[cas-user] Re: Duo MFA error in 6.2 RC5

2020-06-26 Thread Amit Poddar 
Hi,

I am dealing with the same issue, did you get a resolution to this?  If yes 
then would you be willing to share the resolution?

Thanks,
Amit

On Thursday, June 4, 2020 at 4:44:50 PM UTC-4, mba...@scad.edu wrote:
>
> Doh, I didn't post  the actual error.  Here it is:
>
> ERROR 
> [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas-web].[dispatcherServlet]]
>  
> -  [/cas-web] threw exception [Request processing failed; nested exception is 
> org.springframework.webflow.execution.ActionExecutionException: Exception 
> thrown executing 
> org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityPrepareWebLoginFormAction@5c3e7128
>  
> in state 'viewLoginFormDuo' of flow 'mfa-duo' -- action execution 
> attributes were 'map['resolvedAuthenticationEvents' -> list[mfa-duo]]'] 
> with root cause>
> java.lang.NullPointerException: null
> at java.util.Objects.requireNonNull(Objects.java:221) ~[?:?]
> at 
> org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityPrepareWebLoginFormAction.doExecute(DuoSecurityPrepareWebLoginFormAction.java:31)
>  
> ~[cas-server-support-duo-core-6.2.0-RC5.jar!/:6.2.0-RC5]
> at 
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>  
> ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
>
> Thanks in advance.
>
>
> On Thursday, June 4, 2020 at 4:18:07 PM UTC-4, mba...@scad.edu wrote:
>>
>> I'm testing out 6.2 RC5 and am getting an error with Duo: 
>>
>> DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - > received exception 
>> [org.springframework.webflow.execution.ActionExecutionException: Exception 
>> thrown executing 
>> org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityPrepareWebLoginFormAction@5afaae7e
>>  
>> in state 'viewLoginFormDuo' of flow 'mfa-duo' -- action execution 
>> attributes were 'map['resolvedAuthenticationEvents' -> list[mfa-duo]]'] due 
>> to a type mismatch with handler 
>> [[FlowHandlerMapping.DefaultFlowHandler@5f5b9239]]>
>>
>> I'm using pretty much the same Duo configuration from 6.0.x (which is 
>> working), but switched from camelCase to dashes as listed in the latest 
>> development documentation.  I got the same error with camel case too.
>>
>> #  DUO 
>> cas.authn.mfa.duo[0].duo-secret-key=${CAS_DUO_SKEY}
>> cas.authn.mfa.duo[0].rank=0
>> cas.authn.mfa.duo[0].duo-application-key=${CAS_DUO_AKEY}
>> cas.authn.mfa.duo[0].duo-integration-key=${CAS_DUO_IKEY}
>> cas.authn.mfa.duo[0].duo-api-host=${CAS_DUO_HOST}
>> cas.authn.mfa.duo[0].trusted-device-enabled=false
>> cas.authn.mfa.duo[0].id=mfa-duo
>> cas.authn.mfa.duo[0].name=SCAD DUO
>> cas.authn.mfa.duo[0].order=1
>> # but this one stays camelCase
>> cas.authn.mfa.groovyScript=file:/etc/cas/ScadMfa.groovy
>>
>> And I can actually see a response from Duo early in the log that 
>> indicates it retrieved my account info.
>>
>> Also, I am using the default theme with no changes.
>>
>> Any help would be appreciated. 
>>
>> Thank you,
>> Mike
>>
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5ad9a82-e295-4af9-9d80-c83faa7d20c0o%40apereo.org.

[cas-user] Re: CAS interrupt and SSO session

2020-06-26 Thread Amit Poddar 
I found this link from few years ago discussing this in context of CAS5. It 
does not look like what we want is possible, per that link, without 
significant customization. 

But I am hopeful, that somebody has some creative ideas.

Thanks,
Amit

On Friday, June 26, 2020 at 4:59:03 PM UTC-4, Amit Poddar wrote:
>
> Hi,
>
> We are trying to utilize the CAS interrupt feature to nag people to 
> register for multi factor authentication. On the interrupt we are showing 
> one button to take them to a MFA registration app and continue button to 
> continue to the original application. 
>
> It seems after primary authentication CAS does not establish a SSO session 
> when showing the authentication interrupt message. The MFA registration 
> application is also protected by CAS, so when the user clicks the button to 
> launch the MFA application he is prompted by CAS for authentication again.
>
> Is it possible for us to configure CAS to create the SSO session before 
> showing the interrupt page?
>
> Thanks,
> Amit
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/891d1c5a-136e-4d47-95c5-3dfd639d4fe7o%40apereo.org.

[cas-user] CAS interrupt and SSO session

2020-06-26 Thread Amit Poddar 
Hi,

We are trying to utilize the CAS interrupt feature to nag people to 
register for multi factor authentication. On the interrupt we are showing 
one button to take them to a MFA registration app and continue button to 
continue to the original application. 

It seems after primary authentication CAS does not establish a SSO session 
when showing the authentication interrupt message. The MFA registration 
application is also protected by CAS, so when the user clicks the button to 
launch the MFA application he is prompted by CAS for authentication again.

Is it possible for us to configure CAS to create the SSO session before 
showing the interrupt page?

Thanks,
Amit

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9098a4d1-f2f2-427d-ac1e-94d1b891636co%40apereo.org.