Those specific keys are not included in your application.properties that you originally provided. Only encryption keys in the file are for cas.tgc and cas.webflow.
From: Jaanus Heinlaid <jaanus.heinl...@gmail.com> Sent: Thursday, March 14, 2024 11:14 AM To: CAS Community <cas-user@apereo.org> Cc: King, Robert <r...@mun.ca> Subject: Re: [EXTERNAL SENDER] [cas-user] Google Authenticator JPA account not persisted Yes, I do have them defined, as I already learned my lesson back in ver 6.5.0 :) You can see these and other properties in the attachment of my previous post. So it's not the missing encryption keys this time, but rather some other anomaly which I cannot figure out. cheers, Jaanus On Thursday 14 March 2024 at 14:26:09 UTC+2 King, Robert wrote: Do you have the following defined in your properties? cas.authn.mfa.gauth.crypto.encryption.key cas.authn.mfa.gauth.crypto.signing.key Maybe not relevant to the missing DB write, but exhibits the same behavior of MFA not persisting past restart. If you do not define the keys in your properties file they typically get regenerated on each restart of CAS and that will make the previously encrypted data unrecoverable. From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of Jaanus Heinlaid Sent: Wednesday, March 13, 2024 3:53 PM To: CAS Community <cas-...@apereo.org> Subject: [EXTERNAL SENDER] [cas-user] Google Authenticator JPA account not persisted Hi all, I have upgraded to CAS 7.0.1 and using MFA provided by Google Authenticator. The problem is that Google Authenticator accounts don't get persisted into the "google_authenticator_registration_record" database table, forcing users to rescan the QR Code again after CAS is restarted. The tokens, however, get created and stored into "google_authenticator_token" table without any problems. I have turned on TRACE logging and logging Hibernate SQL statements. The part of the log that I think is relevant is attached. You can clearly see from the log that first a token is created and successfully persisted into "Google_Authenticator_Token" table. After that we can see that OneTimeTokenAccountSaveRegistrationAction is logging "Storing account ...". It must be this line in code: https://github.com/apereo/cas/blob/7.0.x/support/cas-server-support-otp-mfa-core/src/main/java/org/apereo/cas/otp/web/flow/OneTimeTokenAccountSaveRegistrationAction.java#L75 However, no account is actually created in the DB :( Tried this with both MySQL and PostgreSQL, same thing happens in both. Attached is the relevant part of my application.properties. As you can see, all the required encryption keys are also nicely provided. And no errors are thrown. I'm out of ideas :( This used to work nicely in CAS 6.5.0. And works when I'm using JSON file for the GAuth registry. But I need to get it working with JPA. Any ideas? cheers, jaa...@cas.user.since.2016 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fca213e-e1a4-4731-8370-4f9ca83e5ce1n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fca213e-e1a4-4731-8370-4f9ca83e5ce1n%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DS7PR17MB67307D84484E7F8706D3F1DAB4292%40DS7PR17MB6730.namprd17.prod.outlook.com.
