I have this problem with cas 6.6.14. It doesn't accept token generated to verify registered device and return error message:
Unable to accept this token. The given token is invalid, does not belong to the device or has expired Any idea? On Fri, Dec 6, 2024 at 4:11 PM Pierre Driutti <[email protected]> wrote: > Thanks for the clarification, Frédéric. > Regards, > Pierre > > Le jeudi 5 décembre 2024 à 15:19:01 UTC+1, Frédéric Dussurget a écrit : > >> Hi Pierre, >> oh I mean by accessing directly to a service protected by mfa-gauth, just >> after the login/pwd form : You have the ability to register a new device >> here. >> The other way is to register your device thru the /cas/login page (in >> case you added this functionnality ...) >> it does not work for every MFA technology : for instance MFA webauthn >> registering thru the /cas/login page is not working yet (well since my last >> try ...) >> >> >> Le mardi 3 décembre 2024 à 16:47:11 UTC+1, Pierre Driutti a écrit : >> >>> Hello Frederic, >>> >>> I am new to CAS, and am also having this issue. >>> >>> I'd be curious though. How could one register a gauth device « on the >>> fly » ? >>> >>> Thanks in advance >>> >>> regards, >>> >>> Pierre >>> Le mardi 3 décembre 2024 à 15:02:36 UTC+1, Frédéric Dussurget a écrit : >>> >>>> Hi Bruno, >>>> on my side, I'm able to register new gauth devices on a clean fresh >>>> 7.1.2 clone (without overriding >>>> casGoogleAuthenticatorRegistrationView.html) : I can register gauth >>>> device both "on the fly" and through the /cas/login page. >>>> >>>> Notice I have turned on CasFeatureModule.AccountManagement.enabled to >>>> be ablme to register thru the /cas/login page. >>>> >>>> I cannot try with 7.2.x because I still have an issue with reddis and >>>> 'void >>>> io.lettuce.core.StatefulRedisConnectionImpl.<init>(io.lettuce.core.RedisChannelWriter, >>>> io.lettuce.core.protocol.PushHandler, io.lettuce.core.codec.RedisCodec, >>>> java.time.Duration)' >>>> Regards >>>> >>>> >>>> >>>> Le vendredi 29 novembre 2024 à 14:58:51 UTC+1, Bruno Elie a écrit : >>>> >>>>> Hi all, >>>>> It seems that this problem of flow is not resolved yet. >>>>> I'm actually testing mfa with gauth on CAS v7.1 (also tested on v7.2) >>>>> and i still have to make this change in the forms action on file >>>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html.. >>>>> With this change i can successfully register my device but that's all, >>>>> just after this step i encouter an error 500 also linked to the flow: >>>>> >>>>> Error: jakarta.servlet.ServletException: Request processing failed: >>>>> org.springframework.webflow.execution.ActionExecutionException: Exception >>>>> thrown executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@342fddc >>>>> in state 'accountRegistrationCheck' of flow 'mfa-gauth' -- action >>>>> execution >>>>> attributes were 'map[[empty]]' >>>>> >>>>> Any news here ? >>>>> >>>>> >>>>> Regards, >>>>> >>>>> Bruno >>>>> >>>>> Le mardi 2 juillet 2024 à 12:03:20 UTC+2, Frédéric Dussurget a écrit : >>>>> >>>>>> Hi Artur, >>>>>> I gave it a try this morning, this is exactly what I've done : >>>>>> >>>>>> - I flushed the db before >>>>>> - cloned a brand new cas-overlay-template version=*7.1.0-SNAPSHOT* >>>>>> and springBootVersion=3.3.1 (this morning master branch) >>>>>> - First I gave it a try and *I can confirm to you that I could not >>>>>> registered my device with this version*. >>>>>> - Then I edited >>>>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>>>> : >>>>>> nano >>>>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>>>> changed line 20 from <form method="post" id="fm1" class="fm-v >>>>>> clearfix" th:action="@{${'/' + activeFlowId} }"> to <form >>>>>> method="post" id="fm1" class="fm-v clearfix" th:action="@{/login}"> >>>>>> - build and deployed again the .war into tomcat (gradlew then mv as >>>>>> you did) >>>>>> - flushed my former cas entry in my device (google authenticator on >>>>>> my mobile phone) >>>>>> >>>>>> Then I was able to register my mobile phone again and was able to log >>>>>> in. >>>>>> >>>>>> After that, and because like gaming, I deleted the >>>>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>>>> and regradlewed again all that stuff nut I did not flushed the db so my >>>>>> device is still registered : I'm able to log in but cannot register any >>>>>> other devices ... >>>>>> >>>>>> I would not submit a PR, because it looks more like a new mfa global >>>>>> strategy change than a typo ... >>>>>> >>>>>> >>>>>> >>>>>> Le jeudi 27 juin 2024 