Re: [cas-user] CAS 7.04 trying to login on cas-management

Tom Reijnders Thu, 09 May 2024 10:11:04 -0700

Hi Ray,

Hmmm, yes there are now. I also see that this file has been changed on May 
1st, and the other services are still from 2022. I have been playing with 
6.6.15 and managed to login a few times with that version. But I have no 
idea how that section cam in there. Also, I thin it explains why the null 
is returned and I believe the syntax is incorrect:


{
  @class: org.apereo.cas.services.CasRegisteredService
  serviceId: ^https://cas.dlearning.nl/cas-management.*
  name: CAS Management
  id: 1001
  description: Management of CAS enabled services
  expirationPolicy: null
  evaluationOrder: 5
  environments: null
  logoutUrl: https://cas.dlearning.nl/cas-management/logout
  accessStrategy:
  {
    @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
    delegatedAuthenticationPolicy:
    {
      @class: 
org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy
      allowedProviders: null
    }
  }
  authenticationPolicy:
  {
    @class: 
org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy
    criteria:
    {
      @class: 
org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria
    }
  }
  contacts:
  [
    java.util.ArrayList
    [
      {
        @class: org.apereo.cas.services.DefaultRegisteredServiceContact
        name: Tom Reijnders
        email: [email protected]
        phone: 0851308364
        department: IT
      }
    ]
  ]
  singleSignOnParticipationPolicy:
  {
    @class: 
org.apereo.cas.services.ChainingRegisteredServiceSingleSignOnParticipationPolicy
  }
  



*multifactorPolicy:  {    @class: 
org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy    
multifactorAuthenticationProviders: null  }*
}


If I leave out the bold section, something else is happening (which is 
good). It still does not work as expected (I get a too many redirections 
error). But at least I can experiment further.

Thanks Ray!

Cheers,

Tom

On Thursday, May 9, 2024 at 6:16:01 PM UTC+2 Ray Bon wrote:

