Re: [cas-user] CAS 7 MFA broken since last build

Javi Finarfin Fri, 03 Nov 2023 08:16:13 -0700

Live debugging...

El vie, 3 nov 2023 14:08, Frédéric Dussurget <[email protected]>
escribió:


> Hi Javi,
> how do you "add" this endpoint ? through your service ? or do you mean in
> the  cas.monitor.endpoints.endpoint section of your cas properties ?
> Thanks a lot ...
> Fred
>
> Le jeudi 2 novembre 2023 à 18:40:43 UTC+1, Javi Finarfin a écrit :
>
>> > For the record, it *looks like* it needs a service parameter, but I´m
>> yet receiving a 403
>>
>> This yet I don't know if it's necessary
>>
>> Because it was a security problem, while debugging I added the endpoint
>> manually
>> here: 
>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter.configureHttpSecurity(HttpSecurity)
>>
>> With that, there was no 403, but I get a 500 instead:
>>
>> > 2023-11-02 15:44:19,366 TRACE
>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>> - <Set SecurityContextHolder to AnonymousAuthenticationToken
>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true,
>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
>> 2023-11-02 15:44:19,366 ERROR
>> [org.apereo.cas.web.support.filters.AbstractSecurityFilter] - <No adapter
>> for handler [[FlowHandlerMapping.DefaultFlowHandler@25be570b]]: The
>> DispatcherServlet configuration needs to include a HandlerAdapter that
>> supports this handler>
>> jakarta.servlet.ServletException: No adapter for handler
>> [[FlowHandlerMapping.DefaultFlowHandler@25be570b]]: The
>> DispatcherServlet configuration needs to include a HandlerAdapter that
>> supports this handler
>> at
>> org.springframework.web.servlet.DispatcherServlet.getHandlerAdapter(DispatcherServlet.java:1321)
>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>> at
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1069)
>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>> El martes, 31 de octubre de 2023 a las 11:30:52 UTC, Javi Finarfin
>> escribió:
>>
>>> For the record, it *looks like* it needs a service parameter, but I´m
>>> yet receiving a 403
>>>
>>> El miércoles, 25 de octubre de 2023 a las 14:45:17 UTC+1, Frédéric
>>> Dussurget escribió:
>>>
>>>> Hi all,
>>>> update : webauthn mfa now works (today's cas-overlay-template build)
>>>> ... which is great.
>>>>
>>>> But I still have an issue with mfa-gauth when I try to register my
>>>> device (when submitting the OTP from gauth compliant app) :
>>>>
>>>> jquery.min.js:2
>>>> POST https://cas-pp.universite-lyon.fr/cas/mfa-gauth 401 (Unauthorized)
>>>>
>>>> send @ jquery.min.js:2
>>>> ajax @ jquery.min.js:2
>>>> ce.<computed> @ jquery.min.js:2
>>>> (anonymous) @ login:261
>>>>
>>>>
>>>> Le mercredi 18 octobre 2023 à 12:41:56 UTC+2, Frédéric Dussurget a
>>>> écrit :
>>>>
>>>>> Hi
>>>>> For further investigations, I flushed the redis db (just kept my 3
>>>>> services)
>>>>> For both MFA provider (gauth and web-authn) I'm being asked to
>>>>> register my devices. (It wasn't the cas before flushing the db, after
>>>>> login/pwd authentication I falled back immediatly on the same login form.)
>>>>> So I guess, the devices I registered on the end of august are stored
>>>>> in a format that is just no more compatible with the newer builds ?
>>>>>
>>>>> (Note that the mfa slector menu is back from this morning
>>>>> cas-overlay-template build)
>>>>>
>>>>> But, that still does'nt work, I have the failure popup : "Unable to
>>>>> accept this token. The given token is invalid, does not belong to the
>>>>> device or has expired."
>>>>>
>>>>> Here are errors in the browsers (tested in FF and Chrome) consoles :
>>>>>
>>>>> About gauth attempt :
>>>>>
>>>>> jquery.min.js:2
>>>>>
>>>>>
>>>>>        POST https://casblah-myuniversity.fr/cas/mfa-gauth 401
>>>>> (Unauthorized)
>>>>> send @ jquery.min.js:2
>>>>> ajax @ jquery.min.js:2
>>>>> ce.<computed> @ jquery.min.js:2
>>>>> (anonymous) @
>>>>> login?service=https%3A%2F%2Fblah.blah.blah%3A9447%2Fprotected:351
>>>>>
>>>>> maybe here ->
>>>>> [...]try{r.send(i.hasContent&&i.data||null)}catch(e){if(o)throw [...]
