Tom, Does your service definition for cas-management include an MFA reference?
Ray On Wed, 2024-05-08 at 13:10 -0700, Tom Reijnders wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I've setup CAS 7.04 and I am trying to login to cas-management. After login (password is correctly resolved, user is resolved, service is recognised) I am returning to the login screen. The error is: WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <Cannot invoke "java.util.Set.isEmpty()" because the return value of "org.apereo.cas.services.RegisteredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()" is null> But why is getMultifactorAuthenticationProviders called at all? Is that a new default in 7.04? What do you need to help me debug this? Below is the cas.properties file: cas.server.name=https://cas.xxxx.xx cas.server.prefix=${cas.server.name}/cas CasFeatureModule.AccountManagement.enabled=true cas.locale.default-value=nl server.port=8081 server.ssl.enabled=false cas.server.tomcat.http-proxy.enabled=true cas.server.tomcat.http-proxy.secure=true cas.server.tomcat.http-proxy.scheme=https logging.config=file:/etc/cas/config/log4j2.xml # Spring security settings spring.security.user.name=casuser spring.security.user.password=xxxx # Authentication cas.authn.accept.users= cas.authn.jdbc.query[0].driver-class=org.mariadb.jdbc.Driver cas.authn.jdbc.query[0].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MariaDBDialect cas.authn.jdbc.query[0].user=cas cas.authn.jdbc.query[0].password=xxxx cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE login = ? cas.authn.jdbc.query[0].password-encoder.type=SSHA cas.authn.jdbc.query[0].password-encoder.character-encoding=UTF-8 cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=SHA-256 cas.authn.jdbc.query[0].field-password=password cas.authn.jdbc.query[0].field-expired=expired cas.authn.jdbc.query[0].field-disabled=disabled cas.authn.jdbc.query[0].principal-attribute-list=login,email,firstname,lastname,role cas.authn.jdbc.query[1].driver-class=org.mariadb.jdbc.Driver cas.authn.jdbc.query[1].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false cas.authn.jdbc.query[1].dialect=org.hibernate.dialect.MariaDBDialect cas.authn.jdbc.query[1].user=cas cas.authn.jdbc.query[1].password=xxxx cas.authn.jdbc.query[1].sql=SELECT * FROM users WHERE email = ? cas.authn.jdbc.query[1].password-encoder.type=SSHA cas.authn.jdbc.query[1].password-encoder.character-encoding=UTF-8 cas.authn.jdbc.query[1].password-encoder.encoding-algorithm=SHA-256 cas.authn.jdbc.query[1].field-password=password cas.authn.jdbc.query[1].field-expired=expired cas.authn.jdbc.query[1].field-disabled=disabled cas.authn.jdbc.query[1].principal-attribute-list=login,email,firstname,lastname,role cas.jdbc.show-sql=true # JSON Configuration 2cwof services cas.serviceRegistry.json.location: file:/etc/cas/services # OAuth cas.authn.oauth.crypto.encryption.key=xxxx cas.authn.oauth.crypto.signing.key=xxxx cas.authn.oauth.access-token.crypto.encryption.key=xxxx cas.authn.oauth.access-token.crypto.signing.key=xxxx # Tickets cas.tgc.crypto.encryption.key=xxxx cas.tgc.crypto.signing.key=xxxx # Consent cas.consent.core.crypto.encryption.key=xxxx cas.consent.core.crypto.signing.key=xxxx # Password Management cas.webflow.crypto.signing.key=xxxx cas.webflow.crypto.encryption.key=xxxx cas.authn.pm.reset.crypto.encryption.key=xxxx cas.authn.pm.reset.crypto.signing.key=xxxx cas.authn.pm.forgot-username.enabled=false # Enable PM module and Password History cas.authn.pm.core.enabled=true cas.authn.pm.history.core.enabled=true # Enable Questions and Answers for PM cas.authn.pm.reset.security-questions-enabled=false # Password Management Database Connection Info cas.authn.pm.jdbc.user=cas cas.authn.pm.jdbc.password=xxxx cas.authn.pm.jdbc.driver-class=org.mariadb.jdbc.Driver cas.authn.pm.jdbc.dialect=org.hibernate.dialect.MariaDBDialect cas.authn.pm.jdbc.url=jdbc:mariadb://localhost:3306/cas?UseSSL=false cas.authn.pm.jdbc.password-encoder.type=SSHA # Queries Needed to Support PM functionality cas.authn.pm.jdbc.sql-get-security-questions=SELECT question, answer FROM questions WHERE login=? cas.authn.pm.jdbc.sql-find-email=SELECT email FROM users WHERE login=? # cas.authn.pm.jdbc.sql-find-phone=SELECT phone FROM users WHERE login=? cas.authn.pm.jdbc.sql-find-user=SELECT login FROM users WHERE email=? cas.authn.pm.jdbc.sql-change-password=UPDATE users SET password=?, expired=0 WHERE login=? # Password Requirements Policy # Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character cas.authn.pm.core.password-policy-pattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%*?&\\-+=_])[A-Za-z\\d$@$!%*?&\\-+=_]{8,10} # SMTP Settings spring.mail.host=localhost spring.mail.port=25 spring.mail.username= spring.mail.password= spring.mail.properties.mail.smtp.auth=false # Password Reset Email Info [email protected] cas.authn.pm.reset.mail.subject=Change password [email protected] cas.authn.pm.reset.mail.html=true cas.authn.pm.reset.mail.attribute-name=email cas.authn.pm.reset.expiration=PT15M The follpowing dependencies are configured in the overlay: implementation "org.apereo.cas:cas-server-support-audit-jdbc" implementation "org.apereo.cas:cas-server-support-consent-webflow" implementation "org.apereo.cas:cas-server-support-consent-jdbc" implementation "org.apereo.cas:cas-server-support-jdbc" implementation "org.apereo.cas:cas-server-support-oidc" implementation "org.apereo.cas:cas-server-support-pm-webflow" implementation "org.apereo.cas:cas-server-support-pm-jdbc" implementation "org.apereo.cas:cas-server-support-saml-idp" implementation "org.apereo.cas:cas-server-support-json-service-registry" implementation "org.apereo.cas:cas-server-support-jdbc-drivers" testImplementation "org.springframework.boot:spring-boot-starter-test" Any hint is appreciated. Cheers, Tom Reijnders -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67ddaff50142a1f580b79215949ece0e6543281c.camel%40uvic.ca.
