Hello Mohamed, thanks for your reply, that might lead me in the right direction.
My CAS is running behind a reverse proxy, but it is all "https": Tomcat ->"ajp"->Apache2->"https"->Apache2 reverse proxy At the moment it looks to me like a problem with HSTS and CORS, something must have changed between 6.6 and 7.0. But I haven't been able to solve it yet. Best Regards Hartmut Mohamed Amdouni schrieb am Montag, 15. Juli 2024 um 18:45:03 UTC+2: > Hello, > > Will explain what was the error for me, hope it would help you figure out > the problem. > > In my usecase, the cas management was behind a proxy, so the URL of cas > management was "https" but the ssl is only on the proxy side, then the > proxy forward to my cas management instance wich is not started with ssl > (http). > > In the security configuration of cas management : see this file : > https://github.com/apereo/cas-management/blob/7.0.x/webapp/cas-mgmt-webapp-config/src/main/java/org/apereo/cas/mgmt/config/CasManagementSecurityConfiguration.java > > > there are this line http.requiresChannel(c -> > c.anyRequest().requiresSecure()); which require to have a secure channel > and so too many redirects. > > > I tried to overried the security configuration with no success so the > solution was to start cas management with ssl and point https URL in the > proxy configuration. > > > Try to check this class and find why it redirects.... > > Try to install a local instance of cas management ... > > > Best Regards > > On Monday 15 July 2024 at 11:07:49 UTC+2 Hartmut Trüe wrote: > >> Hello, >> >> after several updates since April, nothing has changed: cas-management >> 6.6 works as expected, the same configuration with cas-management 7.0 still >> ends in "too many redirects". >> >> This makes cas 7 unusable for me. I still don't have any ideas what the >> problem might be. >> >> Hartmut >> Hartmut Trüe schrieb am Dienstag, 2. April 2024 um 09:22:31 UTC+2: >> >>> Hello Benjamin, >>> >>> this is my CAS 6.6 management configuration: >>> >>> #--------------------------------------------- >>> # config for cas management webapp >>> logging.config=file:/etc/cas/config/log4j2-management.xml >>> server.servlet.context-path=/cas-management >>> >>> cas.server.name=https://www.domain.tld >>> cas.server.prefix=${cas.server.name}/cas >>> >>> mgmt.server-name=https://www.domain.tld >>> >>> # for testing only : no login required >>> #mgmt.cas-sso=false >>> #mgmt.authz-ip-regex=.* >>> >>> mgmt.user-properties-file=file:/etc/cas/config/adminUsers.json >>> mgmt.admin-roles[0]=ROLE_ADMIN >>> mgmt.user-roles[0]=ROLE_USER >>> >>> cas.serviceRegistry.initFromJson=true >>> cas.serviceRegistry.json.location=file:///etc/cas/services-repo >>> >>> mgmt.ldap.ldap-url=ldap://192.168.2.1/ >>> mgmt.ldap.bind-dn=uid=cas,ou=accounts,dc=de >>> mgmt.ldap.bind-credential=xxxxxxxxxxxx >>> #mgmt.ldap.use-ssl=false >>> mgmt.ldap.use-start-tls=false >>> mgmt.ldap.block-wait-time=3000 >>> mgmt.ldap.connect-timeout=2000 >>> mgmt.ldap.validate-on-checkout=false >>> mgmt.ldap.validate-periodically=true >>> mgmt.ldap.validate-period=300 >>> mgmt.ldap.idle-time=600 >>> mgmt.ldap.max-pool-size=10 >>> mgmt.ldap.min-pool-size=1 >>> mgmt.ldap.prune-period=300 >>> >>> mgmt.ldap.ldapAuthz.base-dn=ou=people,dc=domain,dc=tld >>> mgmt.ldap.ldapAuthz.search-filter=uid={user} >>> mgmt.ldap.ldapAuthz.allow-multiple-results=false >>> >>> #--------------------------------------------- >>> >>> Hartmut >>> >>> Benjamin Renard schrieb am Donnerstag, 28. März 2024 um 20:46:46 UTC+1: >>> >>>> Hello Hartmut, >>>> >>>> From my side, I can't observe this interesting error in my logs, even >>>> if enabling debuging on spring webflow & security. In fact, I also try to >>>> enable debug on root logger and I obtain nothing more than I have initialy >>>> posted here. >>>> >>>> Could you share your operational configuration in v6 ? I would like to >>>> know what look like a operational configuration :) >>>> >>>> Thanks ! >>>> >>>> Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : >>>> >>>>> After playing a bit with the loglevels (debug for >>>>> spring.webflow.log.level and spring.security.log.level), I found this. >>>>> But >>>>> I have no idea, if that is the problem or what to do. >>>>> As explained earlier, 6.6.x is running fine with the same >>>>> configuration. >>>>> >>>>> ... >>>>> 2024-03-28 09:43:41,073 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> >>>>> 2024-03-28 09:43:41,073 INFO >>>>> [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] >>>>> - >>>>> <No credentials could be extracted/detected from the current request> >>>>> 2024-03-28 09:43:41,073 INFO >>>>> [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution >>>>> disallowed; pre-execution result is 'error'> >>>>> 2024-03-28 09:43:41,073 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; >>>>> result = error> >>>>> 2024-03-28 09:43:41,073 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [EvaluateAction@763bc2b expression = tokenAuthenticationAction, >>>>> resultExpression = [null]]; result = error> >>>>> 2024-03-28 09:43:41,073 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@1b2a72b9 on = *, to = >>>>> initialAuthenticationRequestValidationCheck]> >>>>> 2024-03-28 09:43:41,073 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'tokenAuthenticationCheck'> >>>>> ... >>>>> >>>>> Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: >>>>> >>>>>> Thank Mohamed, >>>>>> >>>>>> What do you mean about enabling SSL ? My CAS management app is >>>>>> accessible via an Apache HTTPS VirtualHost that proxypass requests to a >>>>>> Tomcat's AJP Connector. It's "SSL enabled" for you ? :) >>>>>> >>>>>> Note: My CAS server use the same Apache HTTPS VirtualHost and Tomcat >>>>>> AJP connector, but is deploy another context (/cas vs /cas-management). >>>>>> >>>>>> Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I had a similar issue running cas management 6.6.4 and it was >>>>>>> related to https. >>>>>>> >>>>>>> My cas management was started with ssl disabled and this version of >>>>>>> cas management requires SSL (see the security adapter ) and in the logs >>>>>>> it >>>>>>> says requires secure channel. >>>>>>> >>>>>>> I tried to override the adapter but finally ended up by activating >>>>>>> ssl to avoid the redirects … >>>>>>> >>>>>>> Hope it helps… >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <[email protected]> a >>>>>>> écrit : >>>>>>> >>>>>>>> Same problem on my CAS Management webapp, it ends in "too many >>>>>>>> redirects". The same configuration is working fine with CAS 6.6.x and >>>>>>>> Management 6.6.x and the certificate is valid. >>>>>>>> >>>>>>>> I can't find errors, and the ticket seems to be valid: >>>>>>>> ... >>>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0> >>>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested >>>>>>>> original ticket id [TGT-1-********PD8Hl30-cas-dev] to >>>>>>>> [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> >>>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting >>>>>>>> to >>>>>>>> decode >>>>>>>> [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded >>>>>>>> ticket >>>>>>>> to [TGT-1-********PD8Hl30-cas-dev]> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>> executing >>>>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; >>>>>>>> result = valid> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>> executing [EvaluateAction@698bdaf2 expression = >>>>>>>> ticketGrantingTicketCheckAction, resultExpression = [null]]; result = >>>>>>>> valid> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>>> [Transition@109de836 on = valid, to = hasServiceCheck]> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>>> 'ticketGrantingTicketCheck'> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.DecisionState] - <Entering state >>>>>>>> 'hasServiceCheck' of flow 'login'> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>>> [Transition@5efaf8bd on = flowScope.service != null, to = >>>>>>>> renewRequestCheck]> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>>> 'hasServiceCheck'> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>>> 'renewRequestCheck' of flow 'login'> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>>> [EvaluateAction@42900422 expression = >>>>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] >>>>>>>> >>>>>>>> - <Evaluating authentication policy >>>>>>>> [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], >>>>>>>> >>>>>>>> excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>> executing >>>>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; >>>>>>>> >>>>>>>> result = proceed> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>> executing [EvaluateAction@42900422 expression = >>>>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]; >>>>>>>> result = >>>>>>>> proceed> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>>> [Transition@1ad0074 on = proceed, to = generateServiceTicket]> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>>> 'renewRequestCheck'> >>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>>> 'generateServiceTicket' of flow 'login'> >>>>>>>> ... >>>>>>>> >>>>>>>> Regards, >>>>>>>> Hartmut >>>>>>>> Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: >>>>>>>> >>>>>>>>> Benjamin, >>>>>>>>> >>>>>>>>> The behaviour you describe happens when the service ticket can not >>>>>>>>> be