>>>>>
>>>>>
>>>>> About web-authn attempt :
>>>>>
>>>>> login:6
>>>>>
>>>>>
>>>>>        GET https://
>>>>> asblah-myuniversity.fr/cas/webjars/text-encoding/0.7.0/lib/encoding-indexes.js
>>>>> net::ERR_ABORTED 403 (Forbidden)
>>>>> login:14
>>>>>
>>>>>
>>>>>        GET https:// asblah-myuniversity.fr
>>>>> /cas/js/webauthn/webauthn.js net::ERR_ABORTED 403 (Forbidden)
>>>>> login:8
>>>>>
>>>>>
>>>>>        GET https:// asblah-myuniversity.fr
>>>>> /cas/webjars/base64-js/1.5.1/base64js.min.js net::ERR_ABORTED 403
>>>>> (Forbidden)
>>>>> login:7
>>>>>
>>>>>
>>>>>        GET https://
>>>>> asblah-myuniversity.fr/cas/webjars/whatwg-fetch/3.6.2/dist/fetch.umd.js
>>>>> net::ERR_ABORTED 403 (Forbidden)
>>>>> login:5
>>>>>
>>>>>
>>>>>        GET https://
>>>>> asblah-myuniversity.fr/cas/webjars/text-encoding/0.7.0/lib/encoding.js
>>>>> net::ERR_ABORTED 403 (Forbidden)
>>>>>
>>>>>
>>>>> login:389 Uncaught ReferenceError: register is not defined
>>>>>     at HTMLButtonElement.<anonymous> (login:389:17)
>>>>>
>>>>>
>>>>>
>>>>> That may has something to deal with spring security but, I did not
>>>>> change anything since august. Here are my ACLs :
>>>>>
>>>>>
>>>>>   monitor:
>>>>>     endpoints:
>>>>>       endpoint:
>>>>>         defaults:
>>>>>           access: AUTHENTICATED
>>>>>         health:
>>>>>           access: IP_ADDRESS
>>>>>           requiredIpAddresses: blah blah blah
>>>>>         registeredServices:
>>>>>           access: IP_ADDRESS
>>>>>           requiredIpAddresses: blah blah blah
>>>>>         importRegisteredServices:
>>>>>           access: IP_ADDRESS
>>>>>           requiredIpAddresses: blah blah blah
>>>>>         multiFactorTrustedDevices:
>>>>>           access: IP_ADDRESS
>>>>>           requiredIpAddresses:  blah blah blah
>>>>>
>>>>> management:
>>>>>   endpoints:
>>>>>     web:
>>>>>       exposure:
>>>>>         include: '*'
>>>>>     enabled-by-default: true
>>>>>
>>>>>
>>>>> Le mardi 17 octobre 2023 à 12:43:46 UTC+2, Frédéric Dussurget a écrit :
>>>>>
>>>>>> Hi Ray,
>>>>>> thank you very much for your help. There are no ERROR message except
>>>>>> this DEBUG error 401 message at the very end :
>>>>>> 2023-10-17 12:28:46,419 DEBUG
>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>> - <Authentication request failed with [401], resulting in event [error]>
>>>>>> 2023-10-17 12:28:46,419 DEBUG
>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] -
>>>>>> <Resolved single event [error] via
>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>> for this context>
>>>>>>
>>>>>> For more information, you'll find below  the service I used (but it
>>>>>> is exactly the same as the one I used in august 2nd) ...
