Re: [cas-user] CAS 7 MFA broken since last build

Fri, 03 Nov 2023 08:16:17 -0700 

I guess you can always
overwrite 
org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter.configureHttpSecurity(HttpSecurity)

El vie, 3 nov 2023 a las 14:09, Javi Finarfin (<[email protected]>)
escribió:

> Live debugging...
>
> El vie, 3 nov 2023 14:08, Frédéric Dussurget <[email protected]>
> escribió:
>
>> Hi Javi,
>> how do you "add" this endpoint ? through your service ? or do you mean in
>> the  cas.monitor.endpoints.endpoint section of your cas properties ?
>> Thanks a lot ...
>> Fred
>>
>> Le jeudi 2 novembre 2023 à 18:40:43 UTC+1, Javi Finarfin a écrit :
>>
>>> > For the record, it *looks like* it needs a service parameter, but I´m
>>> yet receiving a 403
>>>
>>> This yet I don't know if it's necessary
>>>
>>> Because it was a security problem, while debugging I added the endpoint
>>> manually
>>> here: 
>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter.configureHttpSecurity(HttpSecurity)
>>>
>>> With that, there was no 403, but I get a 500 instead:
>>>
>>> > 2023-11-02 15:44:19,366 TRACE
>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken
>>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true,
>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
>>> 2023-11-02 15:44:19,366 ERROR
>>> [org.apereo.cas.web.support.filters.AbstractSecurityFilter] - <No adapter
>>> for handler [[FlowHandlerMapping.DefaultFlowHandler@25be570b]]: The
>>> DispatcherServlet configuration needs to include a HandlerAdapter that
>>> supports this handler>
>>> jakarta.servlet.ServletException: No adapter for handler
>>> [[FlowHandlerMapping.DefaultFlowHandler@25be570b]]: The
>>> DispatcherServlet configuration needs to include a HandlerAdapter that
>>> supports this handler
>>> at
>>> org.springframework.web.servlet.DispatcherServlet.getHandlerAdapter(DispatcherServlet.java:1321)
>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>> at
>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1069)
>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>> El martes, 31 de octubre de 2023 a las 11:30:52 UTC, Javi Finarfin
>>> escribió:
>>>
>>>> For the record, it *looks like* it needs a service parameter, but I´m
>>>> yet receiving a 403
>>>>
>>>> El miércoles, 25 de octubre de 2023 a las 14:45:17 UTC+1, Frédéric
>>>> Dussurget escribió:
>>>>
>>>>> Hi all,
>>>>> update : webauthn mfa now works (today's cas-overlay-template build)
>>>>> ... which is great.
>>>>>
>>>>> But I still have an issue with mfa-gauth when I try to register my
>>>>> device (when submitting the OTP from gauth compliant app) :
>>>>>
>>>>> jquery.min.js:2
>>>>> POST https://cas-pp.universite-lyon.fr/cas/mfa-gauth 401
>>>>> (Unauthorized)
>>>>>
>>>>> send @ jquery.min.js:2
>>>>> ajax @ jquery.min.js:2
>>>>> ce.<computed> @ jquery.min.js:2
>>>>> (anonymous) @ login:261
>>>>>
>>>>>
>>>>> Le mercredi 18 octobre 2023 à 12:41:56 UTC+2, Frédéric Dussurget a
>>>>> écrit :
>>>>>
>>>>>> Hi
>>>>>> For further investigations, I flushed the redis db (just kept my 3
>>>>>> services)
>>>>>> For both MFA provider (gauth and web-authn) I'm being asked to
>>>>>> register my devices. (It wasn't the cas before flushing the db, after
>>>>>> login/pwd authentication I falled back immediatly on the same login 
>>>>>> form.)
>>>>>> So I guess, the devices I registered on the end of august are stored
>>>>>> in a format that is just no more compatible with the newer builds ?
>>>>>>
>>>>>> (Note that the mfa slector menu is back from this morning
>>>>>> cas-overlay-template build)
>>>>>>
>>>>>> But, that still does'nt work, I have the failure popup : "Unable to
>>>>>> accept this token. The given token is invalid, does not belong to the
>>>>>> device or has expired."
>>>>>>
>>>>>> Here are errors in the browsers (tested in FF and Chrome) consoles :
>>>>>>
>>>>>> About gauth attempt :
>>>>>>
>>>>>> jquery.min.js:2
>>>>>>
>>>>>>
>>>>>>        POST https://casblah-myuniversity.fr/cas/mfa-gauth 401
>>>>>> (Unauthorized)
>>>>>> send @ jquery.min.js:2
>>>>>> ajax @ jquery.min.js:2
>>>>>> ce.<computed> @ jquery.min.js:2
>>>>>> (anonymous) @
>>>>>> login?service=https%3A%2F%2Fblah.blah.blah%3A9447%2Fprotected:351
>>>>>>
>>>>>> maybe here ->
>>>>>> [...]try{r.send(i.hasContent&&i.data||null)}catch(e){if(o)throw [...]