à 15:29:56 UTC+2, artur mis a écrit : >>>>>> >>>>>>> I have changed casGoogleAuthenticatorRegistrationView.html >>>>>>> /gradlew getResource >>>>>>> -PresourceName=casGoogleAuthenticatorRegistrationView.html >>>>>>> Edit >>>>>>> changes to: >>>>>>> <form method="post" id="fm1" class="fm-v clearfix" >>>>>>> th:action="@{/login}"> >>>>>>> ./gradlew clean build >>>>>>> ./gradlew run >>>>>>> logs: >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>>>> - <Getting FlowDefinition with id 'login'> >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>>>> - <Getting FlowDefinition with id 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Resuming >>>>>>> in >>>>>>> org.springframework.webflow.mvc.servlet.MvcExternalContext@43d3c39c> >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.engine.Flow] - <Restoring >>>>>>> [FlowVariable@72d57e64 name = 'credential', valueFactory = >>>>>>> [BeanFactoryVariableValueFactory@54271a0 type = >>>>>>> GoogleAuthenticatorTokenCredential]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <Processing >>>>>>> user >>>>>>> event 'submit'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <No model to >>>>>>> bind >>>>>>> to; done processing user event> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ViewState] - <Event 'submit' >>>>>>> returned >>>>>>> from view [CasMvcViewFactoryCreator.CasServletMvcView@19fcc87f view >>>>>>> = org.thymeleaf.spring6.view.ThymeleafView@20a0257c]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@78d19fd5 on = submit, to = saveRegistration]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'viewRegistration'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>> 'saveRegistration' of flow 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [EvaluateAction@2858a08b expression = >>>>>>> googleSaveAccountRegistrationAction, resultExpression = [null]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d >>>>>>> > >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator] >>>>>>> - <Authorizing token [442461] against account >>>>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>>>> username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> 2024-06-27 15:04:38,065 WARN >>>>>>> [org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction] >>>>>>> - >>>>>>> <Unable to authorize given token [442461] for account >>>>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>>>> username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> 2024-06-27 15:04:38,065 ERROR >>>>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] >>>>>>> - >>>>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing >>>>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d; >>>>>>> result = error> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [EvaluateAction@2858a08b expression = >>>>>>> googleSaveAccountRegistrationAction, resultExpression = [null]]; result >>>>>>> = >>>>>>> error> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@21706f35 on = *, to = accountRegistrationCheck]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'saveRegistration'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>> 'accountRegistrationCheck' of flow 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [EvaluateAction@27d141a0 expression = >>>>>>> googleAccountCheckRegistrationAction, resultExpression = [null]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a >>>>>>> > >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing >>>>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a; >>>>>>> result = register> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [EvaluateAction@27d141a0 expression = >>>>>>> googleAccountCheckRegistrationAction, resultExpression = [null]]; >>>>>>> result = >>>>>>> register> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@27ba422f on = register, to = viewRegistration]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'accountRegistrationCheck'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ViewState] - <Entering state >>>>>>> 'viewRegistration' of flow 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [SetAction@28627feb name = viewScope.principal, value = >>>>>>> conversationScope.authentication.principal]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [SetAction@28627feb name = viewScope.principal, value = >>>>>>> conversationScope.authentication.principal]; result = success> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [EvaluateAction@127cb29e expression = >>>>>>> googleAccountCreateRegistrationAction, resultExpression = [null]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction@3208f7f >>>>>>> > >>>>>>> 2024-06-27 15:04:38,071 DEBUG >>>>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] >>>>>>> - >>>>>>> <Registration key URI is >>>>>>> [otpauth://totp/CASLabel:casuser?secret=****************]> >>>>>>> >>>>>>> >>>>>>> I was thinking that i have wrong sync time becouse : >>>>>>> 2024-06-27 15:04:38,065 ERROR >>>>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] >>>>>>> - >>>>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> LOGS are in CEST but some internal logs are UTC but they look like >>>>>>> the same after calculation. >>>>>>> >>>>>>> >>>>>>> Finally: I havent recive logs like before with 403 but : >>>>>>> 024-06-27 15:25:53,702 DEBUG >>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Completed 401 >>>>>>> UNAUTHORIZED> >>>>>>> So i'm still in black ass. >>>>>>> >>>>>>> On Thursday, June 27, 2024 at 1:11:29 PM UTC+2 artur mis wrote: >>>>>>> >>>>>>>> Could anybody confirm that this issue still appear itself in >>>>>>>> v7.1. Ii seems i have the same . My logs : >>>>>>>> >>>>>>>> [env : simple as posible casuser:Mellon with mf-gauth run by >>>>>>>> ./gradlew run debug,time synced with ntpd server] >>>>>>>> >>>>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-06-27 12:09:08,263 DEBUG >>>>>>>> [org.springframework.boot.actuate.audit.listener.AuditListener] - >>>>>>>> <AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z, >>>>>>>> principal=anonymousUser, type=AUTHORIZATION_FAILURE, >>>>>>>> data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, >>>>>>>> SessionId=null]}]> >>>>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" >>>>>>>> dispatch for >>>>>>>> POST "/cas/error", parameters={masked}> >>>>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> - <Mapped to >>>>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>>>> 2024-06-27 12:09:08,267 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported >>>>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>>>> application/*+json, >>>>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>>>> application/*+xml;charset=UTF-8]> >>>>>>>> 2024-06-27 12:09:08,268 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> - <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403, >>>>>>>> error=Forbidden, message=Access Denied, path=/ (truncated)...]> >>>>>>>> 2024-06-27 12:09:08,269 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>>>> "ERROR" >>>>>>>> dispatch, status 403> >>>>>>>> 2024-06-27 12:09:16,765 DEBUG >>>>>>>> [org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] - >>>>>>>> <Starting to clean previously used authenticator tokens from >>>>>>>> [BaseOneTimeTokenRepository()] at >>>>>>>> [2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]> >>>>>>>> >>>>>>>> On Wednesday, January 10, 2024 at 7:52:52 PM UTC+1 Al Faller wrote: >>>>>>>> >>>>>>>>> Did some http level comparison between 6.6 and 7.0 - >>>>>>>>> 6.6 sends the POST to /cas/login, whereas >>>>>>>>> 7.0 sends the POST to /cas/mfa-gauth >>>>>>>>> >>>>>>>>> So, editing the form action in the html for the device >>>>>>>>> registration, I set the action=/cas/login on my 7.0 test and it >>>>>>>>> worked! >>>>>>>>> >>>>>>>>> Looks like the form was changed in commit 15580dc in October, for >>>>>>>>> "allow account profile to allow users to register devices with >>>>>>>>> gauth". I don't pretend to understand how the flow was changed, but >>>>>>>>> maybe >>>>>>>>> this will help someone with straightening this out. Unfortunately my >>>>>>>>> hack >>>>>>>>> works fine with a vanilla version of CAS running, but does not work >>>>>>>>> once I >>>>>>>>> turn on all of the features I need (I get different errors though, >>>>>>>>> which is >>>>>>>>> likely related to the flow changes). >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Jan 10, 2024 at 11:00 AM Al Faller <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> HI All - >>>>>>>>>> >>>>>>>>>> Turned on debugging for spring and it looks like spring is >>>>>>>>>> sending the error: >>>>>>>>>> >>>>>>>>>> 2024-01-10 15:49:02,787 INFO >>>>>>>>>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] >>>>>>>>>> expired tickets removed.