>>>>>> Best regards,
>>>>>>
>>>>>>     {
>>>>>>       "@class": "org.apereo.cas.services.CasRegisteredService",
>>>>>>       "serviceId": "https://
>>>>>> (testserver([123])|cas-pp)(.subdomain|).myuniversity.fr:944([678]).*"
>>>>>> ,
>>>>>>       "name": "Service Test Bootiful",
>>>>>>       "id": 48,
>>>>>>       "description": "Service de test Bootiful port 9446/7/8 MFA
>>>>>> gauth/webauthn",
>>>>>>       "evaluationOrder": 48,
>>>>>>       "attributeReleasePolicy": {
>>>>>>         "@class":
>>>>>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>>>>>>         "canonicalizationMode": null,
>>>>>>         "allowedAttributes": [
>>>>>>           "java.util.ArrayList",
>>>>>>           [
>>>>>>             "displayname mail blah givenname"
>>>>>>           ]
>>>>>>         ]
>>>>>>       },
>>>>>>       "logo": "https://cas.myuniversity.fr/logo.svg";,
>>>>>>       "accessStrategy": {
>>>>>>         "@class":
>>>>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>>>>>>         "requireAllAttributes": false,
>>>>>>         "requiredAttributes": {
>>>>>>           "@class": "java.util.LinkedHashMap",
>>>>>>           "memberOf": [
>>>>>>             "java.util.HashSet",
>>>>>>             [
>>>>>>               "OU=blahblah",
>>>>>>               "OU=blahblah",
>>>>>>               "DC=blahblah",
>>>>>>               "DC=myuniversity",
>>>>>>               "CN=casmanagers",
>>>>>>               "DC=fr"
>>>>>>             ]
>>>>>>           ]
>>>>>>         }
>>>>>>       },
>>>>>>
>>>>>> Le mardi 17 octobre 2023 à 04:22:16 UTC+2, Ray Bon a écrit :
>>>>>>
>>>>>>> Frédéric,
>>>>>>>
>>>>>>> Are there any error messages in the logs?
>>>>>>>
>>>>>>> Ray
>>>>>>>
>>>>>>> On Fri, 2023-10-13 at 06:26 -0700, Frédéric Dussurget wrote:
>>>>>>>
>>>>>>> Notice: This message was sent from outside the University of
>>>>>>> Victoria email system. Please be cautious with links and sensitive
>>>>>>> information.
>>>>>>>
>>>>>>> Hi,
>>>>>>> latest build broke MFA (both gauth and web-authn). I have kept
>>>>>>> besides a cas.war from august 22nd which is working fine with the exact
>>>>>>> same build.gradle deps and /etc/cas/config/cas/yml config. One 
>>>>>>> difference
>>>>>>> is that the new cas.war was compiled and run (external tomcat) with 
>>>>>>> openjdk
>>>>>>> 21 vs the other one  was compiled and run with openjdk17
>>>>>>> DB backend is Redis for everything.
>>>>>>>
>>>>>>> Thanks if anyone could help ...
>>>>>>> Regards,
>>>>>>>
>>>>>>> Fred
>>>>>>>
>>>>>>> Here are the deps I'm using :
>>>>>>>
>>>>>>> build.gradle :
>>>>>>>
>>>>>>>     // ### MFA ###
>>>>>>>
>>>>>>>     //MFA TOTP
>>>>>>>     implementation
>>>>>>> "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}"
>>>>>>>     implementation
>>>>>>> "org.apereo.cas:cas-server-support-gauth-redis:${project.'cas.version'}"
>>>>>>>
>>>>>>>     // MFA FIDO2 WEBAUTHN
>>>>>>>     implementation
>>>>>>> "org.apereo.cas:cas-server-support-webauthn:${project.'cas.version'}"
>>>>>>>     implementation
>>>>>>> "org.apereo.cas:cas-server-support-webauthn-redis:${project.'cas.version'}"
>>>>>>>
>>>>>>>     //MFA TRUSTED DEVICE
>>>>>>>     implementation
>>>>>>> "org.apereo.cas:cas-server-support-trusted-mfa:${project.'cas.version'}"
>>>>>>>     implementation
>>>>>>> "org.apereo.cas:cas-server-support-trusted-mfa-redis:
>>>>>>> ${project.'cas.version'}"
>>>>>>>
>>>>>>> Here is the MFA block in my cas.yml :
>>>>>>>
>>>>>>>     mfa:
>>>>>>>       core:
>>>>>>>         provider-selection-enabled: true
>>>>>>>       gauth:
>>>>>>>         core:
>>>>>>>           issuer: CASIssuer
>>>>>>>           label: Blah
>>>>>>>           scratch-codes.encryption.key: blah-blah-blah
>>>>>>>         name: OATH Authentification
>>>>>>>         crypto:
>>>>>>>           encryption:
>>>>>>>             key: blah-blah-blah
>>>>>>>           signing:
>>>>>>>             key: blah-blah-blah
>>>>>>>         redis:
>>>>>>>           host: localhost
>>>>>>>           port: 6379
>>>>>>>           username: default
>>>>>>>           password: blah-blah-blah
>>>>>>>           sentinel:
>>>>>>>             node[0]: blah-blah-blah:26379
