[cas-user] Error since CAS 6.3

Sat, 06 Feb 2021 12:36:11 -0800 

Hello, 

I currently dev for migrate from 6.2.5 to 6.3.1

And i have an error when i try to access a service with 2FA enabled but 
bypassed by reverse proxy

No specific flows are defined, only bypass
*#Google Auth Bypass*
*cas.authn.mfa.gauth.bypass.http-request-headers=remote_user*
*cas.authn.mfa.gauth.bypass.principal-attribute-name=cas2faEnabled*
*cas.authn.mfa.gauth.bypass.principal-attribute-value=FALSE*

So if a user (aka test1, with 2FA enabled in LDAP) connect to a service ( 
test.lab.local) : all it's ok
my second user (aka test2, without 2FA enabled) all is ok

and my first user came with his PKI, and nginx reverse proxy set 
remote_user header  to cas has this error :
*org.springframework.webflow.engine.NoMatchingTransitionException: No 
transition was matched on the event(s) signaled by the [1] action(s) that 
executed in this action state 'remoteAuthenticate' of flow 'login'; 
transitions must be defined to handle action result outcomes -- possible 
flow configuration error? Note: the eventIds signaled were: 
'array<String>['generateServiceTicket']', while the supported set of 
transitional criteria for this action state is 
'array<TransitionCriteria>[success, error, authenticationFailure, 
mfa-gauth]'*
but he can access to cas.lab.local without error.
[image: Capture d’écran 2021-02-06 à 21.33.10.png]
we see the MFA is bypassed in attributes.

The service i try to reach is very simple :
*{*
*"@class" : "org.apereo.cas.services.RegexRegisteredService",*
*"serviceId" : "^(https|http)://localhost.*",*
*"name" : "localhost",*
*"id" : 2,*
*"description" : "Allows only localhost services",*
*"evaluationOrder" : 0*
*}*



PS : this scenario is production scenario in place since CAS 5.2

Thanks for your help

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d628c4f2-36c7-4b5c-90f7-9cafc9e0f318n%40apereo.org.

Reply via email to