I saw that, but documentation is not clear. What is the endpoint and configuration? I just added gradle dependencies to build.gradle with successfully build.
On Wed, Sep 18, 2024 at 9:42 PM Ray Bon <[email protected]> wrote: > Hartmut, > > It looks like they are moving to a different tool, palantir, > https://apereo.github.io/cas/7.0.x/installation/Admin-Dashboard.html > > Ray > > On Wed, 2024-09-18 at 00:57 -0700, Hartmut Trüe wrote: > > Hi, > > cas-management-overlay seems to be neglected. > There is a branch 7.0, which apparently does not work not only for me > until now. > And in the master branch the version is still 6.3.0-snapshot with source- > and targetcomapatibility=11 ... > > Unfortunately, the wait for a fix seems to be very long... > > Frédéric Dussurget schrieb am Mittwoch, 21. August 2024 um 20:26:05 UTC+2: > > Hi there, > I tried to migrate from 6.6 to 7.0 and I'm doing the same observation as > you all : > it is looping forever. > And when turning off cas authn ( mgmt.cas-sso=false) it starts to work > again ... It's not going to go to production but, still, I'm happy to work > with tomcat10, jdk21, etc. > Let's wait for a fix > > Le mardi 30 juillet 2024 à 14:38:08 UTC+2, Hartmut Trüe a écrit : > > @Mohsen: its the build.gradle from the cas-management overlay without > modifications. And I tried with reverse proxy, without reverse proxy, > standalone tomcat, embedded tomcat ... all the same. > > @Tom: I know that workaround, thankyou, but for a production environment > it doesn't feel good. I don't know if it is the same issue, my > cas-management does not log much despite debug mode. And in my CAS log > there is no other error visible than " No credentials could be > extracted/detected from the current request". But that does not help me, I > don't know how I could change that. > > > 2024-07-30 13:11:21,455 INFO > [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service > ticket [ST-33-********3rMmfoE-cas-dev] for service [ > https://my.domain.de/cas-management/callback?client_name=CasClient] and > principal [casuser]> > 2024-07-30 13:11:21,456 INFO [org.apereo.inspektr.audit.AuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHEN: 2024-07-30T11:11:21.456317337 > WHO: casuser > WHAT: {service= > https://my.domain.de/cas-management/callback?client_name=CasClient, > ticketId=ST-33-********3rMmfoE-cas-dev} > ACTION: SERVICE_TICKET_CREATED > CLIENT IP ADDRESS: 192.168.122.150 > SERVER IP ADDRESS: 192.168.25.17 > ============================================================= > > > > 2024-07-30 13:11:21,535 INFO > [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - > <No credentials could be extracted/detected from the current request> > 2024-07-30 13:11:21,535 INFO > [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution > disallowed; pre-execution result is 'error'> > 2024-07-30 13:11:21,543 INFO [org.apereo.inspektr.audit.AuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHEN: 2024-07-30T11:11:21.543264010 > WHO: casuser > WHAT: {result=Service Access Granted, service= > https://my.domain.de/cas-management/callback?client_name=CasClient, > requiredAttributes={}} > ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED > CLIENT IP ADDRESS: 192.168.122.150 > SERVER IP ADDRESS: 192.168.25.17 > ============================================================= > > Tom Reijnders schrieb am Montag, 29. Juli 2024 um 14:44:28 UTC+2: > > See also > https://groups.google.com/a/apereo.org/g/cas-user/c/VFVlwBSMdDg/m/vt_IOXOCBAAJ > > I believe this is the same issue. Ray identified a mistake in > cas-management itself (and a workaround). I don't know of a fix yet and > have not been able to have a look myself yet either. > > On Saturday, July 27, 2024 at 4:50:55 AM UTC+2 Mohsen Saeedi wrote: > > Can you send your build.gradle? I want to check dependencies that defined > for your build. > > > On Tue, Apr 2, 2024 at 10:52 AM Hartmut Trüe <[email protected]> wrote: > > Hello Benjamin, > > this is my CAS 6.6 management configuration: > > #--------------------------------------------- > # config for cas management webapp > logging.config=file:/etc/cas/config/log4j2-management.xml > server.servlet.context-path=/cas-management > > cas.server.name=https://www.domain.tld > cas.server.prefix=${cas.server.name}/cas > > mgmt.server-name=https://www.domain.tld > > # for testing only : no login required > #mgmt.cas-sso=false > #mgmt.authz-ip-regex=.* > > mgmt.user-properties-file=file:/etc/cas/config/adminUsers.json > mgmt.admin-roles[0]=ROLE_ADMIN > mgmt.user-roles[0]=ROLE_USER > > cas.serviceRegistry.initFromJson=true > cas.serviceRegistry.json.location=file:///etc/cas/services-repo > > mgmt.ldap.ldap-url=ldap://192.168.2.1/ > mgmt.ldap.bind-dn=uid=cas,ou=accounts,dc=de > mgmt.ldap.bind-credential=xxxxxxxxxxxx > #mgmt.ldap.use-ssl=false > mgmt.ldap.use-start-tls=false > mgmt.ldap.block-wait-time=3000 > mgmt.ldap.connect-timeout=2000 > mgmt.ldap.validate-on-checkout=false > mgmt.ldap.validate-periodically=true > mgmt.ldap.validate-period=300 > mgmt.ldap.idle-time=600 > mgmt.ldap.max-pool-size=10 > mgmt.ldap.min-pool-size=1 > mgmt.ldap.prune-period=300 > > mgmt.ldap.ldapAuthz.base-dn=ou=people,dc=domain,dc=tld > mgmt.ldap.ldapAuthz.search-filter=uid={user} > mgmt.ldap.ldapAuthz.allow-multiple-results=false > > #--------------------------------------------- > > Hartmut > > Benjamin Renard schrieb am Donnerstag, 28. März 2024 um 20:46:46 UTC+1: > > Hello Hartmut, > > From my side, I can't observe this interesting error in my logs, even if > enabling debuging on spring webflow & security. In fact, I also try to > enable debug on root logger and I obtain nothing more than I have initialy > posted here. > > Could you share your operational configuration in v6 ? I would like to > know what look like a operational configuration :) > > Thanks ! > > Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : > > After playing a bit with the loglevels (debug for spring.webflow.log.level > and spring.security.log.level), I found this. But I have no idea, if that > is the problem or what to do. > As explained earlier, 6.6.x is running fine with the same configuration. > > ... > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> > 2024-03-28 09:43:41,073 INFO > [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - > <No credentials could be extracted/detected from the current request> > 2024-03-28 09:43:41,073 INFO > [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution > disallowed; pre-execution result is 'error'> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; > result = error> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing [EvaluateAction@763bc2b expression = tokenAuthenticationAction, > resultExpression = [null]]; result = error> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.engine.Transition] - <Executing > [Transition@1b2a72b9 on = *, to = > initialAuthenticationRequestValidationCheck]> > 2024-03-28 09:43:41,073 DEBUG > [org.springframework.webflow.engine.Transition] - <Exiting state > 'tokenAuthenticationCheck'> > ... > > Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: > > Thank Mohamed, > > What do you mean about enabling SSL ? My CAS management app is accessible > via an Apache HTTPS VirtualHost that proxypass requests to a Tomcat's AJP > Connector. It's "SSL enabled" for you ? :) > > Note: My CAS server use the same Apache HTTPS VirtualHost and Tomcat AJP > connector, but is deploy another context (/cas vs /cas-management). > > Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : > > Hello, > > I had a similar issue running cas management 6.6.4 and it was related to > https. > > My cas management was started with ssl disabled and this version of cas > management requires SSL (see the security adapter ) and in the logs it says > requires secure channel. > > I tried to override the adapter but finally ended up by activating ssl to > avoid the redirects … > > Hope it helps… > > > > > > Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <[email protected]> a écrit : > > Same problem on my CAS Management webapp, it ends in "too many redirects". > The same configuration is working fine with CAS 6.6.x and Management 6.6.x > and the certificate is valid. > > I can't find errors, and the ticket seems to be valid: > ... > 2024-03-27 07:39:34,185 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0> > 2024-03-27 07:39:34,185 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested > original ticket id [TGT-1-********PD8Hl30-cas-dev] to > [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> > 2024-03-27 07:39:34,185 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to > decode > [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> > 2024-03-27 07:39:34,187 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket > to [TGT-1-********PD8Hl30-cas-dev]> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing > org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; > result = valid> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing [EvaluateAction@698bdaf2 expression = > ticketGrantingTicketCheckAction, resultExpression = [null]]; result = valid> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.Transition] - <Executing > [Transition@109de836 on = valid, to = hasServiceCheck]> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.Transition] - <Exiting state > 'ticketGrantingTicketCheck'> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.DecisionState] - <Entering state > 'hasServiceCheck' of flow 'login'> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.Transition] - <Executing > [Transition@5efaf8bd on = flowScope.service != null, to = > renewRequestCheck]> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.Transition] - <Exiting state > 'hasServiceCheck'> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.ActionState] - <Entering state > 'renewRequestCheck' of flow 'login'> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > [EvaluateAction@42900422 expression = > renewAuthenticationRequestCheckAction, resultExpression = [null]]> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf > > > 2024-03-27 07:39:34,187 DEBUG > [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] > - <Evaluating authentication policy > [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], > excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing > org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; > result = proceed> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing [EvaluateAction@42900422 expression = > renewAuthenticationRequestCheckAction, resultExpression = [null]]; result = > proceed> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.Transition] - <Executing > [Transition@1ad0074 on = proceed, to = generateServiceTicket]> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.Transition] - <Exiting state > 'renewRequestCheck'> > 2024-03-27 07:39:34,187 DEBUG > [org.springframework.webflow.engine.ActionState] - <Entering state > 'generateServiceTicket' of flow 'login'> > ... > > Regards, > Hartmut > Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: > > Benjamin, > > The behaviour you describe happens when the service ticket can not be > validated. > cas management submits the ST to cas through a back channel over https. > If there is nothing in cas audit log about validation / failed validation > (which would give a reason for failure), it could be a certificate problem. > > Do you have a proper/valid certificate for idp.example.tld (i.e. cert > signed by an authority)? > > If not, you may have to add it to the java keystore (assuming you have > already added it to tomcat config). > > Ray > > On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello, > > I'm trying to install a CAS server (v7) on a Debian 12 host. I using the > Debian's tomcat10 package, Apache2 as reverse proxy (AJP), the Oracle JDK > 21.0.2 and a CAS Initializr overlay to build the cas.war file. My CAS > server run well, but I have problem with the authentication of the > management app. I use a CAS Initializr overlay for the CAS management > 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it in the > same context. I configure CAS client in the management app : > > cas.server.name=https://idp.example.tld > cas.server.prefix=${cas.server.name}/cas > > When I try to access to the management app, I'm entering in a loop : I'm > redirect to the CAS server that authenticate me and redirect me to the > management app on its callback URL with a ticket ( > https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) > and I'm redirect again to the CAS server for authentication, that redirect > me back with a new ticket and etc. > > I have no error in logs and I tried to enable debugging and I can't find > any indication about my problem (see logs below). Do you have any idea ? > > Futhermore, It's a good idea for you to run CAS server & management apps > version 7 in production or I have to use version 6 ? > > Thanks ! > > 2024-03-26 12:45:29,508 DEBUG > [org.springframework.security.web.FilterChainProxy] - Securing GET > /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod > 2024-03-26 12:45:29,508 DEBUG > [org.springframework.security.web.access.channel.ChannelProcessingFilter] - > Request: filter invocation [GET > /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; > ConfigAttributes: [REQUIRES_SECURE_CHANNEL] > 2024-03-26 12:45:29,509 DEBUG > [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] > - Set SecurityContextHolder to anonymous SecurityContext > 2024-03-26 12:45:29,509 DEBUG > [org.springframework.security.web.FilterChainProxy] - Secured GET > /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod > 2024-03-26 12:45:29,510 DEBUG > [org.springframework.web.servlet.DispatcherServlet] - GET > "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", > parameters={masked} > 2024-03-26 12:45:29,512 DEBUG > [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - Mapped > to ResourceHttpRequestHandler [classpath [dist/], classpath [static/]] > 2024-03-26 12:45:29,512 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] > - === SECURITY === > 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] > - url: > https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod > 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] > - clients: null | matchers: null > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Provided > clientNames: null > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Default > security clients: null > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only client: > CasClient > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - > clientNameOnRequest: Optional.empty > 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - Found > client: CasClient(super=IndirectClient(super=BaseClient(name=CasClient, > authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, > org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], > credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, > authenticator=InitializableObject(initialized=false, maxAttempts=3, > nbAttempts=0, lastAttempt=null, > minTimeIntervalBetweenAttemptsInMilliseconds=5000), > profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, > customProperties={}, profileFactoryWhenNotAuthenticated=null, > multiProfile=false, saveProfileInSession=true, > config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= > https://idp.example.tld/cas-management/callback, > urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, > callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, > ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, > redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, > logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, > logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= > https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), > checkAuthenticationAttempt=true), > configuration=CasConfiguration(encoding=UTF-8, loginUrl= > https://idp.example.tld/cas/login, prefixUrl=https://idp.example.tld/cas/, > restUrl=https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, > protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, > allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, > urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, > postLogoutUrlParameter=service, customParams={}, method=null, > privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, > hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - result: > [CasClient] > 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] > - currentClients: > [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, > authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, > org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], > credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, > authenticator=InitializableObject(initialized=false, maxAttempts=3, > nbAttempts=0, lastAttempt=null, > minTimeIntervalBetweenAttemptsInMilliseconds=5000), > profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, > customProperties={}, profileFactoryWhenNotAuthenticated=null, > multiProfile=false, saveProfileInSession=true, > config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= > https://idp.example.tld/cas-management/callback, > urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, > callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, > ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, > redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, > logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, > logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= > https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), > checkAuthenticationAttempt=true), > configuration=CasConfiguration(encoding=UTF-8, loginUrl= > https://idp.example.tld/cas/login, prefixUrl=https://idp.example.tld/cas/, > restUrl=https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, > protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, > allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, > urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, > postLogoutUrlParameter=service, customParams={}, method=null, > privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, > hostnameVerifier=null, sslSocketFactory=null))] > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: > 0D8A24DA3779DDC589CC82A00D7121ED > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking > matcher: org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d -> > true > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking > matcher: org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 > -> true > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking > matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking > matcher: org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b -> > true > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking > matcher: org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 -> > true > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,513 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Get value: > 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - previous > CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Set key: > pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - > generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current URL: > https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Set key: pac4jCsrfToken > for value: 2af42c4e87984404bcc144ac7034dbc3 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Set key: > pac4jCsrfTokenExpirationDate for value: 1711467929514 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking > matcher: > CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, > domain=null, path=/, httpOnly=true, secure=true, maxAge=null, > sameSitePolicy=null, addTokenAsAttribute=true, addTokenAsHeader=false, > addTokenAsCookie=true) -> true > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for key: > pac4jUserProfiles > 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] > - Loaded profiles (from session: true): [] > 2024-03-26 12:45:29,514 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] > - Starting authentication > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - > requestedUrl: > https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Set key: > pac4jRequestedUrl for value: > https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, > retrieved session: > org.apache.catalina.session.StandardSessionFacade@730d8632 > 2024-03-26 12:45:29,514 DEBUG > [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for key: > CasClient$attemptedAuthentication > 2024-03-26 12:45:29,515 DEBUG > [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - redirectionUrl: > https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient > 2024-03-26 12:45:29,515 DEBUG > [org.springframework.web.servlet.DispatcherServlet] - Completed 302 FOUND > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/69ae1f0967405db29089d898a0d6aa5ef891b4f0.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/69ae1f0967405db29089d898a0d6aa5ef891b4f0.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- Seyyed Mohsen Saeedi سید محسن سعیدی -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE0qWrxR%3DO4HKmARAt5mc67e14FMJkQxJ%3DrN0A3sWz6m2RvHdA%40mail.gmail.com.