>>>>>>>             node[1]: blah-blah-blah:26379
>>>>>>>             node[2]: blah-blah-blah:26379
>>>>>>>             master: instancecas
>>>>>>>
>>>>>>>       web-authn:
>>>>>>>         core:
>>>>>>>           relying-party-id: blah-blah-blah.fr
>>>>>>>           relying-party-name: blah-blah-blah
>>>>>>>           allowed-origins: blah-blah-blah
>>>>>>>           trusted-device-enabled: false
>>>>>>>           application-id: blah-blah-blah
>>>>>>>         crypto:
>>>>>>>           encryption:
>>>>>>>             key: blah-blah-blah
>>>>>>>           signing:
>>>>>>>             key: blah-blah-blah
>>>>>>>         redis:
>>>>>>>           host: localhost
>>>>>>>           port: 6379
>>>>>>>           username: default
>>>>>>>           password: blah-blah-blah
>>>>>>>           sentinel:
>>>>>>>             node[0]: blah-blah-blah:26379
>>>>>>>             node[1]: blah-blah-blah:26379
>>>>>>>             node[2]: blah-blah-blah:26379
>>>>>>>             master: instancecas
>>>>>>>
>>>>>>>       trusted:
>>>>>>>         core:
>>>>>>>           auto-assign-device-name: true
>>>>>>>           device-registration-enabled: true
>>>>>>>           authentication-context-attribute:
>>>>>>> isFromTrustedMultifactorAuthentication
>>>>>>>         redis:
>>>>>>>           host: localhost
>>>>>>>           port: 6379
>>>>>>>           username: default
>>>>>>>           password: blah-blah-blah
>>>>>>>           sentinel:
>>>>>>>             node[0]: blah-blah-blah:26379
>>>>>>>             node[1]: blah-blah-blah:26379
>>>>>>>             node[2]: blah-blah-blah:26379
>>>>>>>             master: instancecas
>>>>>>>         crypto:
>>>>>>>           enabled: true
>>>>>>>           signing:
>>>>>>>             key: blah-blah-blah
>>>>>>>           encryption:
>>>>>>>             key: blah-blah-blah
>>>>>>>         device-fingerprint:
>>>>>>>           cookie:
>>>>>>>             crypto:
>>>>>>>               enabled: true
>>>>>>>               signing:
>>>>>>>                 key: blah-blah-blah
>>>>>>>               encryption:
>>>>>>>                 key: blah-blah-blah
>>>>>>>
>>>>>>> And the stacktrace :
>>>>>>>
>>>>>>> 2023-10-13 11:19:17,196 DEBUG
>>>>>>> [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing 
>>>>>>> service
>>>>>>> in context scope: [https://blah-blah-blah:9447/protected]>
>>>>>>> 2023-10-13 11:19:17,196 DEBUG
>>>>>>> [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing
>>>>>>> registered service [https://blah-blah-blah] with id [48] in context
>>>>>>> scope>
>>>>>>>
>>>>>>> 2023-10-13 11:19:17,197 DEBUG
>>>>>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy]
>>>>>>> - <Evaluating authentication policy
>>>>>>> [DefaultRegisteredServiceAuthenticationPolicy(
>>>>>>> requiredAuthenticationHandlers=[],excludedAuthenticationHandlers=[],
>>>>>>> criteria=null)] for [Service Test Bootiful]>
>>>>>>>
>>>>>>> 2023-10-13 11:19:17,197 DEBUG
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] 
>>>>>>> -
>>>>>>> <Resolved single event [success] via
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver]
>>>>>>> for this context>
>>>>>>> 2023-10-13 11:19:27,246 DEBUG
>>>>>>> [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to
>>>>>>> [FlowHandlerMapping.DefaultFlowHandler@4fcf6be1]>
>>>>>>> 2023-10-13 11:19:27,250 DEBUG
>>>>>>> [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to
>>>>>>> [FlowHandlerMapping.DefaultFlowHandler@dacb3f2]>
>>>>>>> 2023-10-13 11:19:27,260 DEBUG
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver]
>>>>>>> - <Request is not eligible to be issued service tickets just yet>
>>>>>>>
>>>>>>> 2023-10-13 11:19:27,276 WARN
>>>>>>> [org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher]
>>>>>>> - <No person records were fetched from attribute repositories for [{
>>>>>>> principal=frederic.dussurget, blah blah, username
>>>>>>> =frederic.dussurget,service=https://blah-blah-blah:9447/protected}]>
>>>>>>>
>>>>>>> 2023-10-13 11:19:27,280 WARN
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>> - <Name is null>
>>>>>>> java.lang.NullPointerException: Name is null
>>>>>>>         at java.lang.Enum.valueOf(Enum.java:291) ~[?:?]
