See also https://groups.google.com/a/apereo.org/g/cas-user/c/VFVlwBSMdDg/m/vt_IOXOCBAAJ
I believe this is the same issue. Ray identified a mistake in cas-management itself (and a workaround). I don't know of a fix yet and have not been able to have a look myself yet either. On Saturday, July 27, 2024 at 4:50:55 AM UTC+2 Mohsen Saeedi wrote: > Can you send your build.gradle? I want to check dependencies that defined > for your build. > > On Tue, Apr 2, 2024 at 10:52 AM Hartmut Trüe <[email protected]> wrote: > >> Hello Benjamin, >> >> this is my CAS 6.6 management configuration: >> >> #--------------------------------------------- >> # config for cas management webapp >> logging.config=file:/etc/cas/config/log4j2-management.xml >> server.servlet.context-path=/cas-management >> >> cas.server.name=https://www.domain.tld >> cas.server.prefix=${cas.server.name}/cas >> >> mgmt.server-name=https://www.domain.tld >> >> # for testing only : no login required >> #mgmt.cas-sso=false >> #mgmt.authz-ip-regex=.* >> >> mgmt.user-properties-file=file:/etc/cas/config/adminUsers.json >> mgmt.admin-roles[0]=ROLE_ADMIN >> mgmt.user-roles[0]=ROLE_USER >> >> cas.serviceRegistry.initFromJson=true >> cas.serviceRegistry.json.location=file:///etc/cas/services-repo >> >> mgmt.ldap.ldap-url=ldap://192.168.2.1/ >> mgmt.ldap.bind-dn=uid=cas,ou=accounts,dc=de >> mgmt.ldap.bind-credential=xxxxxxxxxxxx >> #mgmt.ldap.use-ssl=false >> mgmt.ldap.use-start-tls=false >> mgmt.ldap.block-wait-time=3000 >> mgmt.ldap.connect-timeout=2000 >> mgmt.ldap.validate-on-checkout=false >> mgmt.ldap.validate-periodically=true >> mgmt.ldap.validate-period=300 >> mgmt.ldap.idle-time=600 >> mgmt.ldap.max-pool-size=10 >> mgmt.ldap.min-pool-size=1 >> mgmt.ldap.prune-period=300 >> >> mgmt.ldap.ldapAuthz.base-dn=ou=people,dc=domain,dc=tld >> mgmt.ldap.ldapAuthz.search-filter=uid={user} >> mgmt.ldap.ldapAuthz.allow-multiple-results=false >> >> #--------------------------------------------- >> >> Hartmut >> >> Benjamin Renard schrieb am Donnerstag, 28. März 2024 um 20:46:46 UTC+1: >> >>> Hello Hartmut, >>> >>> From my side, I can't observe this interesting error in my logs, even if >>> enabling debuging on spring webflow & security. In fact, I also try to >>> enable debug on root logger and I obtain nothing more than I have initialy >>> posted here. >>> >>> Could you share your operational configuration in v6 ? I would like to >>> know what look like a operational configuration :) >>> >>> Thanks ! >>> >>> Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : >>> >>>> After playing a bit with the loglevels (debug for >>>> spring.webflow.log.level and spring.security.log.level), I found this. But >>>> I have no idea, if that is the problem or what to do. >>>> As explained earlier, 6.6.x is running fine with the same configuration. >>>> >>>> ... >>>> 2024-03-28 09:43:41,073 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>> org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> >>>> 2024-03-28 09:43:41,073 INFO >>>> [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] >>>> - >>>> <No credentials could be extracted/detected from the current request> >>>> 2024-03-28 09:43:41,073 INFO >>>> [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution >>>> disallowed; pre-execution result is 'error'> >>>> 2024-03-28 09:43:41,073 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>> executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; >>>> result = error> >>>> 2024-03-28 09:43:41,073 DEBUG >>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>> executing [EvaluateAction@763bc2b expression = tokenAuthenticationAction, >>>> resultExpression = [null]]; result = error> >>>> 2024-03-28 09:43:41,073 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Executing >>>> [Transition@1b2a72b9 on = *, to = >>>> initialAuthenticationRequestValidationCheck]> >>>> 2024-03-28 09:43:41,073 DEBUG >>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>> 'tokenAuthenticationCheck'> >>>> ... >>>> >>>> Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: >>>> >>>>> Thank Mohamed, >>>>> >>>>> What do you mean about enabling SSL ? My CAS management app is >>>>> accessible via an Apache HTTPS VirtualHost that proxypass requests to a >>>>> Tomcat's AJP Connector. It's "SSL enabled" for you ? :) >>>>> >>>>> Note: My CAS server use the same Apache HTTPS VirtualHost and Tomcat >>>>> AJP connector, but is deploy another context (/cas vs /cas-management). >>>>> >>>>> Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : >>>>> >>>>>> Hello, >>>>>> >>>>>> I had a similar issue running cas management 6.6.4 and it was related >>>>>> to https. >>>>>> >>>>>> My cas management was started with ssl disabled and this version of >>>>>> cas management requires SSL (see the security adapter ) and in the logs >>>>>> it >>>>>> says requires secure channel. >>>>>> >>>>>> I tried to override the adapter but finally ended up by activating >>>>>> ssl to avoid the redirects … >>>>>> >>>>>> Hope it helps… >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <[email protected]> a >>>>>> écrit : >>>>>> >>>>>>> Same problem on my CAS Management webapp, it ends in "too many >>>>>>> redirects". The same configuration is working fine with CAS 6.6.x and >>>>>>> Management 6.6.x and the certificate is valid. >>>>>>> >>>>>>> I can't find errors, and the ticket seems to be valid: >>>>>>> ... >>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0> >>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested >>>>>>> original ticket id [TGT-1-********PD8Hl30-cas-dev] to >>>>>>> [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> >>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting >>>>>>> to >>>>>>> decode >>>>>>> [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded >>>>>>> ticket >>>>>>> to [TGT-1-********PD8Hl30-cas-dev]> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing >>>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; >>>>>>> result = valid> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [EvaluateAction@698bdaf2 expression = >>>>>>> ticketGrantingTicketCheckAction, resultExpression = [null]]; result = >>>>>>> valid> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@109de836 on = valid, to = hasServiceCheck]> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'ticketGrantingTicketCheck'> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.DecisionState] - <Entering state >>>>>>> 'hasServiceCheck' of flow 'login'> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@5efaf8bd on = flowScope.service != null, to = >>>>>>> renewRequestCheck]> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'hasServiceCheck'> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>> 'renewRequestCheck' of flow 'login'> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [EvaluateAction@42900422 expression = >>>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] >>>>>>> >>>>>>> - <Evaluating authentication policy >>>>>>> [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], >>>>>>> >>>>>>> excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing >>>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; >>>>>>> >>>>>>> result = proceed> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [EvaluateAction@42900422 expression = >>>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]; >>>>>>> result = >>>>>>> proceed> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@1ad0074 on = proceed, to = generateServiceTicket]> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'renewRequestCheck'> >>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>> 'generateServiceTicket' of flow 'login'> >>>>>>> ... >>>>>>> >>>>>>> Regards, >>>>>>> Hartmut >>>>>>> Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: >>>>>>> >>>>>>>> Benjamin, >>>>>>>> >>>>>>>> The behaviour you describe happens when the service ticket can not >>>>>>>> be validated. >>>>>>>> cas management submits the ST to cas through a back channel over >>>>>>>> https. >>>>>>>> If there is nothing in cas audit log about validation / failed >>>>>>>> validation (which would give a reason for failure), it could be a >>>>>>>> certificate problem. >>>>>>>> >>>>>>>> Do you have a proper/valid certificate for idp.example.tld (i.e. >>>>>>>> cert signed by an authority)? >>>>>>>> >>>>>>>> If not, you may have to add it to the java keystore (assuming you >>>>>>>> have already added it to tomcat config). >>>>>>>> >>>>>>>> Ray >>>>>>>> >>>>>>>> On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: >>>>>>>> >>>>>>>> Notice: This message was sent from outside the University of >>>>>>>> Victoria email system. Please be cautious with links and sensitive >>>>>>>> information. >>>>>>>> >>>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> I'm trying to install a CAS server (v7) on a Debian 12 host. I >>>>>>>> using the Debian's tomcat10 package, Apache2 as reverse proxy (AJP), >>>>>>>> the >>>>>>>> Oracle JDK 21.0.2 and a CAS Initializr overlay to build the cas.war >>>>>>>> file. >>>>>>>> My CAS server run well, but I have problem with the authentication of >>>>>>>> the >>>>>>>> management app. I use a CAS Initializr overlay for the CAS management >>>>>>>> 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it in >>>>>>>> the >>>>>>>> same context. I configure CAS client in the management app : >>>>>>>> >>>>>>>> cas.server.name=https://idp.example.tld >>>>>>>> cas.server.prefix=${cas.server.name}/cas >>>>>>>> >>>>>>>> When I try to access to the management app, I'm entering in a loop >>>>>>>> : I'm redirect to the CAS server that authenticate me and redirect me >>>>>>>> to >>>>>>>> the management app on its callback URL with a ticket ( >>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) >>>>>>>> >>>>>>>> and I'm redirect again to the CAS server for authentication, that >>>>>>>> redirect >>>>>>>> me back with a new ticket and etc. >>>>>>>> >>>>>>>> I have no error in logs and I tried to enable debugging and I can't >>>>>>>> find any indication about my problem (see logs below). Do you have any >>>>>>>> idea >>>>>>>> ? >>>>>>>> >>>>>>>> Futhermore, It's a good idea for you to run CAS server & management >>>>>>>> apps version 7 in production or I have to use version 6 ? >>>>>>>> >>>>>>>> Thanks ! >>>>>>>> >>>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - Securing GET >>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] >>>>>>>> - >>>>>>>> Request: filter invocation [GET >>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; >>>>>>>> >>>>>>>> ConfigAttributes: [REQUIRES_SECURE_CHANNEL] >>>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>> >>>>>>>> - Set SecurityContextHolder to anonymous SecurityContext >>>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - Secured GET >>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>> 2024-03-26 12:45:29,510 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - GET >>>>>>>> "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", >>>>>>>> >>>>>>>> parameters={masked} >>>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - >>>>>>>> Mapped >>>>>>>> to ResourceHttpRequestHandler [classpath [dist/], classpath [static/]] >>>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - === SECURITY === >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - url: >>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - clients: null | >>>>>>>> matchers: >>>>>>>> null >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Provided >>>>>>>> clientNames: null >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Default >>>>>>>> security clients: null >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only >>>>>>>> client: >>>>>>>> CasClient >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>>>> clientNameOnRequest: Optional.empty >>>>>>>> 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - >>>>>>>> Found client: >>>>>>>> CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>>> >>>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>>> >>>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>>> >>>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>>> >>>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>>> >>>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>>> >>>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>>> >>>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>>> >>>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>>> https://idp.example.tld/cas/logout, >>>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>>> allowedProxyChains=[], defaultTicketValidator=null, >>>>>>>> proxyReceptor=null, >>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>>> hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - result: >>>>>>>> [CasClient] >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - currentClients: >>>>>>>> [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>>> >>>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>>> >>>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>>> >>>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>>> >>>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>>> >>>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>>> >>>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>>> >>>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>>> >>>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>>> https://idp.example.tld/cas/logout, >>>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>>> allowedProxyChains=[], defaultTicketValidator=null, >>>>>>>> proxyReceptor=null, >>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>>> hostnameVerifier=null, sslSocketFactory=null))] >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>> false, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: >>>>>>>> 0D8A24DA3779DDC589CC82A00D7121ED >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>> matcher: org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d >>>>>>>> -> >>>>>>>> true >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>> matcher: >>>>>>>> org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 >>>>>>>> -> true >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>> matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>> matcher: org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b >>>>>>>> -> >>>>>>>> true >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>> matcher: org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 >>>>>>>> -> >>>>>>>> true >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>> false, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: >>>>>>>> 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>>> previous >>>>>>>> CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>> pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>>> generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current >>>>>>>> URL: >>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>> pac4jCsrfToken >>>>>>>> for value: 2af42c4e87984404bcc144ac7034dbc3 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>> pac4jCsrfTokenExpirationDate for value: 1711467929514 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>> matcher: >>>>>>>> CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, >>>>>>>> >>>>>>>> domain=null, path=/, httpOnly=true, secure=true, maxAge=null, >>>>>>>> sameSitePolicy=null, addTokenAsAttribute=true, addTokenAsHeader=false, >>>>>>>> addTokenAsCookie=true) -> true >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>> false, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>>>> key: >>>>>>>> pac4jUserProfiles >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Loaded profiles (from >>>>>>>> session: true): [] >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Starting authentication >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - >>>>>>>> requestedUrl: >>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>> pac4jRequestedUrl for value: >>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>> false, >>>>>>>> retrieved session: >>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>>>> key: >>>>>>>> CasClient$attemptedAuthentication >>>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>>> [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - redirectionUrl: >>>>>>>> https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient >>>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - Completed 302 >>>>>>>> FOUND >>>>>>>> >>>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org >>>>>>> >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/846f5824-cd0b-4d47-8071-ab7cd5a9d1fcn%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/846f5824-cd0b-4d47-8071-ab7cd5a9d1fcn%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > > -- > Seyyed Mohsen Saeedi > سید محسن سعیدی > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/08ed6c19-1446-4bc6-ab6c-6fb7a6c4ffd2n%40apereo.org.
