Could anybody confirm that this issue still appear itself in v7.1. Ii
seems i have the same . My logs :
[env : simple as posible casuser:Mellon with mf-gauth run by ./gradlew run
debug,time synced with ntpd server]
2024-06-27 12:09:08,262 DEBUG
[org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,262 DEBUG
[org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,263 DEBUG
[org.springframework.boot.actuate.audit.listener.AuditListener] -
<AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z,
principal=anonymousUser, type=AUTHORIZATION_FAILURE,
data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1,
SessionId=null]}]>
2024-06-27 12:09:08,266 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for
POST "/cas/error", parameters={masked}>
2024-06-27 12:09:08,266 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
- <Mapped to
org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
2024-06-27 12:09:08,267 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
- <Using 'application/vnd.cas.services+yaml', given [*/*] and supported
[application/vnd.cas.services+yaml, application/json, application/*+json,
application/xml;charset=UTF-8, text/xml;charset=UTF-8,
application/*+xml;charset=UTF-8]>
2024-06-27 12:09:08,268 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
- <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403,
error=Forbidden, message=Access Denied, path=/ (truncated)...]>
2024-06-27 12:09:08,269 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR"
dispatch, status 403>
2024-06-27 12:09:16,765 DEBUG
[org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] -
<Starting to clean previously used authenticator tokens from
[BaseOneTimeTokenRepository()] at
[2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]>
On Wednesday, January 10, 2024 at 7:52:52 PM UTC+1 Al Faller wrote:
> Did some http level comparison between 6.6 and 7.0 -
> 6.6 sends the POST to /cas/login, whereas
> 7.0 sends the POST to /cas/mfa-gauth
>
> So, editing the form action in the html for the device registration, I set
> the action=/cas/login on my 7.0 test and it worked!
>
> Looks like the form was changed in commit 15580dc in October, for "allow
> account profile to allow users to register devices with gauth". I don't
> pretend to understand how the flow was changed, but maybe this will help
> someone with straightening this out. Unfortunately my hack works fine with
> a vanilla version of CAS running, but does not work once I turn on all of
> the features I need (I get different errors though, which is likely related
> to the flow changes).
>
>
>
>
>
> On Wed, Jan 10, 2024 at 11:00 AM Al Faller <[email protected]> wrote:
>
>> HI All -
>>
>> Turned on debugging for spring and it looks like spring is sending the
>> error:
>>
>> 2024-01-10 15:49:02,787 INFO
>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0]
>> expired tickets removed.>
>> 2024-01-10 15:49:10,713 DEBUG
>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
>> 2024-01-10 15:49:10,715 DEBUG
>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
>> 2024-01-10 15:49:10,716 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Trying to match
>> request against DefaultSecurityFilterChain [RequestMatcher=any request,
>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd,
>>
>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381,
>>
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e,
>>
>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c,
>>
>> org.springframework.web.filter.CorsFilter@3baaf6b3,
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b,
>>
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8,
>>
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0,
>>
>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa,
>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]]
>>
>> (1/1)>
>> 2024-01-10 15:49:10,716 DEBUG
>> [org.springframework.security.web.FilterChainProxy] - <Securing POST
>> /mfa-gauth>
>> 2024-01-10 15:49:10,716 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> DisableEncodeUrlFilter (1/10)>
>> 2024-01-10 15:49:10,717 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ChannelProcessingFilter (2/10)>
>> 2024-01-10 15:49:10,717 TRACE
>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource]
>>
>> - <Did not match request to
>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16
>>
>> - [REQUIRES_SECURE_CHANNEL] (1/1)>
>> 2024-01-10 15:49:10,718 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> WebAsyncManagerIntegrationFilter (3/10)>
>> 2024-01-10 15:49:10,718 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderFilter (4/10)>
>> 2024-01-10 15:49:10,718 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter
>> (5/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> RequestCacheAwareFilter (6/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
>> <matchingRequestParameterName is required for getMatchingRequest to lookup
>> a value, but not provided>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderAwareRequestFilter (7/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AnonymousAuthenticationFilter (8/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ExceptionTranslationFilter (9/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AuthorizationFilter (10/10)>
>> 2024-01-10 15:49:10,720 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[
>> org.apache.catalina.connector.RequestFacade@4d5329b9]]>
>> 2024-01-10 15:49:10,739 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Denying request since did not find matching RequestMatcher>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository]
>>
>> - <No HttpSession currently exists>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>>
>> - <Set SecurityContextHolder to AnonymousAuthenticationToken
>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true,
>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
>> 2024-01-10 15:49:13,460 TRACE
>> [org.springframework.security.web.access.ExceptionTranslationFilter] -
>> <Sending AnonymousAuthenticationToken [Principal=anonymousUser,
>> Credentials=[PROTECTED], Authenticated=true,
>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication
>> entry point since access is denied>
>> org.springframework.security.access.AccessDeniedException: Access Denied
>> at
>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
>> at
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
>> at
>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
>> at
>> org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
>> at
>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
>> at
>> org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
>> at
>> org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
>> at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)
>> at
>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
>> at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)
>> at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
>> at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)
>> 2024-01-10 15:49:13,462 TRACE
>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