>>>>>>>         at
>>>>>>> org.apereo.services.persondir.util.CaseCanonicalizationMode.valueOf(CaseCanonicalizationMode.java:26)
>>>>>>> ~[person-directory-impl-3.0.1.jar:?]
>>>>>>>         at
>>>>>>> org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy.returnFinalAttributesCollection(AbstractRegisteredServiceAttributeReleasePolicy.java:250)
>>>>>>> ~[cas-server-core-authentication-attributes-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy.getAttributes(AbstractRegisteredServiceAttributeReleasePolicy.java:134)
>>>>>>> ~[cas-server-core-authentication-attributes-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.determineRegisteredServiceForEvent(DefaultCasDelegatingWebflowEventResolver.java:180)
>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.resolveInternal(DefaultCasDelegatingWebflowEventResolver.java:82)
>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:48)
>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:53)
>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.lambda$doExecuteInternal$0(AbstractAuthenticationAction.java:63)
>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.jooq.lambda.Unchecked.lambda$supplier$38(Unchecked.java:1695)
>>>>>>> ~[jool-0.9.15.jar:?]
>>>>>>>         at
>>>>>>> org.apereo.cas.util.function.FunctionUtils.doUnchecked(FunctionUtils.java:449)
>>>>>>> ~[cas-server-core-util-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecuteInternal(AbstractAuthenticationAction.java:41)
>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.flow.actions.BaseCasWebflowAction.doExecute(BaseCasWebflowAction.java:38)
>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.State.enter(State.java:194)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.ViewState.resume(ViewState.java:195)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.Flow.resume(Flow.java:537)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:254)
>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>         at
>>>>>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1086)
>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1011)
>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
>>>>>>> ~[servlet-api.jar:6.0]
>>>>>>>         at
>>>>>>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
>>>>>>> ~[servlet-api.jar:6.0]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
>>>>>>> ~[tomcat-websocket.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.web.servlet.resource.ResourceUrlEncodingFilter.doFilter(ResourceUrlEncodingFilter.java:66)
>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:391)
>>>>>>> ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:177)
>>>>>>> ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62)
>>>>>>> ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.boot.actuate.web.exchanges.servlet.HttpExchangesFilter.doFilterInternal(HttpExchangesFilter.java:89)
>>>>>>> ~[spring-boot-actuator-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:168)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95)
>>>>>>> ~[cas-server-core-logging-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:124)
>>>>>>> ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:99)
>>>>>>> ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117)
>>>>>>> ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:55)
>>>>>>> ~[cas-server-core-audit-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
>>>>>>> ~[log4j-jakarta-web-2.20.0.jar:2.20.0]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:676)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:738)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894)
>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
>>>>>>> ~[tomcat-util.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
>>>>>>> ~[tomcat-util.jar:10.1.9]
>>>>>>>         at
>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>>>>> ~[tomcat-util.jar:10.1.9]
>>>>>>>         at java.lang.Thread.run(Thread.java:1583) [?:?]
>>>>>>> 2023-10-13 11:19:27,280 DEBUG
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>> - <Authentication request failed with [401], resulting in event [error]>
>>>>>>> 2023-10-13 11:19:27,280 DEBUG
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] 
>>>>>>> -
>>>>>>> <Resolved single event [error] via
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>> for this context>
>>>>>>>
>>>>>>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJxj6hdocMyLjkR_cFfRUp9G4L4b0%2Bhvaey55fDukWc86Ki27g%40mail.gmail.com.

Re: [cas-user] CAS 7 MFA broken since last build

Reply via email to