>>>>>>
>>>>>>
>>>>>> About web-authn attempt :
>>>>>>
>>>>>> login:6
>>>>>>
>>>>>>
>>>>>>        GET https://
>>>>>> asblah-myuniversity.fr/cas/webjars/text-encoding/0.7.0/lib/encoding-indexes.js
>>>>>> net::ERR_ABORTED 403 (Forbidden)
>>>>>> login:14
>>>>>>
>>>>>>
>>>>>>        GET https:// asblah-myuniversity.fr
>>>>>> /cas/js/webauthn/webauthn.js net::ERR_ABORTED 403 (Forbidden)
>>>>>> login:8
>>>>>>
>>>>>>
>>>>>>        GET https:// asblah-myuniversity.fr
>>>>>> /cas/webjars/base64-js/1.5.1/base64js.min.js net::ERR_ABORTED 403
>>>>>> (Forbidden)
>>>>>> login:7
>>>>>>
>>>>>>
>>>>>>        GET https://
>>>>>> asblah-myuniversity.fr/cas/webjars/whatwg-fetch/3.6.2/dist/fetch.umd.js
>>>>>> net::ERR_ABORTED 403 (Forbidden)
>>>>>> login:5
>>>>>>
>>>>>>
>>>>>>        GET https://
>>>>>> asblah-myuniversity.fr/cas/webjars/text-encoding/0.7.0/lib/encoding.js
>>>>>> net::ERR_ABORTED 403 (Forbidden)
>>>>>>
>>>>>>
>>>>>> login:389 Uncaught ReferenceError: register is not defined
>>>>>>     at HTMLButtonElement.<anonymous> (login:389:17)
>>>>>>
>>>>>>
>>>>>>
>>>>>> That may has something to deal with spring security but, I did not
>>>>>> change anything since august. Here are my ACLs :
>>>>>>
>>>>>>
>>>>>>   monitor:
>>>>>>     endpoints:
>>>>>>       endpoint:
>>>>>>         defaults:
>>>>>>           access: AUTHENTICATED
>>>>>>         health:
>>>>>>           access: IP_ADDRESS
>>>>>>           requiredIpAddresses: blah blah blah
>>>>>>         registeredServices:
>>>>>>           access: IP_ADDRESS
>>>>>>           requiredIpAddresses: blah blah blah
>>>>>>         importRegisteredServices:
>>>>>>           access: IP_ADDRESS
>>>>>>           requiredIpAddresses: blah blah blah
>>>>>>         multiFactorTrustedDevices:
>>>>>>           access: IP_ADDRESS
>>>>>>           requiredIpAddresses:  blah blah blah
>>>>>>
>>>>>> management:
>>>>>>   endpoints:
>>>>>>     web:
>>>>>>       exposure:
>>>>>>         include: '*'
>>>>>>     enabled-by-default: true
>>>>>>
>>>>>>
>>>>>> Le mardi 17 octobre 2023 à 12:43:46 UTC+2, Frédéric Dussurget a
>>>>>> écrit :
>>>>>>
>>>>>>> Hi Ray,
>>>>>>> thank you very much for your help. There are no ERROR message except
>>>>>>> this DEBUG error 401 message at the very end :
>>>>>>> 2023-10-17 12:28:46,419 DEBUG
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>> - <Authentication request failed with [401], resulting in event [error]>
>>>>>>> 2023-10-17 12:28:46,419 DEBUG
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] 
>>>>>>> -
>>>>>>> <Resolved single event [error] via
>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>> for this context>
>>>>>>>
>>>>>>> For more information, you'll find below  the service I used (but it
>>>>>>> is exactly the same as the one I used in august 2nd) ...
