Hello Hartmut, >From my side, I can't observe this interesting error in my logs, even if enabling debuging on spring webflow & security. In fact, I also try to enable debug on root logger and I obtain nothing more than I have initialy posted here.
Could you share your operational configuration in v6 ? I would like to know what look like a operational configuration :) Thanks ! Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : > After playing a bit with the loglevels (debug for spring.webflow.log.level > and spring.security.log.level), I found this. But I have no idea, if that > is the problem or what to do. > As explained earlier, 6.6.x is running fine with the same configuration. > > ... > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> > 2024-03-28 09:43:41,073 INFO > [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - > <No credentials could be extracted/detected from the current request> > 2024-03-28 09:43:41,073 INFO > [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution > disallowed; pre-execution result is 'error'> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; > result = error> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing [EvaluateAction@763bc2b expression = tokenAuthenticationAction, > resultExpression = [null]]; result = error> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.engine.Transition] - <Executing > [Transition@1b2a72b9 on = *, to = > initialAuthenticationRequestValidationCheck]> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.engine.Transition] - <Exiting state > 'tokenAuthenticationCheck'> > ... > > Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: > >> Thank Mohamed, >> >> What do you mean about enabling SSL ? My CAS management app is accessible >> via an Apache HTTPS VirtualHost that proxypass requests to a Tomcat's AJP >> Connector. It's "SSL enabled" for you ? :) >> >> Note: My CAS server use the same Apache HTTPS VirtualHost and Tomcat AJP >> connector, but is deploy another context (/cas vs /cas-management). >> >> Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : >> >>> Hello, >>> >>> I had a similar issue running cas management 6.6.4 and it was related to >>> https. >>> >>> My cas management was started with ssl disabled and this version of cas >>> management requires SSL (see the security adapter ) and in the logs it says >>> requires secure channel. >>> >>> I tried to override the adapter but finally ended up by activating ssl >>> to avoid the redirects … >>> >>> Hope it helps… >>> >>> >>> >>> >>> Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <[email protected]> a écrit : >>> >>>> Same problem on my CAS Management webapp, it ends in "too many >>>> redirects". The same configuration is working fine with CAS 6.6.x and >>>> Management 6.6.x and the certificate is valid. >>>> >>>> I can't find errors, and the ticket seems to be valid: >>>> ... >>>> 2024-03-27 07:39:34,185 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0> >>>> 2024-03-27 07:39:34,185 DEBUG >>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested >>>> original ticket id [TGT-1-********PD8Hl30-cas-dev] to >>>> [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> >>>> 2024-03-27 07:39:34,185 DEBUG >>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to >>>> decode >>>> [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket >>>> to [TGT-1-********PD8Hl30-cas-dev]> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>> executing >>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; >>>> result = valid> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>> executing [EvaluateAction@698bdaf2 expression = >>>> ticketGrantingTicketCheckAction, resultExpression = [null]]; result = >>>> valid> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Executing >>>> [Transition@109de836 on = valid, to = hasServiceCheck]> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>> 'ticketGrantingTicketCheck'> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.DecisionState] - <Entering state >>>> 'hasServiceCheck' of flow 'login'> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Executing >>>> [Transition@5efaf8bd on = flowScope.service != null, to = >>>> renewRequestCheck]> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>> 'hasServiceCheck'> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>> 'renewRequestCheck' of flow 'login'> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>> [EvaluateAction@42900422 expression = >>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] >>>> >>>> - <Evaluating authentication policy >>>> [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], >>>> >>>> excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>> executing >>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; >>>> >>>> result = proceed> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>> executing [EvaluateAction@42900422 expression = >>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]; result >>>> = >>>> proceed> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Executing >>>> [Transition@1ad0074 on = proceed, to = generateServiceTicket]> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>> 'renewRequestCheck'> >>>> 2024-03-27 07:39:34,187 DEBUG >>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>> 'generateServiceTicket' of flow 'login'> >>>> ... >>>> >>>> Regards, >>>> Hartmut >>>> Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: >>>> >>>>> Benjamin, >>>>> >>>>> The behaviour you describe happens when the service ticket can not be >>>>> validated. >>>>> cas management submits the ST to cas through a back channel over https. >>>>> If there is nothing in cas audit log about validation / failed >>>>> validation (which would give a reason for failure), it could be a >>>>> certificate problem. >>>>> >>>>> Do you have a proper/valid certificate for idp.example.tld (i.e. cert >>>>> signed by an authority)? >>>>> >>>>> If not, you may have to add it to the java keystore (assuming you have >>>>> already added it to tomcat config). >>>>> >>>>> Ray >>>>> >>>>> On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: >>>>> >>>>> Notice: This message was sent from outside the University of Victoria >>>>> email system. Please be cautious with links and sensitive information. >>>>> >>>>> >>>>> Hello, >>>>> >>>>> I'm trying to install a CAS server (v7) on a Debian 12 host. I using >>>>> the Debian's tomcat10 package, Apache2 as reverse proxy (AJP), the Oracle >>>>> JDK 21.0.2 and a CAS Initializr overlay to build the cas.war file. My CAS >>>>> server run well, but I have problem with the authentication of the >>>>> management app. I use a CAS Initializr overlay for the CAS management >>>>> 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it in >>>>> the >>>>> same context. I configure CAS client in the management app : >>>>> >>>>> cas.server.name=https://idp.example.tld >>>>> cas.server.prefix=${cas.server.name}/cas >>>>> >>>>> When I try to access to the management app, I'm entering in a loop : >>>>> I'm redirect to the CAS server that authenticate me and redirect me to >>>>> the >>>>> management app on its callback URL with a ticket ( >>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) >>>>> >>>>> and I'm redirect again to the CAS server for authentication, that >>>>> redirect >>>>> me back with a new ticket and etc. >>>>> >>>>> I have