Can you send your build.gradle? I want to check dependencies that defined for your build.
On Tue, Apr 2, 2024 at 10:52 AM Hartmut Trüe <[email protected]> wrote: > Hello Benjamin, > > this is my CAS 6.6 management configuration: > > #--------------------------------------------- > # config for cas management webapp > logging.config=file:/etc/cas/config/log4j2-management.xml > server.servlet.context-path=/cas-management > > cas.server.name=https://www.domain.tld > cas.server.prefix=${cas.server.name}/cas > > mgmt.server-name=https://www.domain.tld > > # for testing only : no login required > #mgmt.cas-sso=false > #mgmt.authz-ip-regex=.* > > mgmt.user-properties-file=file:/etc/cas/config/adminUsers.json > mgmt.admin-roles[0]=ROLE_ADMIN > mgmt.user-roles[0]=ROLE_USER > > cas.serviceRegistry.initFromJson=true > cas.serviceRegistry.json.location=file:///etc/cas/services-repo > > mgmt.ldap.ldap-url=ldap://192.168.2.1/ > mgmt.ldap.bind-dn=uid=cas,ou=accounts,dc=de > mgmt.ldap.bind-credential=xxxxxxxxxxxx > #mgmt.ldap.use-ssl=false > mgmt.ldap.use-start-tls=false > mgmt.ldap.block-wait-time=3000 > mgmt.ldap.connect-timeout=2000 > mgmt.ldap.validate-on-checkout=false > mgmt.ldap.validate-periodically=true > mgmt.ldap.validate-period=300 > mgmt.ldap.idle-time=600 > mgmt.ldap.max-pool-size=10 > mgmt.ldap.min-pool-size=1 > mgmt.ldap.prune-period=300 > > mgmt.ldap.ldapAuthz.base-dn=ou=people,dc=domain,dc=tld > mgmt.ldap.ldapAuthz.search-filter=uid={user} > mgmt.ldap.ldapAuthz.allow-multiple-results=false > > #--------------------------------------------- > > Hartmut > > Benjamin Renard schrieb am Donnerstag, 28. März 2024 um 20:46:46 UTC+1: > >> Hello Hartmut, >> >> From my side, I can't observe this interesting error in my logs, even if >> enabling debuging on spring webflow & security. In fact, I also try to >> enable debug on root logger and I obtain nothing more than I have initialy >> posted here. >> >> Could you share your operational configuration in v6 ? I would like to >> know what look like a operational configuration :) >> >> Thanks ! >> >> Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : >> >>> After playing a bit with the loglevels (debug for >>> spring.webflow.log.level and spring.security.log.level), I found this. But >>> I have no idea, if that is the problem or what to do. >>> As explained earlier, 6.6.x is running fine with the same configuration. >>> >>> ... >>> 2024-03-28 09:43:41,073 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>> org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> >>> 2024-03-28 09:43:41,073 INFO >>> [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - >>> <No credentials could be extracted/detected from the current request> >>> 2024-03-28 09:43:41,073 INFO >>> [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution >>> disallowed; pre-execution result is 'error'> >>> 2024-03-28 09:43:41,073 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; >>> result = error> >>> 2024-03-28 09:43:41,073 DEBUG >>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>> executing [EvaluateAction@763bc2b expression = >>> tokenAuthenticationAction, resultExpression = [null]]; result = error> >>> 2024-03-28 09:43:41,073 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Executing >>> [Transition@1b2a72b9 on = *, to = >>> initialAuthenticationRequestValidationCheck]> >>> 2024-03-28 09:43:41,073 DEBUG >>> [org.springframework.webflow.engine.Transition] - <Exiting state >>> 'tokenAuthenticationCheck'> >>> ... >>> >>> Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: >>> >>>> Thank Mohamed, >>>> >>>> What do you mean about enabling SSL ? My CAS management app is >>>> accessible via an Apache HTTPS VirtualHost that proxypass requests to a >>>> Tomcat's AJP Connector. It's "SSL enabled" for you ? :) >>>> >>>> Note: My CAS server use the same Apache HTTPS VirtualHost and Tomcat >>>> AJP connector, but is deploy another context (/cas vs /cas-management). >>>> >>>> Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : >>>> >>>>> Hello, >>>>> >>>>> I had a similar issue running cas management 6.6.4 and it was related >>>>> to https. >>>>> >>>>> My cas management was started with ssl disabled and this version of >>>>> cas management requires SSL (see the security adapter ) and in the logs it >>>>> says requires secure channel. >>>>> >>>>> I tried to override the adapter but finally ended up by activating ssl >>>>> to avoid the redirects … >>>>> >>>>> Hope it helps… >>>>> >>>>> >>>>> >>>>> >>>>> Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <[email protected]> a >>>>> écrit : >>>>> >>>>>> Same problem on my CAS Management webapp, it ends in "too many >>>>>> redirects". The same configuration is working fine with CAS 6.6.x and >>>>>> Management 6.6.x and the certificate is valid. >>>>>> >>>>>> I can't find errors, and the ticket seems to be valid: >>>>>> ... >>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0 >>>>>> > >>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested >>>>>> original ticket id [TGT-1-********PD8Hl30-cas-dev] to >>>>>> [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> >>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to >>>>>> decode >>>>>> [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket >>>>>> to [TGT-1-********PD8Hl30-cas-dev]> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>> executing >>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; >>>>>> result = valid> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>> executing [EvaluateAction@698bdaf2 expression = >>>>>> ticketGrantingTicketCheckAction, resultExpression = [null]]; result = >>>>>> valid> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>> [Transition@109de836 on = valid, to = hasServiceCheck]> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>> 'ticketGrantingTicketCheck'> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.DecisionState] - <Entering state >>>>>> 'hasServiceCheck' of flow 'login'> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>> [Transition@5efaf8bd on = flowScope.service != null, to = >>>>>> renewRequestCheck]> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>> 'hasServiceCheck'> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>> 'renewRequestCheck' of flow 'login'> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>> [EvaluateAction@42900422 expression = >>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf >>>>>> > >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] >>>>>> - <Evaluating authentication policy >>>>>> [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], >>>>>> excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>> executing >>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; >>>>>> result = proceed> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>> executing [EvaluateAction@42900422 expression = >>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]; >>>>>> result = >>>>>> proceed> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>> [Transition@1ad0074 on = proceed, to = generateServiceTicket]> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>> 'renewRequestCheck'> >>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>> 'generateServiceTicket' of flow 'login'> >>>>>> ... >>>>>> >>>>>> Regards, >>>>>> Hartmut >>>>>> Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: >>>>>> >>>>>>> Benjamin, >>>>>>> >>>>>>> The behaviour you describe happens when the service ticket can not >>>>>>> be validated. >>>>>>> cas management submits the ST to cas through a back channel over >>>>>>> https. >>>>>>> If there is nothing in cas audit log about validation / failed >>>>>>> validation (which would give a reason for failure), it could be a >>>>>>> certificate problem. >>>>>>> >>>>>>> Do you have a proper/valid certificate for idp.example.tld (i.e. >>>>>>> cert signed by an authority)? >>>>>>> >>>>>>> If not, you may have to add it to the java keystore (assuming you >>>>>>> have already added it to tomcat config). >>>>>>> >>>>>>> Ray >>>>>>> >>>>>>> On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: >>>>>>> >>>>>>> Notice: This message was sent from outside the University of >>>>>>> Victoria email system. Please be cautious with links and sensitive >>>>>>> information. >>>>>>> >>>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I'm trying to install a CAS server (v7) on a Debian 12 host. I >>>>>>> using the Debian's tomcat10 package, Apache2 as reverse proxy (AJP), the >>>>>>> Oracle JDK 21.0.2 and a CAS Initializr overlay to build the cas.war >>>>>>> file. >>>>>>> My CAS server run well, but I have problem with the authentication of >>>>>>> the >>>>>>> management app. I use a CAS Initializr overlay for the CAS management >>>>>>> 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it in >>>>>>> the >>>>>>> same context. I configure CAS client in the management app : >>>>>>> >>>>>>> cas.server.name=https://idp.example.tld >>>>>>> cas.server.prefix=${cas.server.name}/cas >>>>>>> >>>>>>> When I try to access to the management app, I'm entering in a loop : >>>>>>> I'm redirect to the CAS server that authenticate me and redirect me to >>>>>>> the >>>>>>> management app on its callback URL with a ticket ( >>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) >>>>>>> and I'm redirect again to the CAS server for authentication, that >>>>>>> redirect >>>>>>> me back with a new ticket and etc. >>>>>>> >>>>>>> I have no error in logs and I tried to enable debugging and I can't >>>>>>> find any indication about my problem (see logs below). Do you have any >>>>>>> idea >>>>>>> ? >>>>>>> >>>>>>> Futhermore, It's a good idea for you to run CAS server & management >>>>>>> apps version 7 in production or I have to use version 6 ? >>>>>>> >>>>>>> Thanks ! >>>>>>> >>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>> [org.springframework.security.web.FilterChainProxy] - Securing GET >>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] >>>>>>> - >>>>>>> Request: filter invocation [GET >>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; >>>>>>> ConfigAttributes: [REQUIRES_SECURE_CHANNEL] >>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>> - Set SecurityContextHolder to anonymous SecurityContext >>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>> [org.springframework.security.web.FilterChainProxy] - Secured GET >>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>> 2024-03-26 12:45:29,510 DEBUG >>>>>>> [org.springframework.web.servlet.DispatcherServlet] - GET >>>>>>> "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", >>>>>>> parameters={masked} >>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - >>>>>>> Mapped >>>>>>> to ResourceHttpRequestHandler [classpath [dist/], classpath [static/]] >>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - === SECURITY === >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - url: >>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - clients: null | matchers: >>>>>>> null >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Provided >>>>>>> clientNames: null >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Default >>>>>>> security clients: null >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only >>>>>>> client: >>>>>>> CasClient >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>>> clientNameOnRequest: Optional.empty >>>>>>> 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - >>>>>>> Found client: >>>>>>> CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>> https://idp.example.tld/cas/logout, >>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>> allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, >>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>> hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - result: >>>>>>> [CasClient] >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - currentClients: >>>>>>> [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>> https://idp.example.tld/cas/logout, >>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>> allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, >>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>> hostnameVerifier=null, sslSocketFactory=null))] >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: >>>>>>> 0D8A24DA3779DDC589CC82A00D7121ED >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>> matcher: org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d >>>>>>> -> true >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>> matcher: >>>>>>> org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 >>>>>>> -> true >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>> matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>> matcher: org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b >>>>>>> -> true >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>> matcher: org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 >>>>>>> -> true >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: >>>>>>> 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>> previous >>>>>>> CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>> pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>> generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current URL: >>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>> pac4jCsrfToken >>>>>>> for value: 2af42c4e87984404bcc144ac7034dbc3 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>> pac4jCsrfTokenExpirationDate for value: 1711467929514 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>> matcher: >>>>>>> CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, >>>>>>> domain=null, path=/, httpOnly=true, secure=true, maxAge=null, >>>>>>> sameSitePolicy=null, addTokenAsAttribute=true, addTokenAsHeader=false, >>>>>>> addTokenAsCookie=true) -> true >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>>> key: >>>>>>> pac4jUserProfiles >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Loaded profiles (from >>>>>>> session: true): [] >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Starting authentication >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - >>>>>>> requestedUrl: >>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>> pac4jRequestedUrl for value: >>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>>> retrieved session: >>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>>> key: >>>>>>> CasClient$attemptedAuthentication >>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>> [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - redirectionUrl: >>>>>>> https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient >>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>> [org.springframework.web.servlet.DispatcherServlet] - Completed 302 >>>>>>> FOUND >>>>>>> >>>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/846f5824-cd0b-4d47-8071-ab7cd5a9d1fcn%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/846f5824-cd0b-4d47-8071-ab7cd5a9d1fcn%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Seyyed Mohsen Saeedi سید محسن سعیدی -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE0qWryh09y3_SnfXYvo641b_K0_HE5n2Mn%3DGhFg-5UUy-ybQg%40mail.gmail.com.
