Hi, cas-management-overlay seems to be neglected. There is a branch 7.0, which apparently does not work not only for me until now. And in the master branch the version is still 6.3.0-snapshot with source- and targetcomapatibility=11 ...
Unfortunately, the wait for a fix seems to be very long... Frédéric Dussurget schrieb am Mittwoch, 21. August 2024 um 20:26:05 UTC+2: > Hi there, > I tried to migrate from 6.6 to 7.0 and I'm doing the same observation as > you all : > it is looping forever. > And when turning off cas authn ( mgmt.cas-sso=false) it starts to work > again ... It's not going to go to production but, still, I'm happy to work > with tomcat10, jdk21, etc. > Let's wait for a fix > > Le mardi 30 juillet 2024 à 14:38:08 UTC+2, Hartmut Trüe a écrit : > >> @Mohsen: its the build.gradle from the cas-management overlay without >> modifications. And I tried with reverse proxy, without reverse proxy, >> standalone tomcat, embedded tomcat ... all the same. >> >> @Tom: I know that workaround, thankyou, but for a production environment >> it doesn't feel good. I don't know if it is the same issue, my >> cas-management does not log much despite debug mode. And in my CAS log >> there is no other error visible than " No credentials could be >> extracted/detected from the current request". But that does not help me, I >> don't know how I could change that. >> >> >> 2024-07-30 13:11:21,455 INFO >> [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service >> ticket [ST-33-********3rMmfoE-cas-dev] for service [ >> https://my.domain.de/cas-management/callback?client_name=CasClient] and >> principal [casuser]> >> 2024-07-30 13:11:21,456 INFO >> [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN >> ============================================================= >> WHEN: 2024-07-30T11:11:21.456317337 >> WHO: casuser >> WHAT: {service= >> https://my.domain.de/cas-management/callback?client_name=CasClient, >> ticketId=ST-33-********3rMmfoE-cas-dev} >> ACTION: SERVICE_TICKET_CREATED >> CLIENT IP ADDRESS: 192.168.122.150 >> SERVER IP ADDRESS: 192.168.25.17 >> ============================================================= >> >> > >> 2024-07-30 13:11:21,535 INFO >> [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - >> <No credentials could be extracted/detected from the current request> >> 2024-07-30 13:11:21,535 INFO >> [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution >> disallowed; pre-execution result is 'error'> >> 2024-07-30 13:11:21,543 INFO >> [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN >> ============================================================= >> WHEN: 2024-07-30T11:11:21.543264010 >> WHO: casuser >> WHAT: {result=Service Access Granted, service= >> https://my.domain.de/cas-management/callback?client_name=CasClient, >> requiredAttributes={}} >> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED >> CLIENT IP ADDRESS: 192.168.122.150 >> SERVER IP ADDRESS: 192.168.25.17 >> ============================================================= >> >> Tom Reijnders schrieb am Montag, 29. Juli 2024 um 14:44:28 UTC+2: >> >>> See also >>> https://groups.google.com/a/apereo.org/g/cas-user/c/VFVlwBSMdDg/m/vt_IOXOCBAAJ >>> >>> I believe this is the same issue. Ray identified a mistake in >>> cas-management itself (and a workaround). I don't know of a fix yet and >>> have not been able to have a look myself yet either. >>> >>> On Saturday, July 27, 2024 at 4:50:55 AM UTC+2 Mohsen Saeedi wrote: >>> >>>> Can you send your build.gradle? I want to check dependencies that >>>> defined for your build. >>>> >>>> On Tue, Apr 2, 2024 at 10:52 AM Hartmut Trüe <[email protected]> wrote: >>>> >>>>> Hello Benjamin, >>>>> >>>>> this is my CAS 6.6 management configuration: >>>>> >>>>> #--------------------------------------------- >>>>> # config for cas management webapp >>>>> logging.config=file:/etc/cas/config/log4j2-management.xml >>>>> server.servlet.context-path=/cas-management >>>>> >>>>> cas.server.name=https://www.domain.tld >>>>> cas.server.prefix=${cas.server.name}/cas >>>>> >>>>> mgmt.server-name=https://www.domain.tld >>>>> >>>>> # for testing only : no login required >>>>> #mgmt.cas-sso=false >>>>> #mgmt.authz-ip-regex=.