>> <Did not save request since it did not match [And [Not [Ant
>> [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher
>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6,
>>
>> matchingMediaTypes=[application/json], useEquals=false,
>> ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher
>> [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]],
>> Not [MediaTypeRequestMatcher
>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6,
>>
>> matchingMediaTypes=[multipart/form-data], useEquals=false,
>> ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher
>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6,
>>
>> matchingMediaTypes=[text/event-stream], useEquals=false,
>> ignoredMediaTypes=[*/*]]]]]>
>> 2024-01-10 15:49:13,462 DEBUG
>> [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint]
>> - <Pre-authenticated entry point called. Rejecting access>
>> 2024-01-10 15:49:13,485 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>>
>> - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Trying to match
>> request against DefaultSecurityFilterChain [RequestMatcher=any request,
>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd,
>>
>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381,
>>
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e,
>>
>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c,
>>
>> org.springframework.web.filter.CorsFilter@3baaf6b3,
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b,
>>
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8,
>>
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0,
>>
>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa,
>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]]
>>
>> (1/1)>
>> 2024-01-10 15:49:13,503 DEBUG
>> [org.springframework.security.web.FilterChainProxy] - <Securing POST /error>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> DisableEncodeUrlFilter (1/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ChannelProcessingFilter (2/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource]
>>
>> - <Did not match request to
>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16
>>
>> - [REQUIRES_SECURE_CHANNEL] (1/1)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> WebAsyncManagerIntegrationFilter (3/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderFilter (4/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter
>> (5/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> RequestCacheAwareFilter (6/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
>> <matchingRequestParameterName is required for getMatchingRequest to lookup
>> a value, but not provided>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderAwareRequestFilter (7/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AnonymousAuthenticationFilter (8/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ExceptionTranslationFilter (9/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AuthorizationFilter (10/10)>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[
>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]]>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Checking authorization on SecurityContextHolderAwareRequestWrapper[
>> FirewalledRequest[
>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]] using
>> org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b>
>> 2024-01-10 15:49:13,504 DEBUG
>> [org.springframework.security.web.FilterChainProxy] - <Secured POST /error>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed
>> cookie value [en-US] into locale 'en_US'>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for
>> POST "/cas/error", parameters={masked}, headers={masked} in
>> DispatcherServlet 'dispatcherServlet'>
>> 2024-01-10 15:49:13,505 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>>
>> - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
>> 2024-01-10 15:49:13,505 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>>
>> - <Mapped to
>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
>> 2024-01-10 15:49:13,513 TRACE
>> [org.springframework.web.method.HandlerMethod] - <Arguments:
>> [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379]>
>> 2024-01-10 15:49:13,531 DEBUG
>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
>>
>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported
>> [application/vnd.cas.services+yaml, application/json, application/*+json,
>> application/xml;charset=UTF-8, text/xml;charset=UTF-8,
>> application/*+xml;charset=UTF-8]>
>> 2024-01-10 15:49:13,531 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
>>
>> - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403,
>> error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]>
>> 2024-01-10 15:49:13,574 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter]
>>
>> - <Applying default cacheSeconds=-1>
>> 2024-01-10 15:49:13,574 TRACE
>> [org.springframework.web.servlet.DispatcherServlet] - <No view rendering,
>> null ModelAndView returned.>
>> 2024-01-10 15:49:13,576 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR"
>> dispatch, status 403, headers={masked}>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository]
>>
>> - <No HttpSession currently exists>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>>
>> - <Set SecurityContextHolder to AnonymousAuthenticationToken
>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true,
>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
>>
>> On Wednesday, January 10, 2024 at 7:57:27 AM UTC-5 Frédéric Dussurget
>> wrote:
>>
>>> Hi Al,
>>> I've got the same issue, could not fixed it. F12 console in your browser
>>> might throw a 401 error ... (for info my db backend is redis)
>>> we have a topic here :
>>> https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M
>>> regards,
>>>
>>>
>>> Le mercredi 10 janvier 2024 à 05:26:03 UTC+1, Al Faller a écrit :
>>>
>>>> Hi -
>>>>
>>>> Trying to get mfa-gauth working with 7.0. Unfortunately when I'm
>>>> attempting to "Confirm account registration" (save my new device), I
>>>> receive a 403 error back from CAS at /cas/mfa-gauth and an error on the
>>>> screen. I can reproduce this with a clean copy of the overlay. My steps:
>>>>
>>>> - add 'implementation "org.apereo.cas:cas-server-support-gauth"' to
>>>> the build.gradle
>>>> - ./gradlew build
>>>> - add cas.authn.mfa.triggers.global.global-provider-id=mfa-gauth to
>>>> /etc/cas/config/cas.properties
>>>> - java -jar build/libs/cas.war --server.ssl.enabled=false
>>>> --server.port=8080
>>>>
>>>> From chrome developer tools, looks like the following was returned:
>>>> --- !<java.util.LinkedHashMap>
>>>> timestamp: "2024-01-09T22:48:27.384+00:00"
>>>> status: 403
>>>> error: "Forbidden"
>>>> message: "Access Denied"
>>>> path: "/cas/mfa-gauth"
>>>>
>>>> added debug logging - nothing useful shows up.
>>>>
>>>> Attached is the screenshot:
>>>> [image: Screenshot from 2024-01-09 17-45-14.png]
>>>>
>>>> Any ideas why this might be breaking? I have tried 7.0 and master with
>>>> no luck.
>>>>
>>>> Thanks in advance,
>>>>
>>>> Al
>>>>
>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fc81a5f3-e347-4f47-be3a-a81be2c0f422n%40apereo.org.