validated. >>>>>>>>> cas management submits the ST to cas through a back channel over >>>>>>>>> https. >>>>>>>>> If there is nothing in cas audit log about validation / failed >>>>>>>>> validation (which would give a reason for failure), it could be a >>>>>>>>> certificate problem. >>>>>>>>> >>>>>>>>> Do you have a proper/valid certificate for idp.example.tld (i.e. >>>>>>>>> cert signed by an authority)? >>>>>>>>> >>>>>>>>> If not, you may have to add it to the java keystore (assuming you >>>>>>>>> have already added it to tomcat config). >>>>>>>>> >>>>>>>>> Ray >>>>>>>>> >>>>>>>>> On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: >>>>>>>>> >>>>>>>>> Notice: This message was sent from outside the University of >>>>>>>>> Victoria email system. Please be cautious with links and sensitive >>>>>>>>> information. >>>>>>>>> >>>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I'm trying to install a CAS server (v7) on a Debian 12 host. I >>>>>>>>> using the Debian's tomcat10 package, Apache2 as reverse proxy (AJP), >>>>>>>>> the >>>>>>>>> Oracle JDK 21.0.2 and a CAS Initializr overlay to build the cas.war >>>>>>>>> file. >>>>>>>>> My CAS server run well, but I have problem with the authentication of >>>>>>>>> the >>>>>>>>> management app. I use a CAS Initializr overlay for the CAS management >>>>>>>>> 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it >>>>>>>>> in the >>>>>>>>> same context. I configure CAS client in the management app : >>>>>>>>> >>>>>>>>> cas.server.name=https://idp.example.tld >>>>>>>>> cas.server.prefix=${cas.server.name}/cas >>>>>>>>> >>>>>>>>> When I try to access to the management app, I'm entering in a loop >>>>>>>>> : I'm redirect to the CAS server that authenticate me and redirect me >>>>>>>>> to >>>>>>>>> the management app on its callback URL with a ticket ( >>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) >>>>>>>>> >>>>>>>>> and I'm redirect again to the CAS server for authentication, that >>>>>>>>> redirect >>>>>>>>> me back with a new ticket and etc. >>>>>>>>> >>>>>>>>> I have no error in logs and I tried to enable debugging and I >>>>>>>>> can't find any indication about my problem (see logs below). Do you >>>>>>>>> have >>>>>>>>> any idea ? >>>>>>>>> >>>>>>>>> Futhermore, It's a good idea for you to run CAS server & >>>>>>>>> management apps version 7 in production or I have to use version 6 ? >>>>>>>>> >>>>>>>>> Thanks ! >>>>>>>>> >>>>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>>>> [org.springframework.security.web.FilterChainProxy] - Securing GET >>>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>>>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] >>>>>>>>> - >>>>>>>>> Request: filter invocation [GET >>>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; >>>>>>>>> >>>>>>>>> ConfigAttributes: [REQUIRES_SECURE_CHANNEL] >>>>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>>> >>>>>>>>> - Set SecurityContextHolder to anonymous SecurityContext >>>>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>>>> [org.springframework.security.web.FilterChainProxy] - Secured GET >>>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>> 2024-03-26 12:45:29,510 DEBUG >>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - GET >>>>>>>>> "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", >>>>>>>>> >>>>>>>>> parameters={masked} >>>>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - >>>>>>>>> Mapped >>>>>>>>> to ResourceHttpRequestHandler [classpath [dist/], classpath [static/]] >>>>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - === SECURITY === >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - url: >>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - clients: null | >>>>>>>>> matchers: >>>>>>>>> null >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Provided >>>>>>>>> clientNames: null >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Default >>>>>>>>> security clients: null >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only >>>>>>>>> client: >>>>>>>>> CasClient >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>>>>> clientNameOnRequest: Optional.empty >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - >>>>>>>>> Found client: >>>>>>>>> CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>>>> >>>>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>>>> >>>>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>>>> >>>>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>>>> >>>>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>>>> >>>>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>>>> >>>>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>>>> >>>>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>>>> >>>>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>>>> https://idp.example.tld/cas/logout, >>>>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>>>> allowedProxyChains=[], defaultTicketValidator=null, >>>>>>>>> proxyReceptor=null, >>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>>>> hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - result: >>>>>>>>> [CasClient] >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - currentClients: >>>>>>>>> [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>>>> >>>>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>>>> >>>>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>>>> >>>>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>>>> >>>>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>>>> >>>>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>>>> >>>>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>>>> >>>>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>>>> >>>>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>>>> https://idp.example.tld/cas/logout, >>>>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>>>> allowedProxyChains=[], defaultTicketValidator=null, >>>>>>>>> proxyReceptor=null, >>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>>>> hostnameVerifier=null, sslSocketFactory=null))] >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> false, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: >>>>>>>>> 0D8A24DA3779DDC589CC82A00D7121ED >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>> matcher: org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d >>>>>>>>> -> >>>>>>>>> true >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>> matcher: >>>>>>>>> org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 >>>>>>>>> -> true >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>> matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>> matcher: >>>>>>>>> org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b -> >>>>>>>>> true >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>> matcher: >>>>>>>>> org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 -> >>>>>>>>> true >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> false, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: >>>>>>>>> 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>>>> previous >>>>>>>>> CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> true, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>> pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>>>> generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current >>>>>>>>> URL: >>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> true, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>> pac4jCsrfToken >>>>>>>>> for value: 2af42c4e87984404bcc144ac7034dbc3 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> true, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>> pac4jCsrfTokenExpirationDate for value: 1711467929514 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>> matcher: >>>>>>>>> CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, >>>>>>>>> >>>>>>>>> domain=null, path=/, httpOnly=true, secure=true, maxAge=null, >>>>>>>>> sameSitePolicy=null, addTokenAsAttribute=true, >>>>>>>>> addTokenAsHeader=false, >>>>>>>>> addTokenAsCookie=true) -> true >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> false, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>>>>> key: >>>>>>>>> pac4jUserProfiles >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Loaded profiles (from >>>>>>>>> session: true): [] >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Starting authentication >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - >>>>>>>>> requestedUrl: >>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> true, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>> pac4jRequestedUrl for value: >>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>> false, >>>>>>>>> retrieved session: >>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>>>>> key: >>>>>>>>> CasClient$attemptedAuthentication >>>>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>>>> [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - >>>>>>>>> redirectionUrl: >>>>>>>>> https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient >>>>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - Completed 302 >>>>>>>>> FOUND >>>>>>>>> >>>>>>>>> -- >>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "CAS Community" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org >>>>>>>> >>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5af18aa0-cf53-49ab-b227-2f3049236399n%40apereo.org.