>>>>>>> Best regards,
>>>>>>>
>>>>>>>     {
>>>>>>>       "@class": "org.apereo.cas.services.CasRegisteredService",
>>>>>>>       "serviceId": "https://
>>>>>>> (testserver([123])|cas-pp)(.subdomain|).myuniversity.fr:944
>>>>>>> ([678]).*",
>>>>>>>       "name": "Service Test Bootiful",
>>>>>>>       "id": 48,
>>>>>>>       "description": "Service de test Bootiful port 9446/7/8 MFA
>>>>>>> gauth/webauthn",
>>>>>>>       "evaluationOrder": 48,
>>>>>>>       "attributeReleasePolicy": {
>>>>>>>         "@class":
>>>>>>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>>>>>>>         "canonicalizationMode": null,
>>>>>>>         "allowedAttributes": [
>>>>>>>           "java.util.ArrayList",
>>>>>>>           [
>>>>>>>             "displayname mail blah givenname"
>>>>>>>           ]
>>>>>>>         ]
>>>>>>>       },
>>>>>>>       "logo": "https://cas.myuniversity.fr/logo.svg";,
>>>>>>>       "accessStrategy": {
>>>>>>>         "@class":
>>>>>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>>>>>>>         "requireAllAttributes": false,
>>>>>>>         "requiredAttributes": {
>>>>>>>           "@class": "java.util.LinkedHashMap",
>>>>>>>           "memberOf": [
>>>>>>>             "java.util.HashSet",
>>>>>>>             [
>>>>>>>               "OU=blahblah",
>>>>>>>               "OU=blahblah",
>>>>>>>               "DC=blahblah",
>>>>>>>               "DC=myuniversity",
>>>>>>>               "CN=casmanagers",
>>>>>>>               "DC=fr"
>>>>>>>             ]
>>>>>>>           ]
>>>>>>>         }
>>>>>>>       },
>>>>>>>
>>>>>>> Le mardi 17 octobre 2023 à 04:22:16 UTC+2, Ray Bon a écrit :
>>>>>>>
>>>>>>>> Frédéric,
>>>>>>>>
>>>>>>>> Are there any error messages in the logs?
>>>>>>>>
>>>>>>>> Ray
>>>>>>>>
>>>>>>>> On Fri, 2023-10-13 at 06:26 -0700, Frédéric Dussurget wrote:
>>>>>>>>
>>>>>>>> Notice: This message was sent from outside the University of
>>>>>>>> Victoria email system. Please be cautious with links and sensitive
>>>>>>>> information.
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>> latest build broke MFA (both gauth and web-authn). I have kept
>>>>>>>> besides a cas.war from august 22nd which is working fine with the exact
>>>>>>>> same build.gradle deps and /etc/cas/config/cas/yml config. One 
>>>>>>>> difference
>>>>>>>> is that the new cas.war was compiled and run (external tomcat) with 
>>>>>>>> openjdk
>>>>>>>> 21 vs the other one  was compiled and run with openjdk17
>>>>>>>> DB backend is Redis for everything.
>>>>>>>>
>>>>>>>> Thanks if anyone could help ...
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Fred
>>>>>>>>
>>>>>>>> Here are the deps I'm using :
>>>>>>>>
>>>>>>>> build.gradle :
>>>>>>>>
>>>>>>>>     // ### MFA ###
>>>>>>>>
>>>>>>>>     //MFA TOTP
>>>>>>>>     implementation
>>>>>>>> "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}"
>>>>>>>>     implementation
>>>>>>>> "org.apereo.cas:cas-server-support-gauth-redis:${project.'cas.version'}"
>>>>>>>>
>>>>>>>>     // MFA FIDO2 WEBAUTHN
>>>>>>>>     implementation
>>>>>>>> "org.apereo.cas:cas-server-support-webauthn:${project.'cas.version'}"
>>>>>>>>     implementation
>>>>>>>> "org.apereo.cas:cas-server-support-webauthn-redis:${project.'cas.version'}"
>>>>>>>>
>>>>>>>>     //MFA TRUSTED DEVICE
>>>>>>>>     implementation
>>>>>>>> "org.apereo.cas:cas-server-support-trusted-mfa:${project.'cas.version'}"
>>>>>>>>     implementation
>>>>>>>> "org.apereo.cas:cas-server-support-trusted-mfa-redis:
>>>>>>>> ${project.'cas.version'}"
>>>>>>>>
>>>>>>>> Here is the MFA block in my cas.yml :
>>>>>>>>
>>>>>>>>     mfa:
>>>>>>>>       core:
>>>>>>>>         provider-selection-enabled: true
>>>>>>>>       gauth:
>>>>>>>>         core:
>>>>>>>>           issuer: CASIssuer
>>>>>>>>           label: Blah
>>>>>>>>           scratch-codes.encryption.key: blah-blah-blah
>>>>>>>>         name: OATH Authentification
>>>>>>>>         crypto:
>>>>>>>>           encryption:
>>>>>>>>             key: blah-blah-blah
>>>>>>>>           signing:
>>>>>>>>             key: blah-blah-blah
>>>>>>>>         redis:
>>>>>>>>           host: localhost
>>>>>>>>           port: 6379
>>>>>>>>           username: default
>>>>>>>>           password: blah-blah-blah
>>>>>>>>           sentinel:
>>>>>>>>             node[0]: blah-blah-blah:26379
>>>>>>>>             node[1]: blah-blah-blah:26379
>>>>>>>>             node[2]: blah-blah-blah:26379
>>>>>>>>             master: instancecas
>>>>>>>>
>>>>>>>>       web-authn:
>>>>>>>>         core:
>>>>>>>>           relying-party-id: blah-blah-blah.fr
>>>>>>>>           relying-party-name: blah-blah-blah
>>>>>>>>           allowed-origins: blah-blah-blah
>>>>>>>>           trusted-device-enabled: false
>>>>>>>>           application-id: blah-blah-blah
>>>>>>>>         crypto:
>>>>>>>>           encryption:
>>>>>>>>             key: blah-blah-blah
>>>>>>>>           signing:
>>>>>>>>             key: blah-blah-blah
>>>>>>>>         redis:
>>>>>>>>           host: localhost
>>>>>>>>           port: 6379
>>>>>>>>           username: default
>>>>>>>>           password: blah-blah-blah
>>>>>>>>           sentinel:
>>>>>>>>             node[0]: blah-blah-blah:26379
>>>>>>>>             node[1]: blah-blah-blah:26379
>>>>>>>>             node[2]: blah-blah-blah:26379
>>>>>>>>             master: instancecas
>>>>>>>>
>>>>>>>>       trusted:
>>>>>>>>         core:
>>>>>>>>           auto-assign-device-name: true
>>>>>>>>           device-registration-enabled: true
>>>>>>>>           authentication-context-attribute:
>>>>>>>> isFromTrustedMultifactorAuthentication
>>>>>>>>         redis:
>>>>>>>>           host: localhost
>>>>>>>>           port: 6379
>>>>>>>>           username: default
>>>>>>>>           password: blah-blah-blah
>>>>>>>>           sentinel:
>>>>>>>>             node[0]: blah-blah-blah:26379
>>>>>>>>             node[1]: blah-blah-blah:26379
>>>>>>>>             node[2]: blah-blah-blah:26379
>>>>>>>>             master: instancecas
>>>>>>>>         crypto:
>>>>>>>>           enabled: true
>>>>>>>>           signing:
>>>>>>>>             key: blah-blah-blah
>>>>>>>>           encryption:
>>>>>>>>             key: blah-blah-blah
>>>>>>>>         device-fingerprint:
>>>>>>>>           cookie:
>>>>>>>>             crypto:
>>>>>>>>               enabled: true
>>>>>>>>               signing:
>>>>>>>>                 key: blah-blah-blah
>>>>>>>>               encryption:
>>>>>>>>                 key: blah-blah-blah
>>>>>>>>
>>>>>>>> And the stacktrace :
>>>>>>>>
>>>>>>>> 2023-10-13 11:19:17,196 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing 
>>>>>>>> service
>>>>>>>> in context scope: [https://blah-blah-blah:9447/protected]>
>>>>>>>> 2023-10-13 11:19:17,196 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing
>>>>>>>> registered service [https://blah-blah-blah] with id [48] in
>>>>>>>> context scope>
>>>>>>>>
>>>>>>>> 2023-10-13 11:19:17,197 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy]
>>>>>>>> - <Evaluating authentication policy
>>>>>>>> [DefaultRegisteredServiceAuthenticationPolicy(
>>>>>>>> requiredAuthenticationHandlers=[],excludedAuthenticationHandlers
>>>>>>>> =[],criteria=null)] for [Service Test Bootiful]>
>>>>>>>>
>>>>>>>> 2023-10-13 11:19:17,197 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver]
>>>>>>>>  -
>>>>>>>> <Resolved single event [success] via
>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver]
>>>>>>>> for this context>
>>>>>>>> 2023-10-13 11:19:27,246 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to
>>>>>>>> [FlowHandlerMapping.DefaultFlowHandler@4fcf6be1]>
>>>>>>>> 2023-10-13 11:19:27,250 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to
>>>>>>>> [FlowHandlerMapping.DefaultFlowHandler@dacb3f2]>
>>>>>>>> 2023-10-13 11:19:27,260 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver]
>>>>>>>> - <Request is not eligible to be issued service tickets just yet>
>>>>>>>>
>>>>>>>> 2023-10-13 11:19:27,276 WARN
>>>>>>>> [org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher]
>>>>>>>> - <No person records were fetched from attribute repositories for [{
>>>>>>>> principal=frederic.dussurget, blah blah, username
>>>>>>>> =frederic.dussurget,service=https://blah-blah-blah:9447/protected}
>>>>>>>> ]>
>>>>>>>>
>>>>>>>> 2023-10-13 11:19:27,280 WARN
>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>>> - <Name is null>
>>>>>>>> java.lang.NullPointerException: Name is null
>>>>>>>>         at java.lang.Enum.valueOf(Enum.java:291) ~[?:?]
