Hartmut, It looks like they are moving to a different tool, palantir, https://apereo.github.io/cas/7.0.x/installation/Admin-Dashboard.html
Ray On Wed, 2024-09-18 at 00:57 -0700, Hartmut Trüe wrote: Hi, cas-management-overlay seems to be neglected. There is a branch 7.0, which apparently does not work not only for me until now. And in the master branch the version is still 6.3.0-snapshot with source- and targetcomapatibility=11 ... Unfortunately, the wait for a fix seems to be very long... Frédéric Dussurget schrieb am Mittwoch, 21. August 2024 um 20:26:05 UTC+2: Hi there, I tried to migrate from 6.6 to 7.0 and I'm doing the same observation as you all : it is looping forever. And when turning off cas authn ( mgmt.cas-sso=false) it starts to work again ... It's not going to go to production but, still, I'm happy to work with tomcat10, jdk21, etc. Let's wait for a fix Le mardi 30 juillet 2024 à 14:38:08 UTC+2, Hartmut Trüe a écrit : @Mohsen: its the build.gradle from the cas-management overlay without modifications. And I tried with reverse proxy, without reverse proxy, standalone tomcat, embedded tomcat ... all the same. @Tom: I know that workaround, thankyou, but for a production environment it doesn't feel good. I don't know if it is the same issue, my cas-management does not log much despite debug mode. And in my CAS log there is no other error visible than " No credentials could be extracted/detected from the current request". But that does not help me, I don't know how I could change that. 2024-07-30 13:11:21,455 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service ticket [ST-33-********3rMmfoE-cas-dev] for service [https://my.domain.de/cas-management/callback?client_name=CasClient] and principal [casuser]> 2024-07-30 13:11:21,456 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN ============================================================= WHEN: 2024-07-30T11:11:21.456317337 WHO: casuser WHAT: {service=https://my.domain.de/cas-management/callback?client_name=CasClient, ticketId=ST-33-********3rMmfoE-cas-dev} ACTION: SERVICE_TICKET_CREATED CLIENT IP ADDRESS: 192.168.122.150 SERVER IP ADDRESS: 192.168.25.17 ============================================================= > 2024-07-30 13:11:21,535 INFO [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - <No credentials could be extracted/detected from the current request> 2024-07-30 13:11:21,535 INFO [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution disallowed; pre-execution result is 'error'> 2024-07-30 13:11:21,543 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN ============================================================= WHEN: 2024-07-30T11:11:21.543264010 WHO: casuser WHAT: {result=Service Access Granted, service=https://my.domain.de/cas-management/callback?client_name=CasClient, requiredAttributes={}} ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED CLIENT IP ADDRESS: 192.168.122.150 SERVER IP ADDRESS: 192.168.25.17 ============================================================= Tom Reijnders schrieb am Montag, 29. Juli 2024 um 14:44:28 UTC+2: See also https://groups.google.com/a/apereo.org/g/cas-user/c/VFVlwBSMdDg/m/vt_IOXOCBAAJ I believe this is the same issue. Ray identified a mistake in cas-management itself (and a workaround). I don't know of a fix yet and have not been able to have a look myself yet either. On Saturday, July 27, 2024 at 4:50:55 AM UTC+2 Mohsen Saeedi wrote: Can you send your build.gradle? I want to check dependencies that defined for your build. On Tue, Apr 2, 2024 at 10:52 AM Hartmut Trüe <[email protected]> wrote: Hello Benjamin, this is my CAS 6.6 management configuration: #--------------------------------------------- # config for cas management webapp logging.config=file:/etc/cas/config/log4j2-management.xml server.servlet.context-path=/cas-management cas.server.name<http://cas.server.name/>=https://www.domain.tld<https://www.domain.tld/> cas.server.prefix=${cas.server.name<http://cas.server.name/>}/cas mgmt.server-name=https://www.domain.tld<https://www.domain.tld/> # for testing only : no login required #mgmt.cas-sso=false #mgmt.authz-ip-regex=.* mgmt.user-properties-file=file:/etc/cas/config/adminUsers.json mgmt.admin-roles[0]=ROLE_ADMIN mgmt.user-roles[0]=ROLE_USER cas.serviceRegistry.initFromJson=true cas.serviceRegistry.json.location=file:///etc/cas/services-repo mgmt.ldap.ldap-url=ldap://192.168.2.1/<http://192.168.2.1/> mgmt.ldap.bind-dn=uid=cas,ou=accounts,dc=de mgmt.ldap.bind-credential=xxxxxxxxxxxx #mgmt.ldap.use-ssl=false mgmt.ldap.use-start-tls=false mgmt.ldap.block-wait-time=3000 mgmt.ldap.connect-timeout=2000 mgmt.ldap.validate-on-checkout=false mgmt.ldap.validate-periodically=true mgmt.ldap.validate-period=300 mgmt.ldap.idle-time=600 mgmt.ldap.max-pool-size=10 mgmt.ldap.min-pool-size=1 mgmt.ldap.prune-period=300 mgmt.ldap.ldapAuthz.base-dn=ou=people,dc=domain,dc=tld mgmt.ldap.ldapAuthz.search-filter=uid={user} mgmt.ldap.ldapAuthz.allow-multiple-results=false #--------------------------------------------- Hartmut Benjamin Renard schrieb am Donnerstag, 28. März 2024 um 20:46:46 UTC+1: Hello Hartmut, >From my side, I can't observe this interesting error in my logs, even if >enabling debuging on spring webflow & security. In fact, I also try to enable >debug on root logger and I obtain nothing more than I have initialy posted >here. Could you share your operational configuration in v6 ? I would like to know what look like a operational configuration :) Thanks ! Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : After playing a bit with the loglevels (debug for spring.webflow.log.level and spring.security.log.level), I found this. But I have no idea, if that is the problem or what to do. As explained earlier, 6.6.x is running fine with the same configuration. ... 