Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-22 Thread Dmitriy Kopylenko
user@apereo.org> Subject:  Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy Do we need to open an issue in a bug tracker?  If so, where? Any suggestions where to start poking in the code to try to debug this some more?  As best we can tell it’s throwing an excepti

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-22 Thread Brian Davidson
Do we need to open an issue in a bug tracker? If so, where? Any suggestions where to start poking in the code to try to debug this some more? As best we can tell it’s throwing an exception in Spring web flow (which unfortunately we haven’t used so we’ve got a learning curve there). And it

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-13 Thread Brian Davidson
Here’s the error that’s returned if the “CAS” integration is used when configuring on duo.com website. I have opened an issue with Duo. 2018-02-13 10:53:37,995 DEBUG [org.apereo.cas.adaptors.duo.authn.BaseDuoSecurityAuthenticationService] - > On Feb 13, 2018, at 7:34 AM,

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-13 Thread Brian Davidson
Man, Just providing clarification on this other issue that I hadn’t gotten back to you on. I think the issue in this specific email is an issue with duo.com , while the other issue in this thread is an issue with CAS. In order for CAS to be able to use Duo you must obtain an

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
Indeed!! El sábado, 10 de febrero de 2018, Dmitriy Kopylenko escribió: > Thanks for confirming. Sounds like a bug to me. > > D. > > > > > On Sat, Feb 10, 2018 at 12:01 PM -0500, "Brian Davidson" < > awk.br...@gmail.com> wrote: > > I have tried that. Duo works when I

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Dmitriy Kopylenko
Thanks for confirming. Sounds like a bug to me. D. On Sat, Feb 10, 2018 at 12:01 PM -0500, "Brian Davidson" wrote: I have tried

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Brian Davidson
I have tried that. Duo works when I disable the bypass facility. When I enable it, if bypass script returns false, single factor works and I don’t get a 500 error. If the groovy script returns true, I get the 500 error. So, the Duo integration is working. The bypass groovy script definitely

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Dmitriy Kopylenko
Let me suggest to get the Groovy script out of equation completely. Switch this groovy bypass off, and try to perform entire duo 2 factor authentication transaction. If it completes successfully and then you again enable

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Brian Davidson
Switching the function to return a String instead of a boolean, I get: 2018-02-10 11:25:06,033 ERROR [org.apereo.cas.util.ScriptingUtils] - java.lang.ClassCastException: Result [mfa-duo is of type class java.lang.String when we were expecting class java.lang.Boolean … 2018-02-10 11:25:06,952

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
Try returning string "mfa-duo" or null El sábado, 10 de febrero de 2018, Brian Davidson escribió: > I changed it from info to warn: > > 2018-02-10 08:54:07,061 WARN [org.apereo.cas.authentication. > GroovyMultifactorAuthenticationProviderBypass] - attributes

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Brian Davidson
I changed it from info to warn: 2018-02-10 08:54:07,061 WARN [org.apereo.cas.authentication.GroovyMultifactorAuthenticationProviderBypass] - > On Feb 10, 2018, at 8:43 AM, Man H wrote: > > Could you try this > > def boolean run(final Object... args){ > def

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
Or this def boolean run(final Object... args){ logger.info("Evaluating principal") return true } El sábado, 10 de febrero de 2018, Brian Davidson escribió: > Removed that dependency and still git the same 500 error and same stack > trace. > > On Feb 10, 2018, at 7:20

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
Could you try this def boolean run(final Object... args){ def authentication = args[0] def principal = args[1] def service = args[2] def provider = args[3] def logger = args[4] def httpRequest = args[5] logger.info("Evaluating principal attributes

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
Could you be more specific We did find that CAS was unable to check to see if the user exists in Duo if we used the “CAS” integration in Duo. But it works if we set up the integration as “Auth API”. El sábado, 10 de febrero de 2018, Brian Davidson escribió: > Removed

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Brian Davidson
Removed that dependency and still git the same 500 error and same stack trace. > On Feb 10, 2018, at 7:20 AM, Man H wrote: > > Why you hace this > > > > javax.servlet > servlet-api > 2.5 > jar > > > > El

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
Why you hace this javax.servlet servlet-api 2.5 jar El sábado, 10 de febrero de 2018, Brian Davidson escribió: > Running on apache-tomcat-8.5.24, so that should be servlet v3.1.x. > > Yes, this is CAS

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
Assuming you are on 5.2.2 El sábado, 10 de febrero de 2018, Brian Davidson escribió: > I meant to add, our pom.xml has the following dependencies (in case we’re > missing something): > > > > org.apereo.cas > cas-server-webapp-${app.server}

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-10 Thread Man H
External A CAS deployment may be deployed to any number of external servlet containers. The container MUST support the servlet specification v3.1.x at a minimum.

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-09 Thread Brian Davidson
I meant to add, our pom.xml has the following dependencies (in case we’re missing something): org.apereo.cas cas-server-webapp-${app.server} ${cas.version} war runtime org.apereo.cas

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-09 Thread Brian Davidson
Added cas-server-core-authentication dependency. Still getting the same exception. I do get: 2018-02-09 23:31:04,841 DEBUG [org.apereo.cas.authentication.GroovyMultifactorAuthenticationProviderBypass] - We’ve had that working since adding the bypass.type=GROOVY and bypass.groovy.location

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-09 Thread Man H
add org.apereo.cas cas-server-core-authentication ${cas.version} with: cas.authn.mfa.duo[0].bypass.type=GROOVY cas.authn.mfa.duo[0].bypass.groovy.location=file:/etc/cas/config/mfaGroovyTrigger.groovy you should get 2018-02-09

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-09 Thread Brian Davidson
Just to add a bit to what Brian M. provided (I’m also a Brian, and a co-worker of Brian M’s): We have Duo MFA working if we comment out: cas.authn.mfa.duo[0].bypass.type=GROOVY cas.authn.mfa.duo[0].bypass.groovy.location=file:///etc/cas/selectiveDuo.groovy We did find that CAS was unable to

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

2018-02-09 Thread Man H
What do you mean by REMOVED in properties . El viernes, 9 de febrero de 2018, brian mancuso escribió: > Hey all, > > I was originally trying to setup some custom triggers to determine who > should use MFA and who is allowed to bypass. I have since been directed > towards