> Tom,
>
> Does your service definition for cas-management include an MFA reference?
>
> Ray
>
> On Wed, 2024-05-08 at 13:10 -0700, Tom Reijnders wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information.
>
>
> I've setup CAS 7.04 and I am trying to login to cas-management. 
>
> After login (password is correctly resolved, user is resolved, service is 
> recognised) I am returning to the login screen.
>
> The error is: 
>
>  WARN 
> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>  
> - <Cannot invoke "java.util.Set.isEmpty()" because the return value of 
> "org.apereo.cas.services.RegisteredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()"
>  
> is null>
>
> But why is getMultifactorAuthenticationProviders called at all? Is that a 
> new default in 7.04?
>
> What do you need to help me debug this?
>
> Below is the cas.properties file:
>
> cas.server.name=https://cas.xxxx.xx
> cas.server.prefix=${cas.server.name}/cas
>
> CasFeatureModule.AccountManagement.enabled=true
>
> cas.locale.default-value=nl
>
> server.port=8081
> server.ssl.enabled=false
> cas.server.tomcat.http-proxy.enabled=true
> cas.server.tomcat.http-proxy.secure=true
> cas.server.tomcat.http-proxy.scheme=https
>
> logging.config=file:/etc/cas/config/log4j2.xml
>
> # Spring security settings
> spring.security.user.name=casuser
> spring.security.user.password=xxxx
>
> # Authentication
> cas.authn.accept.users=
> cas.authn.jdbc.query[0].driver-class=org.mariadb.jdbc.Driver
> cas.authn.jdbc.query[0].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
> cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MariaDBDialect
> cas.authn.jdbc.query[0].user=cas
> cas.authn.jdbc.query[0].password=xxxx
> cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE login = ?
> cas.authn.jdbc.query[0].password-encoder.type=SSHA
> cas.authn.jdbc.query[0].password-encoder.character-encoding=UTF-8
> cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=SHA-256
> cas.authn.jdbc.query[0].field-password=password
> cas.authn.jdbc.query[0].field-expired=expired
> cas.authn.jdbc.query[0].field-disabled=disabled
>
> cas.authn.jdbc.query[0].principal-attribute-list=login,email,firstname,lastname,role
> cas.authn.jdbc.query[1].driver-class=org.mariadb.jdbc.Driver
> cas.authn.jdbc.query[1].url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
> cas.authn.jdbc.query[1].dialect=org.hibernate.dialect.MariaDBDialect
> cas.authn.jdbc.query[1].user=cas
> cas.authn.jdbc.query[1].password=xxxx
> cas.authn.jdbc.query[1].sql=SELECT * FROM users WHERE email = ?
> cas.authn.jdbc.query[1].password-encoder.type=SSHA
> cas.authn.jdbc.query[1].password-encoder.character-encoding=UTF-8
> cas.authn.jdbc.query[1].password-encoder.encoding-algorithm=SHA-256
> cas.authn.jdbc.query[1].field-password=password
> cas.authn.jdbc.query[1].field-expired=expired
> cas.authn.jdbc.query[1].field-disabled=disabled
>
> cas.authn.jdbc.query[1].principal-attribute-list=login,email,firstname,lastname,role
> cas.jdbc.show-sql=true
>
>
> # JSON Configuration 2cwof services
> cas.serviceRegistry.json.location: file:/etc/cas/services
>
> # OAuth
> cas.authn.oauth.crypto.encryption.key=xxxx
> cas.authn.oauth.crypto.signing.key=xxxx
> cas.authn.oauth.access-token.crypto.encryption.key=xxxx
> cas.authn.oauth.access-token.crypto.signing.key=xxxx
>
>
> # Tickets
> cas.tgc.crypto.encryption.key=xxxx
> cas.tgc.crypto.signing.key=xxxx
>
> # Consent
> cas.consent.core.crypto.encryption.key=xxxx
> cas.consent.core.crypto.signing.key=xxxx
>
>
> # Password Management
> cas.webflow.crypto.signing.key=xxxx
> cas.webflow.crypto.encryption.key=xxxx
> cas.authn.pm.reset.crypto.encryption.key=xxxx
> cas.authn.pm.reset.crypto.signing.key=xxxx
> cas.authn.pm.forgot-username.enabled=false
>
> # Enable PM module and Password History
> cas.authn.pm.core.enabled=true
> cas.authn.pm.history.core.enabled=true
>
>
> # Enable Questions and Answers for PM
> cas.authn.pm.reset.security-questions-enabled=false
>
> # Password Management Database Connection Info
> cas.authn.pm.jdbc.user=cas
> cas.authn.pm.jdbc.password=xxxx
> cas.authn.pm.jdbc.driver-class=org.mariadb.jdbc.Driver
> cas.authn.pm.jdbc.dialect=org.hibernate.dialect.MariaDBDialect
> cas.authn.pm.jdbc.url=jdbc:mariadb://localhost:3306/cas?UseSSL=false
> cas.authn.pm.jdbc.password-encoder.type=SSHA
>
> # Queries Needed to Support PM functionality
> cas.authn.pm.jdbc.sql-get-security-questions=SELECT question, answer FROM 
> questions WHERE login=?
> cas.authn.pm.jdbc.sql-find-email=SELECT email FROM users WHERE login=?
> # cas.authn.pm.jdbc.sql-find-phone=SELECT phone FROM users WHERE login=?
> cas.authn.pm.jdbc.sql-find-user=SELECT login FROM users WHERE email=?
> cas.authn.pm.jdbc.sql-change-password=UPDATE users SET password=?, 
> expired=0 WHERE login=?
>
> # Password Requirements Policy
> # Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 
> Lowercase Alphabet, 1 Number and 1 Special Character
>
> cas.authn.pm.core.password-policy-pattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%*?&\\-+=_])[A-Za-z\\d$@$!%*?&\\-+=_]{8,10}
>
> # SMTP Settings
> spring.mail.host=localhost
> spring.mail.port=25
> spring.mail.username=
> spring.mail.password=
> spring.mail.properties.mail.smtp.auth=false
>
> # Password Reset Email Info
> [email protected]
> cas.authn.pm.reset.mail.subject=Change password
> [email protected]
> cas.authn.pm.reset.mail.html=true
> cas.authn.pm.reset.mail.attribute-name=email
> cas.authn.pm.reset.expiration=PT15M
>
> The follpowing dependencies are configured in the overlay:
>
>     implementation "org.apereo.cas:cas-server-support-audit-jdbc"
>     implementation "org.apereo.cas:cas-server-support-consent-webflow"
>     implementation "org.apereo.cas:cas-server-support-consent-jdbc"
>     implementation "org.apereo.cas:cas-server-support-jdbc"
>     implementation "org.apereo.cas:cas-server-support-oidc"
>     implementation "org.apereo.cas:cas-server-support-pm-webflow"
>     implementation "org.apereo.cas:cas-server-support-pm-jdbc"
>     implementation "org.apereo.cas:cas-server-support-saml-idp"
>     implementation 
> "org.apereo.cas:cas-server-support-json-service-registry"
>     implementation "org.apereo.cas:cas-server-support-jdbc-drivers"
>
>
>     testImplementation "org.springframework.boot:spring-boot-starter-test"
>
>
> Any hint is appreciated.
>
> Cheers,
>
> Tom Reijnders
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/66e9237a-9344-43d6-bb51-078b1d531e85n%40apereo.org.

Re: [cas-user] CAS 7.04 trying to login on cas-management

Reply via email to