2024-03-28 09:43:41,073 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> 2024-03-28 09:43:41,073 INFO [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - <No credentials could be extracted/detected from the current request> 2024-03-28 09:43:41,073 INFO [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution disallowed; pre-execution result is 'error'> 2024-03-28 09:43:41,073 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; result = error> 2024-03-28 09:43:41,073 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@763bc2b expression = tokenAuthenticationAction, resultExpression = [null]]; result = error> 2024-03-28 09:43:41,073 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@1b2a72b9 on = *, to = initialAuthenticationRequestValidationCheck]> 2024-03-28 09:43:41,073 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'tokenAuthenticationCheck'> ... Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: Thank Mohamed, What do you mean about enabling SSL ? My CAS management app is accessible via an Apache HTTPS VirtualHost that proxypass requests to a Tomcat's AJP Connector. It's "SSL enabled" for you ? :) Note: My CAS server use the same Apache HTTPS VirtualHost and Tomcat AJP connector, but is deploy another context (/cas vs /cas-management). Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : Hello, I had a similar issue running cas management 6.6.4 and it was related to https. My cas management was started with ssl disabled and this version of cas management requires SSL (see the security adapter ) and in the logs it says requires secure channel. I tried to override the adapter but finally ended up by activating ssl to avoid the redirects … Hope it helps… Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <[email protected]> a écrit : Same problem on my CAS Management webapp, it ends in "too many redirects". The same configuration is working fine with CAS 6.6.x and Management 6.6.x and the certificate is valid. I can't find errors, and the ticket seems to be valid: ... 2024-03-27 07:39:34,185 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0> 2024-03-27 07:39:34,185 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested original ticket id [TGT-1-********PD8Hl30-cas-dev] to [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> 2024-03-27 07:39:34,185 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to decode [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> 2024-03-27 07:39:34,187 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket to [TGT-1-********PD8Hl30-cas-dev]> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; result = valid> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@698bdaf2 expression = ticketGrantingTicketCheckAction, resultExpression = [null]]; result = valid> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@109de836 on = valid, to = hasServiceCheck]> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'ticketGrantingTicketCheck'> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'hasServiceCheck' of flow 'login'> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@5efaf8bd on = flowScope.service != null, to = renewRequestCheck]> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'hasServiceCheck'> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'renewRequestCheck' of flow 'login'> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@42900422 expression = renewAuthenticationRequestCheckAction, resultExpression = [null]]> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf> 2024-03-27 07:39:34,187 DEBUG [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] - <Evaluating authentication policy [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; result = proceed> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@42900422 expression = renewAuthenticationRequestCheckAction, resultExpression = [null]]; result = proceed> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@1ad0074 on = proceed, to = generateServiceTicket]> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'renewRequestCheck'> 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'generateServiceTicket' of flow 'login'> ... Regards, Hartmut Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: Benjamin, The behaviour you describe happens when the service ticket can not be validated. cas management submits the ST to cas through a back channel over https. If there is nothing in cas audit log about validation / failed validation (which would give a reason for failure), it could be a certificate problem. Do you have a proper/valid certificate for idp.example.tld (i.e. cert signed by an authority)? If not, you may have to add it to the java keystore (assuming you have already added it to tomcat config). Ray On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I'm trying to install a CAS server (v7) on a Debian 12 host. I using the Debian's tomcat10 package, Apache2 as reverse proxy (AJP), the Oracle JDK 21.0.2 and a CAS Initializr overlay to build the cas.war file. My CAS server run well, but I have problem with the authentication of the management app. I use a CAS Initializr overlay for the CAS management 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it in the same context. I configure CAS client in the management app : cas.server.name<http://cas.server.name/>=https://idp.example.tld<https://idp.example.tld/> cas.server.prefix=${cas.server.name<http://cas.server.name/>}/cas When I try to access to the management app, I'm entering in a loop : I'm redirect to the CAS server that authenticate me and redirect me to the management app on its callback URL with a ticket (https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) and I'm redirect again to the CAS server for authentication, that redirect me back with a new ticket and etc. I have no error in logs and I tried to enable debugging and I can't find any indication about my problem (see logs below). Do you have any idea ? Futhermore, It's a good idea for you to run CAS server & management apps version 7 in production or I have to use version 6 ? Thanks ! 