Hi Pierre, oh I mean by accessing directly to a service protected by mfa-gauth, just after the login/pwd form : You have the ability to register a new device here. The other way is to register your device thru the /cas/login page (in case you added this functionnality ...) it does not work for every MFA technology : for instance MFA webauthn registering thru the /cas/login page is not working yet (well since my last try ...)
Le mardi 3 décembre 2024 à 16:47:11 UTC+1, Pierre Driutti a écrit : > Hello Frederic, > > I am new to CAS, and am also having this issue. > > I'd be curious though. How could one register a gauth device « on the fly > » ? > > Thanks in advance > > regards, > > Pierre > Le mardi 3 décembre 2024 à 15:02:36 UTC+1, Frédéric Dussurget a écrit : > >> Hi Bruno, >> on my side, I'm able to register new gauth devices on a clean fresh 7.1.2 >> clone (without overriding casGoogleAuthenticatorRegistrationView.html) >> : I can register gauth device both "on the fly" and through the /cas/login >> page. >> >> Notice I have turned on CasFeatureModule.AccountManagement.enabled to be >> ablme to register thru the /cas/login page. >> >> I cannot try with 7.2.x because I still have an issue with reddis and 'void >> io.lettuce.core.StatefulRedisConnectionImpl.<init>(io.lettuce.core.RedisChannelWriter, >> >> io.lettuce.core.protocol.PushHandler, io.lettuce.core.codec.RedisCodec, >> java.time.Duration)' >> Regards >> >> >> >> Le vendredi 29 novembre 2024 à 14:58:51 UTC+1, Bruno Elie a écrit : >> >>> Hi all, >>> It seems that this problem of flow is not resolved yet. >>> I'm actually testing mfa with gauth on CAS v7.1 (also tested on v7.2) >>> and i still have to make this change in the forms action on file >>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html.. >>> With this change i can successfully register my device but that's all, >>> just after this step i encouter an error 500 also linked to the flow: >>> >>> Error: jakarta.servlet.ServletException: Request processing failed: >>> org.springframework.webflow.execution.ActionExecutionException: Exception >>> thrown executing >>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@342fddc >>> >>> in state 'accountRegistrationCheck' of flow 'mfa-gauth' -- action execution >>> attributes were 'map[[empty]]' >>> >>> Any news here ? >>> >>> >>> Regards, >>> >>> Bruno >>> >>> Le mardi 2 juillet 2024 à 12:03:20 UTC+2, Frédéric Dussurget a écrit : >>> >>>> Hi Artur, >>>> I gave it a try this morning, this is exactly what I've done : >>>> >>>> - I flushed the db before >>>> - cloned a brand new cas-overlay-template version=*7.1.0-SNAPSHOT* and >>>> springBootVersion=3.3.1 (this morning master branch) >>>> - First I gave it a try and *I can confirm to you that I could not >>>> registered my device with this version*. >>>> - Then I edited >>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>> >>>> : >>>> nano >>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>> changed line 20 from <form method="post" id="fm1" class="fm-v >>>> clearfix" th:action="@{${'/' + activeFlowId} }"> to <form >>>> method="post" id="fm1" class="fm-v clearfix" th:action="@{/login}"> >>>> - build and deployed again the .war into tomcat (gradlew then mv as you >>>> did) >>>> - flushed my former cas entry in my device (google authenticator on my >>>> mobile phone) >>>> >>>> Then I was able to register my mobile phone again and was able to log >>>> in. >>>> >>>> After that, and because like gaming, I deleted the >>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>> >>>> and regradlewed again all that stuff nut I did not flushed the db so my >>>> device is still registered : I'm able to log in but cannot register any >>>> other devices ... >>>> >>>> I would not submit a PR, because it looks more like a new mfa global >>>> strategy change than a typo ... >>>> >>>> >>>> >>>> Le jeudi 27 juin 2024 à 15:29:56 UTC+2, artur mis a écrit : >>>> >>>>> I have changed casGoogleAuthenticatorRegistrationView.html >>>>> /gradlew getResource >>>>> -PresourceName=casGoogleAuthenticatorRegistrationView.html >>>>> Edit >>>>> changes to: >>>>> <form method="post" id="fm1" class="fm-v clearfix" >>>>> th:action="@{/login}"> >>>>> ./gradlew clean build >>>>> ./gradlew run >>>>> logs: >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>> >>>>> - <Getting FlowDefinition with id 'login'> >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>> >>>>> - <Getting FlowDefinition with id 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Resuming >>>>> in >>>>> org.springframework.webflow.mvc.servlet.MvcExternalContext@43d3c39c> >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.engine.Flow] - <Restoring >>>>> [FlowVariable@72d57e64 name = 'credential', valueFactory = >>>>> [BeanFactoryVariableValueFactory@54271a0 type = >>>>> GoogleAuthenticatorTokenCredential]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <Processing user >>>>> event 'submit'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <No model to >>>>> bind >>>>> to; done processing user event> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ViewState] - <Event 'submit' returned >>>>> from view [CasMvcViewFactoryCreator.CasServletMvcView@19fcc87f view = >>>>> org.thymeleaf.spring6.view.ThymeleafView@20a0257c]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@78d19fd5 on = submit, to = saveRegistration]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'viewRegistration'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>> 'saveRegistration' of flow 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [EvaluateAction@2858a08b expression = >>>>> googleSaveAccountRegistrationAction, >>>>> resultExpression = [null]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator] >>>>> >>>>> - <Authorizing token [442461] against account >>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>> username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> 2024-06-27 15:04:38,065 WARN >>>>> [org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction] >>>>> - >>>>> <Unable to authorize given token [442461] for account >>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>> username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> 2024-06-27 15:04:38,065 ERROR >>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] - >>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing >>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d; >>>>> >>>>> result = error> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [EvaluateAction@2858a08b expression = >>>>> googleSaveAccountRegistrationAction, resultExpression = [null]]; result = >>>>> error> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@21706f35 on = *, to = accountRegistrationCheck]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'saveRegistration'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>> 'accountRegistrationCheck' of flow 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [EvaluateAction@27d141a0 expression = >>>>> googleAccountCheckRegistrationAction, >>>>> resultExpression = [null]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a; >>>>> >>>>> result = register> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [EvaluateAction@27d141a0 expression = >>>>> googleAccountCheckRegistrationAction, resultExpression = [null]]; result >>>>> = >>>>> register> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@27ba422f on = register, to = viewRegistration]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'accountRegistrationCheck'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ViewState] - <Entering state >>>>> 'viewRegistration' of flow 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [SetAction@28627feb name = viewScope.principal, value = >>>>> conversationScope.authentication.principal]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [SetAction@28627feb name = viewScope.principal, value = >>>>> conversationScope.authentication.principal]; result = success> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [EvaluateAction@127cb29e expression = >>>>> googleAccountCreateRegistrationAction, resultExpression = [null]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction@3208f7f> >>>>> 2024-06-27 15:04:38,071 DEBUG >>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] >>>>> - >>>>> <Registration key URI is >>>>> [otpauth://totp/CASLabel:casuser?secret=****************]> >>>>> >>>>> >>>>> I was thinking that i have wrong sync time becouse : >>>>> 2024-06-27 15:04:38,065 ERROR >>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] - >>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> LOGS are in CEST but some internal logs are UTC but they look like >>>>> the same after calculation. >>>>> >>>>> >>>>> Finally: I havent recive logs like before with 403 but : >>>>> 024-06-27 15:25:53,702 DEBUG >>>>> [org.springframework.web.servlet.DispatcherServlet] - <Completed 401 >>>>> UNAUTHORIZED> >>>>> So i'm still in black ass. >>>>> >>>>> On Thursday, June 27, 2024 at 1:11:29 PM UTC+2 artur mis wrote: >>>>> >>>>>> Could anybody confirm that this issue still appear itself in >>>>>> v7.1. Ii seems i have the same . My logs : >>>>>> >>>>>> [env : simple as posible casuser:Mellon with mf-gauth run by >>>>>> ./gradlew run debug,time synced with ntpd server] >>>>>> >>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>> 2024-06-27 12:09:08,263 DEBUG >>>>>> [org.springframework.boot.actuate.audit.listener.AuditListener] - >>>>>> <AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z, >>>>>> principal=anonymousUser, type=AUTHORIZATION_FAILURE, >>>>>> data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, >>>>>> SessionId=null]}]> >>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch >>>>>> for >>>>>> POST "/cas/error", parameters={masked}> >>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>> >>>>>> - <Mapped to >>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>> 2024-06-27 12:09:08,267 DEBUG >>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>> >>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported >>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>> application/*+json, >>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>> application/*+xml;charset=UTF-8]> >>>>>> 2024-06-27 12:09:08,268 DEBUG >>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>> >>>>>> - <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403, >>>>>> error=Forbidden, message=Access Denied, path=/ (truncated)...]> >>>>>> 2024-06-27 12:09:08,269 DEBUG >>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>> "ERROR" >>>>>> dispatch, status 403> >>>>>> 2024-06-27 12:09:16,765 DEBUG >>>>>> [org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] - >>>>>> <Starting to clean previously used authenticator tokens from >>>>>> [BaseOneTimeTokenRepository()] at >>>>>> [2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]> >>>>>> >>>>>> On Wednesday, January 10, 2024 at 7:52:52 PM UTC+1 Al Faller wrote: >>>>>> >>>>>>> Did some http level comparison between 6.6 and 7.0 - >>>>>>> 6.6 sends the POST to /cas/login, whereas >>>>>>> 7.0 sends the POST to /cas/mfa-gauth >>>>>>> >>>>>>> So, editing the form action in the html for the device registration, >>>>>>> I set the action=/cas/login on my 7.0 test and it worked! >>>>>>> >>>>>>> Looks like the form was changed in commit 15580dc