* >>>>> >>>>> mgmt.user-properties-file=file:/etc/cas/config/adminUsers.json >>>>> mgmt.admin-roles[0]=ROLE_ADMIN >>>>> mgmt.user-roles[0]=ROLE_USER >>>>> >>>>> cas.serviceRegistry.initFromJson=true >>>>> cas.serviceRegistry.json.location=file:///etc/cas/services-repo >>>>> >>>>> mgmt.ldap.ldap-url=ldap://192.168.2.1/ >>>>> mgmt.ldap.bind-dn=uid=cas,ou=accounts,dc=de >>>>> mgmt.ldap.bind-credential=xxxxxxxxxxxx >>>>> #mgmt.ldap.use-ssl=false >>>>> mgmt.ldap.use-start-tls=false >>>>> mgmt.ldap.block-wait-time=3000 >>>>> mgmt.ldap.connect-timeout=2000 >>>>> mgmt.ldap.validate-on-checkout=false >>>>> mgmt.ldap.validate-periodically=true >>>>> mgmt.ldap.validate-period=300 >>>>> mgmt.ldap.idle-time=600 >>>>> mgmt.ldap.max-pool-size=10 >>>>> mgmt.ldap.min-pool-size=1 >>>>> mgmt.ldap.prune-period=300 >>>>> >>>>> mgmt.ldap.ldapAuthz.base-dn=ou=people,dc=domain,dc=tld >>>>> mgmt.ldap.ldapAuthz.search-filter=uid={user} >>>>> mgmt.ldap.ldapAuthz.allow-multiple-results=false >>>>> >>>>> #--------------------------------------------- >>>>> >>>>> Hartmut >>>>> >>>>> Benjamin Renard schrieb am Donnerstag, 28. März 2024 um 20:46:46 UTC+1: >>>>> >>>>>> Hello Hartmut, >>>>>> >>>>>> From my side, I can't observe this interesting error in my logs, even >>>>>> if enabling debuging on spring webflow & security. In fact, I also try >>>>>> to >>>>>> enable debug on root logger and I obtain nothing more than I have >>>>>> initialy >>>>>> posted here. >>>>>> >>>>>> Could you share your operational configuration in v6 ? I would like >>>>>> to know what look like a operational configuration :) >>>>>> >>>>>> Thanks ! >>>>>> >>>>>> Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : >>>>>> >>>>>>> After playing a bit with the loglevels (debug for >>>>>>> spring.webflow.log.level and spring.security.log.level), I found this. >>>>>>> But >>>>>>> I have no idea, if that is the problem or what to do. >>>>>>> As explained earlier, 6.6.x is running fine with the same >>>>>>> configuration. >>>>>>> >>>>>>> ... >>>>>>> 2024-03-28 09:43:41,073 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> >>>>>>> 2024-03-28 09:43:41,073 INFO >>>>>>> [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] >>>>>>> - >>>>>>> <No credentials could be extracted/detected from the current request> >>>>>>> 2024-03-28 09:43:41,073 INFO >>>>>>> [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution >>>>>>> disallowed; pre-execution result is 'error'> >>>>>>> 2024-03-28 09:43:41,073 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; >>>>>>> result = error> >>>>>>> 2024-03-28 09:43:41,073 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [EvaluateAction@763bc2b expression = >>>>>>> tokenAuthenticationAction, >>>>>>> resultExpression = [null]]; result = error> >>>>>>> 2024-03-28 09:43:41,073 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@1b2a72b9 on = *, to = >>>>>>> initialAuthenticationRequestValidationCheck]> >>>>>>> 2024-03-28 09:43:41,073 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'tokenAuthenticationCheck'> >>>>>>> ... >>>>>>> >>>>>>> Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: >>>>>>> >>>>>>>> Thank Mohamed, >>>>>>>> >>>>>>>> What do you mean about enabling SSL ? My CAS management app is >>>>>>>> accessible via an Apache HTTPS VirtualHost that proxypass requests to >>>>>>>> a >>>>>>>> Tomcat's AJP Connector. It's "SSL enabled" for you ? :) >>>>>>>> >>>>>>>> Note: My CAS server use the same Apache HTTPS VirtualHost and >>>>>>>> Tomcat AJP connector, but is deploy another context (/cas vs >>>>>>>> /cas-management). >>>>>>>> >>>>>>>> Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I had a similar issue running cas management 6.6.4 and it was >>>>>>>>> related to https. >>>>>>>>> >>>>>>>>> My cas management was started with ssl disabled and this version >>>>>>>>> of cas management requires SSL (see the security adapter ) and in the >>>>>>>>> logs >>>>>>>>> it says requires secure channel. >>>>>>>>> >>>>>>>>> I tried to override the adapter but finally ended up by activating >>>>>>>>> ssl to avoid the redirects … >>>>>>>>> >>>>>>>>> Hope it helps… >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <[email protected]> a >>>>>>>>> écrit : >>>>>>>>> >>>>>>>>>> Same problem on my CAS Management webapp, it ends in "too many >>>>>>>>>> redirects". The same configuration is working fine with CAS 6.6.x >>>>>>>>>> and >>>>>>>>>> Management 6.6.x and the certificate is valid. >>>>>>>>>> >>>>>>>>>> I can't find errors, and the ticket seems to be valid: >>>>>>>>>> ... >>>>>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0> >>>>>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested >>>>>>>>>> original ticket id [TGT-1-********PD8Hl30-cas-dev] to >>>>>>>>>> [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> >>>>>>>>>> 2024-03-27 07:39:34,185 DEBUG >>>>>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - >>>>>>>>>> <Attempting