Ok, answering myself.
It is probably an autoconfiguration problem.
We have in
GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration.java:
296 @ConditionalOnMissingBean(name =
"googleAuthenticatorAccountRegistry")
297 @Bean
298 @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
299 public OneTimeTokenCredentialRepository
googleAuthenticatorAccountRegistry(
300 final ConfigurableApplicationContext applicationContext,
(it initializes the default JSON/REST/inMemory repository
and in
CasGoogleAuthenticatorJpaAutoConfiguration.java
70 @Bean
71 @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
72 @ConditionalOnMissingBean(name =
"googleAuthenticatorAccountRegistry")
73 public OneTimeTokenCredentialRepository
googleAuthenticatorAccountRegistry(
74 @Qualifier("googleAuthenticatorInstance")
(this initializes the JPA repository)
So it depends on the execution order, what is available in the application.
For me the following solution works. Delete line 72 in
CasGoogleAuthenticatorJpaAutoConfiguration.java,
put the file in the war-overlay, rebuild CAS and JPA device registration
works again.
Best regards
Klaus-Dieter
Am Di., 22. Okt. 2024 um 07:35 Uhr schrieb Klaus-Dieter Krannich <
[email protected]>:
> Hello,
>
> we use CAS version 6.6 in production with multifactor authentication using
> Google Authenticator (cas-server-support-gauth) and persistent device
> registration in a MariaDB database (cas-server-support-gauth-jpa). This
> setup is working for a
> long time without any problems.
>
> But all our tries to upgrade to a recent CAS version have failed. In CAS
> 7.x, no information is read from the CAS 6.6 registered devices table
> (Google_Authenticator_Registration_Record). If a user with an already
> registered device is trying to authenticate, the device is not found and
> the "Your account is not registered" dialog is displayed. After registering
> a new device, the authentication completes, but the new device record is
> not written to the database table. However, the tokens used during this
> registration process are stored in the token table
> (Google_Authenticator_Token) as expected. So the database setup seems to be
> correct. If we try to use JSON or Redis as persistent device registration
> storage, all works fine, but we had no success with either MariaDB or
> PostgreSQL.
>
> Has anyone a working CAS 7.x configuration with Google Authenticator and
> persistent device records stored in a Database? Any hints or suggestions on
> how to solve this issue are welcome.
>
> Klaus-Dieter
>
>
> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dbcf949d-4f4b-4202-ae41-6b246de6f78an%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/dbcf949d-4f4b-4202-ae41-6b246de6f78an%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJQa233uACK-kdpg6KNvsDNs2CoJ%3DCND4WqUQY0tsn0C2xz28g%40mail.gmail.com.