2024-03-26 12:45:29,508 DEBUG [org.springframework.security.web.FilterChainProxy] - Securing GET /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod 2024-03-26 12:45:29,508 DEBUG [org.springframework.security.web.access.channel.ChannelProcessingFilter] - Request: filter invocation [GET /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL] 2024-03-26 12:45:29,509 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - Set SecurityContextHolder to anonymous SecurityContext 2024-03-26 12:45:29,509 DEBUG [org.springframework.security.web.FilterChainProxy] - Secured GET /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod 2024-03-26 12:45:29,510 DEBUG [org.springframework.web.servlet.DispatcherServlet] - GET "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", parameters={masked} 2024-03-26 12:45:29,512 DEBUG [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - Mapped to ResourceHttpRequestHandler [classpath [dist/], classpath [static/]] 2024-03-26 12:45:29,512 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - === SECURITY === 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - url: https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - clients: null | matchers: null 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Provided clientNames: null 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Default security clients: null 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only client: CasClient 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - clientNameOnRequest: Optional.empty 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - Found client: CasClient(super=IndirectClient(super=BaseClient(name=CasClient, authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, authenticator=InitializableObject(initialized=false, maxAttempts=3, nbAttempts=0, lastAttempt=null, minTimeIntervalBetweenAttemptsInMilliseconds=5000), profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, customProperties={}, profileFactoryWhenNotAuthenticated=null, multiProfile=false, saveProfileInSession=true, config=org.pac4j.core.config.Config@3236bd7d), callbackUrl=https://idp.example.tld/cas-management/callback, urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl=https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), checkAuthenticationAttempt=true), configuration=CasConfiguration(encoding=UTF-8, loginUrl=https://idp.example.tld/cas/login, prefixUrl=https://idp.example.tld/cas/, restUrl=https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, postLogoutUrlParameter=service, customParams={}, method=null, privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - result: [CasClient] 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - currentClients: [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, authenticator=InitializableObject(initialized=false, maxAttempts=3, nbAttempts=0, lastAttempt=null, minTimeIntervalBetweenAttemptsInMilliseconds=5000), profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, customProperties={}, profileFactoryWhenNotAuthenticated=null, multiProfile=false, saveProfileInSession=true, config=org.pac4j.core.config.Config@3236bd7d), callbackUrl=https://idp.example.tld/cas-management/callback, urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl=https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), checkAuthenticationAttempt=true), configuration=CasConfiguration(encoding=UTF-8, loginUrl=https://idp.example.tld/cas/login, prefixUrl=https://idp.example.tld/cas/, restUrl=https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, postLogoutUrlParameter=service, customParams={}, method=null, privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, hostnameVerifier=null, sslSocketFactory=null))] 2024-03-26 12:45:29,513 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,513 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: 0D8A24DA3779DDC589CC82A00D7121ED 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking matcher: org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d -> true 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking matcher: org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 -> true 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking matcher: org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b -> true 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking matcher: org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 -> true 2024-03-26 12:45:29,513 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,513 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Get value: 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - previous CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Set key: pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current URL: https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Set key: pac4jCsrfToken for value: 2af42c4e87984404bcc144ac7034dbc3 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Set key: pac4jCsrfTokenExpirationDate for value: 1711467929514 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking matcher: CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, domain=null, path=/, httpOnly=true, secure=true, maxAge=null, sameSitePolicy=null, addTokenAsAttribute=true, addTokenAsHeader=false, addTokenAsCookie=true) -> true 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for key: pac4jUserProfiles 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - Loaded profiles (from session: true): [] 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - Starting authentication 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - requestedUrl: https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Set key: pac4jRequestedUrl for value: https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, retrieved session: org.apache.catalina.session.StandardSessionFacade@730d8632 2024-03-26 12:45:29,514 DEBUG [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for key: CasClient$attemptedAuthentication 2024-03-26 12:45:29,515 DEBUG [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - redirectionUrl: https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient 2024-03-26 12:45:29,515 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Completed 302 FOUND -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/69ae1f0967405db29089d898a0d6aa5ef891b4f0.camel%40uvic.ca.