in October, for >>>>>>> "allow >>>>>>> account profile to allow users to register devices with gauth". I >>>>>>> don't >>>>>>> pretend to understand how the flow was changed, but maybe this will >>>>>>> help >>>>>>> someone with straightening this out. Unfortunately my hack works fine >>>>>>> with >>>>>>> a vanilla version of CAS running, but does not work once I turn on all >>>>>>> of >>>>>>> the features I need (I get different errors though, which is likely >>>>>>> related >>>>>>> to the flow changes). >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Jan 10, 2024 at 11:00 AM Al Faller <[email protected]> wrote: >>>>>>> >>>>>>>> HI All - >>>>>>>> >>>>>>>> Turned on debugging for spring and it looks like spring is sending >>>>>>>> the error: >>>>>>>> >>>>>>>> 2024-01-10 15:49:02,787 INFO >>>>>>>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] >>>>>>>> expired tickets removed.> >>>>>>>> 2024-01-10 15:49:10,713 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>> <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-01-10 15:49:10,715 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>> <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to match >>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>> request, >>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>> >>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>> >>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>> >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>> >>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>> >>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>> >>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>> >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>> >>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>> >>>>>>>> (1/1)> >>>>>>>> 2024-01-10 15:49:10,716 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>> /mfa-gauth> >>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>> >>>>>>>> - <Did not match request to >>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>> >>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> CorsFilter >>>>>>>> (5/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>> - >>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>> lookup >>>>>>>> a value, but not provided> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AuthorizationFilter (10/10)> >>>>>>>> 2024-01-10 15:49:10,720 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>> FirewalledRequest[ >>>>>>>> org.apache.catalina.connector.RequestFacade@4d5329b9]]> >>>>>>>> 2024-01-10 15:49:10,739 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Denying request since did not find matching RequestMatcher> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>> >>>>>>>> - <No HttpSession currently exists> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>> >>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, >>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>> 2024-01-10 15:49:13,460 TRACE >>>>>>>> [org.springframework.security.web.access.ExceptionTranslationFilter] - >>>>>>>> <Sending AnonymousAuthenticationToken [Principal=anonymousUser, >>>>>>>> Credentials=[PROTECTED], Authenticated=true, >>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to >>>>>>>> authentication >>>>>>>> entry point since access is denied> >>>>>>>> org.springframework.security.access.AccessDeniedException: Access >>>>>>>> Denied >>>>>>>> at >>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) >>>>>>>> at >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) >>>>>>>> at >>>>>>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>> at >>>>>>>> org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) >>>>>>>> at >>>>>>>> org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) >>>>>>>> at >>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) >>>>>>>> at >>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) >>>>>>>> at >>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735) >>>>>>>> at >>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) >>>>>>>> at >>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) >>>>>>>> at >>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) >>>>>>>> at >>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) >>>>>>>> at java.base/java.lang.VirtualThread.run(VirtualThread.java:309) >>>>>>>> 2024-01-10 15:49:13,462 TRACE >>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>> - >>>>>>>> <Did not save request since it did not match [And [Not [Ant >>>>>>>> [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher >>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>> >>>>>>>> matchingMediaTypes=[application/json], useEquals=false, >>>>>>>> ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher >>>>>>>> [expectedHeaderName=X-Requested-With, >>>>>>>> expectedHeaderValue=XMLHttpRequest]], >>>>>>>> Not [MediaTypeRequestMatcher >>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>> >>>>>>>> matchingMediaTypes=[multipart/form-data], useEquals=false, >>>>>>>> ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher >>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>> >>>>>>>> matchingMediaTypes=[text/event-stream], useEquals=false, >>>>>>>> ignoredMediaTypes=[*/*]]]]]> >>>>>>>> 2024-01-10 15:49:13,462 DEBUG >>>>>>>> [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] >>>>>>>> >>>>>>>> - <Pre-authenticated entry point called. Rejecting access> >>>>>>>> 2024-01-10 15:49:13,485 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> >>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>> [text/html]}]> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to match >>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>> request, >>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>> >>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>> >>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>> >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>> >>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>> >>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>> >>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>> >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>> >>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>> >>>>>>>> (1/1)> >>>>>>>> 2024-01-10 15:49:13,503 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>> /error> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>> >>>>>>>> - <Did not match request to >>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>> >>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> CorsFilter >>>>>>>> (5/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>> - >>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>> lookup >>>>>>>> a value, but not provided> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AuthorizationFilter (10/10)> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>> FirewalledRequest[ >>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]]> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Checking authorization on SecurityContextHolderAwareRequestWrapper[ >>>>>>>> FirewalledRequest[ >>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]] using >>>>>>>> org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b> >>>>>>>> 2024-01-10 15:49:13,504 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Secured POST >>>>>>>> /error> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed >>>>>>>> cookie value [en-US] into locale 'en_US'> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" >>>>>>>> dispatch for >>>>>>>> POST "/cas/error", parameters={masked}, headers={masked} in >>>>>>>> DispatcherServlet 'dispatcherServlet'> >>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> >>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>> [text/html]}]> >>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> >>>>>>>> - <Mapped to >>>>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>>>> 2024-01-10 15:49:13,513 TRACE >>>>>>>> [org.springframework.web.method.HandlerMethod] - <Arguments: >>>>>>>> [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379]> >>>>>>>> 2024-01-10 15:49:13,531 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> >>>>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and >>>>>>>> supported >>>>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>>>> application/*+json, >>>>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>>>> application/*+xml;charset=UTF-8]> >>>>>>>> 2024-01-10 15:49:13,531 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> >>>>>>>> - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403, >>>>>>>> error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]> >>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter] >>>>>>>> >>>>>>>> - <Applying default cacheSeconds=-1> >>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <No view >>>>>>>> rendering, >>>>>>>> null ModelAndView returned.> >>>>>>>> 2024-01-10 15:49:13,576 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>>>> "ERROR" >>>>>>>> dispatch, status 403, headers={masked}> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>> >>>>>>>> - <No HttpSession currently exists> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>> >>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, >>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>> >>>>>>>> On Wednesday, January 10, 2024 at 7:57:27 AM UTC-5 Frédéric >>>>>>>> Dussurget wrote: >>>>>>>> >>>>>>>>> Hi Al, >>>>>>>>> I've got the same issue, could not fixed it. F12 console in your >>>>>>>>> browser might throw a 401 error ... (for info my db backend is redis) >>>>>>>>> we have a topic here : >>>>>>>>> https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M >>>>>>>>> regards, >>>>>>>>> >>>>>>>>> >>>>>>>>> Le mercredi 10 janvier 2024 à 05:26:03 UTC+1, Al Faller a écrit : >>>>>>>>> >>>>>>>>>> Hi - >>>>>>>>>> >>>>>>>>>> Trying to get mfa-gauth working with 7.0. Unfortunately when I'm >>>>>>>>>> attempting to "Confirm account registration" (save my new device), I >>>>>>>>>> receive a 403 error back from CAS at /cas/mfa-gauth and an error on >>>>>>>>>> the >>>>>>>>>> screen. I can reproduce this with a clean copy of the overlay. My >>>>>>>>>> steps: >>>>>>>>>> >>>>>>>>>> - add 'implementation >>>>>>>>>> "org.apereo.cas:cas-server-support-gauth"' to the build.gradle >>>>>>>>>> - ./gradlew build >>>>>>>>>> - add cas.authn.mfa.triggers.global.global-provider-id=mfa-gauth >>>>>>>>>> to >>>>>>>>>> /etc/cas/config/cas.properties >>>>>>>>>> - java -jar build/libs/cas.war --server.ssl.enabled=false >>>>>>>>>> --server.port=8080 >>>>>>>>>> >>>>>>>>>> From chrome developer tools, looks like the following was >>>>>>>>>> returned: >>>>>>>>>> --- !<java.util.LinkedHashMap> >>>>>>>>>> timestamp: "2024-01-09T22:48:27.384+00:00" >>>>>>>>>> status: 403 >>>>>>>>>> error: "Forbidden" >>>>>>>>>> message: "Access Denied" >>>>>>>>>> path: "/cas/mfa-gauth" >>>>>>>>>> >>>>>>>>>> added debug logging - nothing useful shows up. >>>>>>>>>> >>>>>>>>>> Attached is the screenshot: >>>>>>>>>> [image: Screenshot from 2024-01-09 17-45-14.png] >>>>>>>>>> >>>>>>>>>> Any ideas why this might be breaking? I have tried 7.0 and >>>>>>>>>> master with no luck. >>>>>>>>>> >>>>>>>>>> Thanks in advance, >>>>>>>>>> >>>>>>>>>> Al >>>>>>>>>> >>>>>>>>>> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/15e92fd9-f51c-4eab-bf55-2af4fb4ef1a2n%40apereo.org.
