Anything that says "REMOVED" is just stuff I pulled out before posting it. I didn't want to post any private/sensitive information.
On Friday, February 9, 2018 at 9:59:12 AM UTC-5, Manfredo Hopp wrote: > > What do you mean by REMOVED in properties . > > El viernes, 9 de febrero de 2018, brian mancuso <[email protected] > <javascript:>> escribió: > >> Hey all, >> >> I was originally trying to setup some custom triggers to determine who >> should use MFA and who is allowed to bypass. I have since been directed >> towards Groovy to simplify things, but I'm still having some trouble. >> >> At this point, the Groovy script's purpose is strictly to test if a >> certain user will bypass MFA while others will not. Here's my setup: >> >> */etc/cas/config/cas.properties* >> >> ## >> # Duo security 2fa authentication provider >> # https://www.duosecurity.com/docs/duoweb#1.-generate-an-akey >> # >> cas.authn.mfa.duo[0].rank=0 >> cas.authn.mfa.duo[0].duoApiHost=REMOVED >> cas.authn.mfa.duo[0].duoIntegrationKey=REMOVED >> cas.authn.mfa.duo[0].duoSecretKey=REMOVED >> cas.authn.mfa.duo[0].duoApplicationKey=REMOVED >> cas.authn.mfa.duo[0].id=mfa-duo >> cas.authn.mfa.globalProviderId=mfa-duo >> cas.authn.mfa.globalFailureMode=OPEN >> cas.authn.mfa.duo[0].bypass.type=GROOVY >> cas.authn.mfa.duo[0].bypass.groovy.location=file: >> ///etc/cas/selectiveDuo.groovy >> >> >> */etc/cas/selectiveDuo.groovy* >> >> def boolean run(final Object... args) { >> def authentication = args[0] >> def principal = args[1] >> def service = args[2] >> def provider = args[3] >> def logger = args[4] >> def httpRequest = args[5] >> >> logger.info("Evaluating principal attributes ${principal.attributes}" >> ) >> >> def bypass = principal.attributes['uid'] >> if ((bypass.contains("testuser") && provider.id == "mfa-duo") { >> logger.info("Skipping bypass for principal ${principal.id}") >> return false >> } >> >> return true >> } >> >> >> When I try to login though, whenever a user would be sent to DUO, I get a >> 500 error: >> >> >> <https://lh3.googleusercontent.com/-bqF7r6WYFDU/Wn2r6Zgza6I/AAAAAAAASso/CtOtDNX7IF0Y2Ua0Eb8GyWbXuYdCSbEJgCLcBGAs/s1600/Screen%2BShot%2B2018-02-09%2Bat%2B9.10.22%2BAM.png> >> >> Here's a small snippet from the output: >> >> 2018-02-09 09:04:05,717 DEBUG >> [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the >> received exception due to a type mismatch> >> org.springframework.webflow.execution.FlowExecutionException: Exception >> thrown in state 'viewLoginFormDuo' of flow 'mfa-duo' >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:573) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:263) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> ~[?:1.8.0_151] >> >> Caused by: >> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException: >> Error encoding flow execution >> at >> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getKey(ClientFlowExecutionRepository.java:114) >> >> ~[spring-webflow-client-repo-1.0.3.jar:1.0.3] >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.assignKey(FlowExecutionImpl.java:419) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.impl.RequestControlContextImpl.assignFlowExecutionKey(RequestControlContextImpl.java:193) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> >> Caused by: java.io.NotSerializableException: org.springframework.core.io >> .UrlResource >> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) >> ~[?:1.8.0_151] >> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) >> ~[?:1.8.0_151] >> >> 2018-02-09 09:04:05,717 ERROR >> [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to >> error page from request [/login] due to exception [Exception thrown in >> state 'viewLoginFormDuo' of flow 'mfa-duo']> >> org.springframework.webflow.execution.FlowExecutionException: Exception >> thrown in state 'viewLoginFormDuo' of flow 'mfa-duo' >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:573) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:263) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> ~[?:1.8.0_151] >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> ~[?:1.8.0_151] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> ~[?:1.8.0_151] >> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_151] >> >> Caused by: >> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException: >> Error encoding flow execution >> at >> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getKey(ClientFlowExecutionRepository.java:114) >> >> ~[spring-webflow-client-repo-1.0.3.jar:1.0.3] >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.assignKey(FlowExecutionImpl.java:419) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.impl.RequestControlContextImpl.assignFlowExecutionKey(RequestControlContextImpl.java:193) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:170) >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at org.springframework.webflow.engine.State.enter(State.java:194) >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.Transition.execute(Transition.java:228) >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> at >> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) >> >> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE] >> >> Caused by: java.io.NotSerializableException: org.springframework.core.io >> .UrlResource >> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) >> ~[?:1.8.0_151] >> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) >> ~[?:1.8.0_151] >> at >> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) >> ~[?:1.8.0_151] >> >> >> I posted the output to pastebin since it was too large for just posting >> here: https://pastebin.com/yNPk4u7n >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3ba67e2-e0ca-4a8e-853b-041343564b9f%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3ba67e2-e0ca-4a8e-853b-041343564b9f%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/651df904-b94c-4d3b-9915-ddfd969c5924%40apereo.org.