no error in logs and I tried to enable debugging and I can't >>>>> find any indication about my problem (see logs below). Do you have any >>>>> idea >>>>> ? >>>>> >>>>> Futhermore, It's a good idea for you to run CAS server & management >>>>> apps version 7 in production or I have to use version 6 ? >>>>> >>>>> Thanks ! >>>>> >>>>> 2024-03-26 12:45:29,508 DEBUG >>>>> [org.springframework.security.web.FilterChainProxy] - Securing GET >>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>> 2024-03-26 12:45:29,508 DEBUG >>>>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] >>>>> - >>>>> Request: filter invocation [GET >>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; >>>>> >>>>> ConfigAttributes: [REQUIRES_SECURE_CHANNEL] >>>>> 2024-03-26 12:45:29,509 DEBUG >>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>> >>>>> - Set SecurityContextHolder to anonymous SecurityContext >>>>> 2024-03-26 12:45:29,509 DEBUG >>>>> [org.springframework.security.web.FilterChainProxy] - Secured GET >>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>> 2024-03-26 12:45:29,510 DEBUG >>>>> [org.springframework.web.servlet.DispatcherServlet] - GET >>>>> "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", >>>>> >>>>> parameters={masked} >>>>> 2024-03-26 12:45:29,512 DEBUG >>>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - >>>>> Mapped >>>>> to ResourceHttpRequestHandler [classpath [dist/], classpath [static/]] >>>>> 2024-03-26 12:45:29,512 DEBUG >>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - === SECURITY === >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - url: >>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - clients: null | matchers: >>>>> null >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Provided >>>>> clientNames: null >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Default >>>>> security clients: null >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only client: >>>>> CasClient >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>> clientNameOnRequest: Optional.empty >>>>> 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - Found >>>>> client: CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>> >>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>> >>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>> nbAttempts=0, lastAttempt=null, >>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>> >>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>> multiProfile=false, saveProfileInSession=true, >>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>> https://idp.example.tld/cas-management/callback, >>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>> >>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>> >>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>> >>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>> >>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>> https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), >>>>> checkAuthenticationAttempt=true), >>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>> https://idp.example.tld/cas/, restUrl= >>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>> allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, >>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>> hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - result: >>>>> [CasClient] >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - currentClients: >>>>> [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>> >>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>> >>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>> nbAttempts=0, lastAttempt=null, >>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>> >>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>> multiProfile=false, saveProfileInSession=true, >>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>> https://idp.example.tld/cas-management/callback, >>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>> >>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>> >>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>> >>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>> >>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>> https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), >>>>> checkAuthenticationAttempt=true), >>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>> https://idp.example.tld/cas/, restUrl= >>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>> allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, >>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>> hostnameVerifier=null, sslSocketFactory=null))] >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: >>>>> 0D8A24DA3779DDC589CC82A00D7121ED >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>> matcher: org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d -> >>>>> true >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>> matcher: >>>>> org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 >>>>> -> true >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>> matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>> matcher: org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b -> >>>>> true >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>> matcher: org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 -> >>>>> true >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,513 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: >>>>> 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>> previous >>>>> CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>> pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>> generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current URL: >>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: pac4jCsrfToken >>>>> for value: 2af42c4e87984404bcc144ac7034dbc3 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>> pac4jCsrfTokenExpirationDate for value: 1711467929514 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>> matcher: >>>>> CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, >>>>> >>>>> domain=null, path=/, httpOnly=true, secure=true, maxAge=null, >>>>> sameSitePolicy=null, addTokenAsAttribute=true, addTokenAsHeader=false, >>>>> addTokenAsCookie=true) -> true >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>> key: >>>>> pac4jUserProfiles >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Loaded profiles (from >>>>> session: true): [] >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Starting authentication >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - >>>>> requestedUrl: >>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>> pac4jRequestedUrl for value: >>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>> retrieved session: >>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>> 2024-03-26 12:45:29,514 DEBUG >>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>> key: >>>>> CasClient$attemptedAuthentication >>>>> 2024-03-26 12:45:29,515 DEBUG >>>>> [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - redirectionUrl: >>>>> https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient >>>>> 2024-03-26 12:45:29,515 DEBUG >>>>> [org.springframework.web.servlet.DispatcherServlet] - Completed 302 FOUND >>>>> >>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/298e2344-5a08-4686-bcd3-6a3f85ef67cen%40apereo.org.