>>>>>>>>         at
>>>>>>>> org.apereo.services.persondir.util.CaseCanonicalizationMode.valueOf(CaseCanonicalizationMode.java:26)
>>>>>>>> ~[person-directory-impl-3.0.1.jar:?]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy.returnFinalAttributesCollection(AbstractRegisteredServiceAttributeReleasePolicy.java:250)
>>>>>>>> ~[cas-server-core-authentication-attributes-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy.getAttributes(AbstractRegisteredServiceAttributeReleasePolicy.java:134)
>>>>>>>> ~[cas-server-core-authentication-attributes-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.determineRegisteredServiceForEvent(DefaultCasDelegatingWebflowEventResolver.java:180)
>>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.resolveInternal(DefaultCasDelegatingWebflowEventResolver.java:82)
>>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:48)
>>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:53)
>>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.lambda$doExecuteInternal$0(AbstractAuthenticationAction.java:63)
>>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.jooq.lambda.Unchecked.lambda$supplier$38(Unchecked.java:1695)
>>>>>>>> ~[jool-0.9.15.jar:?]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.util.function.FunctionUtils.doUnchecked(FunctionUtils.java:449)
>>>>>>>> ~[cas-server-core-util-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecuteInternal(AbstractAuthenticationAction.java:41)
>>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.flow.actions.BaseCasWebflowAction.doExecute(BaseCasWebflowAction.java:38)
>>>>>>>> ~[cas-server-core-webflow-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.State.enter(State.java:194)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.ViewState.resume(ViewState.java:195)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.Flow.resume(Flow.java:537)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:254)
>>>>>>>> ~[spring-webflow-3.0.0.jar:3.0.0]
>>>>>>>>         at
>>>>>>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1086)
>>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
>>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1011)
>>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
>>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
>>>>>>>> ~[servlet-api.jar:6.0]
>>>>>>>>         at
>>>>>>>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
>>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
>>>>>>>> ~[servlet-api.jar:6.0]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
>>>>>>>> ~[tomcat-websocket.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.web.servlet.resource.ResourceUrlEncodingFilter.doFilter(ResourceUrlEncodingFilter.java:66)
>>>>>>>> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:391)
>>>>>>>> ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:177)
>>>>>>>> ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62)
>>>>>>>> ~[cas-server-core-web-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.boot.actuate.web.exchanges.servlet.HttpExchangesFilter.doFilterInternal(HttpExchangesFilter.java:89)
>>>>>>>> ~[spring-boot-actuator-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:168)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95)
>>>>>>>> ~[cas-server-core-logging-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:124)
>>>>>>>> ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:99)
>>>>>>>> ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117)
>>>>>>>> ~[spring-boot-3.2.0-M3.jar:3.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>>>>>>>> ~[spring-web-6.1.0-M5.jar:6.1.0-M5]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>>>>>>>> ~[spring-security-web-6.2.0-M3.jar:6.2.0-M3]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:55)
>>>>>>>> ~[cas-server-core-audit-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
>>>>>>>> ~[log4j-jakarta-web-2.20.0.jar:2.20.0]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:676)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:738)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
>>>>>>>> ~[catalina.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
>>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
>>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894)
>>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
>>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
>>>>>>>> ~[tomcat-coyote.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
>>>>>>>> ~[tomcat-util.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
>>>>>>>> ~[tomcat-util.jar:10.1.9]
>>>>>>>>         at
>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>>>>>> ~[tomcat-util.jar:10.1.9]
>>>>>>>>         at java.lang.Thread.run(Thread.java:1583) [?:?]
>>>>>>>> 2023-10-13 11:19:27,280 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>>> - <Authentication request failed with [401], resulting in event 
>>>>>>>> [error]>
>>>>>>>> 2023-10-13 11:19:27,280 DEBUG
>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver]
>>>>>>>>  -
>>>>>>>> <Resolved single event [error] via
>>>>>>>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>>>>>>>> for this context>
>>>>>>>>
>>>>>>>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJxj6hcP7uu3RjxetUR1g9cb8k0bdGca_t5kisBEu%3Dbu7WiNdg%40mail.gmail.com.

Reply via email to