Re: [cas-user] JPA Ticket Registry : Delegated Authentication + General cause of "action execution attributes were 'map[[empty]]'"

2022-10-10 Thread Sven Specker 

On 10/6/22 22:00, 'Chris Durham' via CAS Community wrote:

Hi,



Hi!

If we necro this, lets keep it shambling..:) While I did not have the 
issue in delegated auth, it might have the same solution.


Now I note that Misagh said map[[empty]] issues weren't an issue but 
were a symptom of another problem, but doesn't anyone have any 
suggestions as to how to debug what that "other problem" might be when 
the only change is between where the Ticket Registry is stored.




I had the exact same problem (map[[empty]]), but in the consent flow.

After not getting any proper error message, i found out that the 
attributes that are pulled from my directory are all Lists, even if they 
can only hold a single value.


Now in the service that failed the consent with that "map[[empty]]" 
exception, i introduced a derived attribute via a groovy script. Since I 
was setting an attribute that only can hold a single value, I set it as 
a non-List string.


The code that checks the attributes in the consent flow apparently 
blindly assumes that it gets a collection within the attribute map. CAS 
6.1.x did not behave like that.


Once I made sure, all derived attributes are Lists before the login 
flow/consent continued, it worked.


Maybe my problem could point to your problem...maybe not.

The error message was not very clear, it took me a while to even figure 
out what the hell was wrong.


Best regards,

Sven Specker

--
__
*** Sven Specker -- University of Frankfurt Computing Center   ***
*** UNIX System Administration (Auth/IDM) 
* spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
**
__  
Johann Wolfgang Goethe Universitaet
   - Hochschulrechenzentrum -
 Theodor W. Adorno-Platz 1 (PA-1P16)

   D-60323 Frankfurt/Main
__
__ TeX-users do it in {groups}

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2590b68-59df-8853-a6b2-fad2bfd694ee%40rz.uni-frankfurt.de.


smime.p7s
Description: S/MIME Cryptographic Signature

[cas-user] Re: Duo Universal Prompt no longer storing TGT cookie CAS 6.5.8.

2022-10-10 Thread David Malia 
After more debugging, I can see the TGT cookie being set with a max age of
0 during the Universal Prompt flow, but non-Duo enabled logins have the max
age of the cookie being set to the configured cas.tgc.max-age property's
value.

On Fri, Oct 7, 2022 at 10:29 AM David Malia  wrote:

> Hello,
>
> I'm attempting to upgrade CAS from 5.3.x to 6.5.x for the Duo Universal
> Prompt changes.  Currently on 6.5.8.   I've noticed since enabling the
> Universal Prompt, the TGT cookie is no longer being sent to the browser
> when Duo auth occurs.  If a user is not going through the Duo
> authentication flow, the TGT cookie is set as expected.  Is this something
> expected?
>
> Thanks,
> David Malia
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkEJpqw5kaLxPFPCHX3L3u_qzeMa1axU9Nk%3DBXCSSPRKcqQ%40mail.gmail.com.