internal.reflect.GeneratedMethodAccessor126.invoke(Unknown
> Source) ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
>
> ~[spring-aop-5.3.15.jar!/:5.3.15]
> at com.sun.proxy.$Proxy229.resolveSingle(Unknown Source) ~[?:?]
> at
> org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityAuthenticationWebflowAction.doExecute(DuoSecurityAuthenticationWebflowAction.java:23)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.doExecute(DuoSecurityUniversalPromptValidateLoginAction.java:71)
>
> ~[cas-server-support-duo-core-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at org.springframework.webflow.engine.State.enter(State.java:194)
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at org.springframework.webflow.engine.Flow.start(Flow.java:527)
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264)
>
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
>
> ~[spring-webmvc-5.3.15.jar!/:5.3.15]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62)
>
> ~[cas-server-core-web-api-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204)
>
> ~[spring-security-web-5.6.1.jar!/:5.6.1]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
>
> ~[spring-security-web-5.6.1.jar!/:5.6.1]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
>
> ~[spring-boot-actuator-2.6.3.jar!/:2.6.3]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:104)
>
> ~[cas-server-core-logging-6.5.0-SNAPSHOT.jar!/:6.5.0-SNAPSHOT]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
>
> ~[inspektr-common-1.8.17.GA.jar!/:1.8.17.GA]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
> ~[spring-web-5.3.15.jar!/:5.3.15]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
>
> ~[tomcat-catalina-9.0.58.jar!/:9.0.58]
> at org.apache.catalina.core.Stand
>
> ---
>
>
> The things that stand out to me are:
>
> <Duo returned an Invalid response with message [Access forbidden] and
> detail [Wrong integration type for this API.] when determining user
> account. This maybe a configuration error in the admin request and Duo will
> still be considered available.>
> [1;31m2022-02-17 20:05:49,874 ERROR
> [org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler] - <ID
> Token verification failed>
>
> and I'm not sure where to begin looking.
>
> We are using CAS Snapshot 6.5.0 from 2/10/22.
>
> It is weird, when I reboot the server, restarting all services, it works
> for a few minutes for everyone, but then dies out fairly quickly. I'm just
> not sure where or what to check for this because it starts out working and
> then stops working.
>
> 6.5.0-SNAPSHOT 2/10/22, 5:07 PM
> 6.5.0-SNAPSHOT 2/10/22, 5:07 PM
> 6.5.0-SNAPSHOT 2/10/22, 5:07 PM
> 6.5.0-SNAPSHOT 2/10/22, 5:07 PM
> 6.5.0-SNAPSHOT 2/10/22, 5:07 PM
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2050fab9-68d9-4a9e-bf36-c36619d4aeedn%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2050fab9-68d9-4a9e-bf36-c36619d4aeedn%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e4b4381-1136-41b2-9589-f35df02c969en%40apereo.org.