to >>>>>>>>>> decode >>>>>>>>>> [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded >>>>>>>>>> ticket >>>>>>>>>> to [TGT-1-********PD8Hl30-cas-dev]> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>>>> executing >>>>>>>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; >>>>>>>>>> >>>>>>>>>> result = valid> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>>>> executing [EvaluateAction@698bdaf2 expression = >>>>>>>>>> ticketGrantingTicketCheckAction, resultExpression = [null]]; result >>>>>>>>>> = valid> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>>>>> [Transition@109de836 on = valid, to = hasServiceCheck]> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>>>>> 'ticketGrantingTicketCheck'> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.DecisionState] - <Entering state >>>>>>>>>> 'hasServiceCheck' of flow 'login'> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>>>>> [Transition@5efaf8bd on = flowScope.service != null, to = >>>>>>>>>> renewRequestCheck]> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>>>>> 'hasServiceCheck'> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>>>>> 'renewRequestCheck' of flow 'login'> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>>>>> [EvaluateAction@42900422 expression = >>>>>>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] >>>>>>>>>> >>>>>>>>>> - <Evaluating authentication policy >>>>>>>>>> [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], >>>>>>>>>> >>>>>>>>>> excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>>>> executing >>>>>>>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; >>>>>>>>>> >>>>>>>>>> result = proceed> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>>>>> executing [EvaluateAction@42900422 expression = >>>>>>>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]; >>>>>>>>>> result = >>>>>>>>>> proceed> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>>>>> [Transition@1ad0074 on = proceed, to = generateServiceTicket]> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>>>>> 'renewRequestCheck'> >>>>>>>>>> 2024-03-27 07:39:34,187 DEBUG >>>>>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>>>>> 'generateServiceTicket' of flow 'login'> >>>>>>>>>> ... >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Hartmut >>>>>>>>>> Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: >>>>>>>>>> >>>>>>>>>>> Benjamin, >>>>>>>>>>> >>>>>>>>>>> The behaviour you describe happens when the service ticket can >>>>>>>>>>> not be validated. >>>>>>>>>>> cas management submits the ST to cas through a back channel over >>>>>>>>>>> https. >>>>>>>>>>> If there is nothing in cas audit log about validation / failed >>>>>>>>>>> validation (which would give a reason for failure), it could be a >>>>>>>>>>> certificate problem. >>>>>>>>>>> >>>>>>>>>>> Do you have a proper/valid certificate for idp.example.tld (i.e. >>>>>>>>>>> cert signed by an authority)? >>>>>>>>>>> >>>>>>>>>>> If not, you may have to add it to the java keystore (assuming >>>>>>>>>>> you have already added it to tomcat config). >>>>>>>>>>> >>>>>>>>>>> Ray >>>>>>>>>>> >>>>>>>>>>> On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: >>>>>>>>>>> >>>>>>>>>>> Notice: This message was sent from outside the University of >>>>>>>>>>> Victoria email system. Please be cautious with links and sensitive >>>>>>>>>>> information. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> I'm trying to install a CAS server (v7) on a Debian 12 host. I >>>>>>>>>>> using the Debian's tomcat10 package, Apache2 as reverse proxy >>>>>>>>>>> (AJP), the >>>>>>>>>>> Oracle JDK 21.0.2 and a CAS Initializr overlay to build the cas.war >>>>>>>>>>> file. >>>>>>>>>>> My CAS server run well, but I have problem with the authentication >>>>>>>>>>> of the >>>>>>>>>>> management app. I use a CAS Initializr overlay for the CAS >>>>>>>>>>> management >>>>>>>>>>> 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it >>>>>>>>>>> in the >>>>>>>>>>> same context. I configure CAS client in the management app : >>>>>>>>>>> >>>>>>>>>>> cas.server.name=https://idp.example.tld >>>>>>>>>>> cas.server.prefix=${cas.server.name}/cas >>>>>>>>>>> >>>>>>>>>>> When I try to access to the management app, I'm entering in a >>>>>>>>>>> loop : I'm redirect to the CAS server that authenticate me and >>>>>>>>>>> redirect me >>>>>>>>>>> to the management app on its callback URL with a ticket ( >>>>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) >>>>>>>>>>> >>>>>>>>>>> and I'm redirect again to the CAS server for authentication, that >>>>>>>>>>> redirect >>>>>>>>>>> me back with a new ticket and etc. >>>>>>>>>>> >>>>>>>>>>> I have no error in logs and I tried to enable debugging and I >>>>>>>>>>> can't find any indication about my problem (see logs below). Do you >>>>>>>>>>> have >>>>>>>>>>> any idea ? >>>>>>>>>>> >>>>>>>>>>> Futhermore, It's a good idea for you to run CAS server & >>>>>>>>>>> management apps version 7 in production or I have to use version 6 ? >>>>>>>>>>> >>>>>>>>>>> Thanks ! >>>>>>>>>>> >>>>>>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - Securing GET >>>>>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>>>>>>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] >>>>>>>>>>> - >>>>>>>>>>> Request: filter invocation [GET >>>>>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; >>>>>>>>>>> >>>>>>>>>>> ConfigAttributes: [REQUIRES_SECURE_CHANNEL] >>>>>>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>>>>> >>>>>>>>>>> - Set SecurityContextHolder to anonymous SecurityContext >>>>>>>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - Secured GET >>>>>>>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>>>> 2024-03-26 12:45:29,510 DEBUG >>>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - GET >>>>>>>>>>> "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", >>>>>>>>>>> >>>>>>>>>>> parameters={masked} >>>>>>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>>>>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - >>>>>>>>>>> Mapped >>>>>>>>>>> to ResourceHttpRequestHandler [classpath [dist/], classpath >>>>>>>>>>> [static/]] >>>>>>>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - === SECURITY === >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - url: >>>>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - clients: null | >>>>>>>>>>> matchers: >>>>>>>>>>> null >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>>>>>>> Provided >>>>>>>>>>> clientNames: null >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>>>>>>> Default >>>>>>>>>>> security clients: null >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only >>>>>>>>>>> client: >>>>>>>>>>> CasClient >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>>>>>>> clientNameOnRequest: Optional.empty >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - >>>>>>>>>>> Found client: >>>>>>>>>>> CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>>>>>> >>>>>>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>>>>>> >>>>>>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>>>>>> >>>>>>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>>>>>> >>>>>>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>>>>>> >>>>>>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>>>>>> >>>>>>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>>>>>> >>>>>>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>>>>>> >>>>>>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>>>>>> https://idp.example.tld/cas/logout, >>>>>>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>>>>>> allowedProxyChains=[], defaultTicketValidator=null, >>>>>>>>>>> proxyReceptor=null, >>>>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>>>>>> hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>>>>>>> result: >>>>>>>>>>> [CasClient] >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - currentClients: >>>>>>>>>>> [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>>>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>>>>>>> >>>>>>>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>>>>>>> >>>>>>>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>>>>>>> >>>>>>>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>>>>>>> nbAttempts=0, lastAttempt=null, >>>>>>>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>>>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>>>>>>> >>>>>>>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>>>>>>> multiProfile=false, saveProfileInSession=true, >>>>>>>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>>>>>>> https://idp.example.tld/cas-management/callback, >>>>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>>>>>>> >>>>>>>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>>>>>>> >>>>>>>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>>>>>>> >>>>>>>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>>>>>>> >>>>>>>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>>>>>>> https://idp.example.tld/cas/logout, >>>>>>>>>>> postLogoutUrlParameter=service), checkAuthenticationAttempt=true), >>>>>>>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>>>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>>>>>>> https://idp.example.tld/cas/, restUrl= >>>>>>>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>>>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>>>>>>> allowedProxyChains=[], defaultTicketValidator=null, >>>>>>>>>>> proxyReceptor=null, >>>>>>>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>>>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>>>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>>>>>>> hostnameVerifier=null, sslSocketFactory=null))] >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> false, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: >>>>>>>>>>> 0D8A24DA3779DDC589CC82A00D7121ED >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>>>> matcher: >>>>>>>>>>> org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d -> >>>>>>>>>>> true >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>>>> matcher: >>>>>>>>>>> org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 >>>>>>>>>>> -> true >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>>>> matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>>>> matcher: >>>>>>>>>>> org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b -> >>>>>>>>>>> true >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>>>> matcher: >>>>>>>>>>> org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 -> >>>>>>>>>>> true >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> false, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: >>>>>>>>>>> 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>>>>>> previous >>>>>>>>>>> CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> true, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>>>> pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>>>>>>> generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current >>>>>>>>>>> URL: >>>>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> true, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>>>> pac4jCsrfToken >>>>>>>>>>> for value: 2af42c4e87984404bcc144ac7034dbc3 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> true, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>>>> pac4jCsrfTokenExpirationDate for value: 1711467929514 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>>>>>>> matcher: >>>>>>>>>>> CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, >>>>>>>>>>> >>>>>>>>>>> domain=null, path=/, httpOnly=true, secure=true, maxAge=null, >>>>>>>>>>> sameSitePolicy=null, addTokenAsAttribute=true, >>>>>>>>>>> addTokenAsHeader=false, >>>>>>>>>>> addTokenAsCookie=true) -> true >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> false, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null >>>>>>>>>>> for key: >>>>>>>>>>> pac4jUserProfiles >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Loaded profiles >>>>>>>>>>> (from >>>>>>>>>>> session: true): [] >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Starting >>>>>>>>>>> authentication >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - >>>>>>>>>>> requestedUrl: >>>>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> true, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>>>>>>> pac4jRequestedUrl for value: >>>>>>>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: >>>>>>>>>>> false, >>>>>>>>>>> retrieved session: >>>>>>>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>>>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>>>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null >>>>>>>>>>> for key: >>>>>>>>>>> CasClient$attemptedAuthentication >>>>>>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>>>>>> [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - >>>>>>>>>>> redirectionUrl: >>>>>>>>>>> https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient >>>>>>>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - Completed 302 >>>>>>>>>>> FOUND >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>> --- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org >>>>>>>>>> >>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> >>>>>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> >>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/846f5824-cd0b-4d47-8071-ab7cd5a9d1fcn%40apereo.org >>>>> >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/846f5824-cd0b-4d47-8071-ab7cd5a9d1fcn%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> Seyyed Mohsen Saeedi >>>> سید محسن سعیدی >>>> >>> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ccc551af-a6c2-4b52-98b6-2dc230785fe6n%40apereo.org.