> >>>>>>>>>> 2024-01-10 15:49:10,713 DEBUG >>>>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>>>> <Mapping >>>>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>>>> 2024-01-10 15:49:10,715 DEBUG >>>>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>>>> <Mapping >>>>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to >>>>>>>>>> match >>>>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>>>> request, >>>>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>>>> (1/1)> >>>>>>>>>> 2024-01-10 15:49:10,716 DEBUG >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>>>> /mfa-gauth> >>>>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>>>> - <Did not match request to >>>>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> CorsFilter >>>>>>>>>> (5/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>>>> - >>>>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>>>> lookup >>>>>>>>>> a value, but not provided> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AuthorizationFilter (10/10)> >>>>>>>>>> 2024-01-10 15:49:10,720 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>>>> FirewalledRequest[ >>>>>>>>>> org.apache.catalina.connector.RequestFacade@4d5329b9]]> >>>>>>>>>> 2024-01-10 15:49:10,739 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Denying request since did not find matching RequestMatcher> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>>>> - <No HttpSession currently exists> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], >>>>>>>>>> Authenticated=true, >>>>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>>>> 2024-01-10 15:49:13,460 TRACE >>>>>>>>>> [org.springframework.security.web.access.ExceptionTranslationFilter] >>>>>>>>>> - >>>>>>>>>> <Sending AnonymousAuthenticationToken [Principal=anonymousUser, >>>>>>>>>> Credentials=[PROTECTED], Authenticated=true, >>>>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to >>>>>>>>>> authentication >>>>>>>>>> entry point since access is denied> >>>>>>>>>> org.springframework.security.access.AccessDeniedException: Access >>>>>>>>>> Denied >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) >>>>>>>>>> at >>>>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) >>>>>>>>>> at >>>>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) >>>>>>>>>> at >>>>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) >>>>>>>>>> at >>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) >>>>>>>>>> at >>>>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) >>>>>>>>>> at java.base/java.lang.VirtualThread.run(VirtualThread.java:309) >>>>>>>>>> 2024-01-10 15:49:13,462 TRACE >>>>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>>>> - >>>>>>>>>> <Did not save request since it did not match [And [Not [Ant >>>>>>>>>> [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher >>>>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>>>> matchingMediaTypes=[application/json], useEquals=false, >>>>>>>>>> ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher >>>>>>>>>> [expectedHeaderName=X-Requested-With, >>>>>>>>>> expectedHeaderValue=XMLHttpRequest]], >>>>>>>>>> Not [MediaTypeRequestMatcher >>>>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>>>> matchingMediaTypes=[multipart/form-data], useEquals=false, >>>>>>>>>> ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher >>>>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>>>> matchingMediaTypes=[text/event-stream], useEquals=false, >>>>>>>>>> ignoredMediaTypes=[*/*]]]]]> >>>>>>>>>> 2024-01-10 15:49:13,462 DEBUG >>>>>>>>>> [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] >>>>>>>>>> - <Pre-authenticated entry point called. Rejecting access> >>>>>>>>>> 2024-01-10 15:49:13,485 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>>>> [text/html]}]> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to >>>>>>>>>> match >>>>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>>>> request, >>>>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>>>> (1/1)> >>>>>>>>>> 2024-01-10 15:49:13,503 DEBUG >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>>>> /error> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>>>> - <Did not match request to >>>>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> CorsFilter >>>>>>>>>> (5/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>>>> - >>>>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>>>> lookup >>>>>>>>>> a value, but not provided> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AuthorizationFilter (10/10)> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>>>> FirewalledRequest[ >>>>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]]> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Checking authorization on >>>>>>>>>> SecurityContextHolderAwareRequestWrapper[ >>>>>>>>>> FirewalledRequest[ >>>>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]] >>>>>>>>>> using >>>>>>>>>> org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b >>>>>>>>>> > >>>>>>>>>> 2024-01-10 15:49:13,504 DEBUG >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Secured POST >>>>>>>>>> /error> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed >>>>>>>>>> cookie value [en-US] into locale 'en_US'> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" >>>>>>>>>> dispatch for >>>>>>>>>> POST "/cas/error", parameters={masked}, headers={masked} in >>>>>>>>>> DispatcherServlet 'dispatcherServlet'> >>>>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>>>> [text/html]}]> >>>>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>>>> - <Mapped to >>>>>>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>>>>>> 2024-01-10 15:49:13,513 TRACE >>>>>>>>>> [org.springframework.web.method.HandlerMethod] - <Arguments: >>>>>>>>>> [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379 >>>>>>>>>> ]> >>>>>>>>>> 2024-01-10 15:49:13,531 DEBUG >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and >>>>>>>>>> supported >>>>>>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>>>>>> application/*+json, >>>>>>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>>>>>> application/*+xml;charset=UTF-8]> >>>>>>>>>> 2024-01-10 15:49:13,531 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>>>> - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403, >>>>>>>>>> error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]> >>>>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter] >>>>>>>>>> - <Applying default cacheSeconds=-1> >>>>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <No view >>>>>>>>>> rendering, >>>>>>>>>> null ModelAndView returned.> >>>>>>>>>> 2024-01-10 15:49:13,576 DEBUG >>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>>>>>> "ERROR" >>>>>>>>>> dispatch, status 403, headers={masked}> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>>>> - <No HttpSession currently exists> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], >>>>>>>>>> Authenticated=true, >>>>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>>>> >>>>>>>>>> On Wednesday, January 10, 2024 at 7:57:27 AM UTC-5 Frédéric >>>>>>>>>> Dussurget wrote: >>>>>>>>>> >>>>>>>>>>> Hi Al, >>>>>>>>>>> I've got the same issue, could not fixed it. F12 console in your >>>>>>>>>>> browser might throw a 401 error ... (for info my db backend is >>>>>>>>>>> redis) >>>>>>>>>>> we have a topic here : >>>>>>>>>>> https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M >>>>>>>>>>> regards, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Le mercredi 10 janvier 2024 à 05:26:03 UTC+1, Al Faller a écrit : >>>>>>>>>>> >>>>>>>>>>>> Hi - >>>>>>>>>>>> >>>>>>>>>>>> Trying to get mfa-gauth working with 7.0. Unfortunately when >>>>>>>>>>>> I'm attempting to "Confirm account registration" (save my new >>>>>>>>>>>> device), I >>>>>>>>>>>> receive a 403 error back from CAS at /cas/mfa-gauth and an error >>>>>>>>>>>> on the >>>>>>>>>>>> screen. I can reproduce this with a clean copy of the overlay. >>>>>>>>>>>> My steps: >>>>>>>>>>>> >>>>>>>>>>>> - add 'implementation >>>>>>>>>>>> "org.apereo.cas:cas-server-support-gauth"' to the build.gradle >>>>>>>>>>>> - ./gradlew build >>>>>>>>>>>> - add >>>>>>>>>>>> cas.authn.mfa.triggers.global.global-provider-id=mfa-gauth to >>>>>>>>>>>> /etc/cas/config/cas.properties >>>>>>>>>>>> - java -jar build/libs/cas.war --server.ssl.enabled=false >>>>>>>>>>>> --server.port=8080 >>>>>>>>>>>> >>>>>>>>>>>> From chrome developer tools, looks like the following was >>>>>>>>>>>> returned: >>>>>>>>>>>> --- !<java.util.LinkedHashMap> >>>>>>>>>>>> timestamp: "2024-01-09T22:48:27.384+00:00" >>>>>>>>>>>> status: 403 >>>>>>>>>>>> error: "Forbidden" >>>>>>>>>>>> message: "Access Denied" >>>>>>>>>>>> path: "/cas/mfa-gauth" >>>>>>>>>>>> >>>>>>>>>>>> added debug logging - nothing useful shows up. >>>>>>>>>>>> >>>>>>>>>>>> Attached is the screenshot: >>>>>>>>>>>> [image: Screenshot from 2024-01-09 17-45-14.png] >>>>>>>>>>>> >>>>>>>>>>>> Any ideas why this might be breaking? I have tried 7.0 and >>>>>>>>>>>> master with no luck. >>>>>>>>>>>> >>>>>>>>>>>> Thanks in advance, >>>>>>>>>>>> >>>>>>>>>>>> Al >>>>>>>>>>>> >>>>>>>>>>>> -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e8c8240-315a-4e5d-83b7-4ae9a3b0d397n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e8c8240-315a-4e5d-83b7-4ae9a3b0d397n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Seyyed Mohsen Saeedi سید محسن سعیدی -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE0qWrwim7-ted%3D1seMtV1JXJUJMDPa88xfXGakft1nYFmvy8w%40mail.gmail.com.
