Sorry, my bad! Indeed, when copy-pasting the relevant section of my properties file, I accidentally left out those two lines. Correct section of the properties attached now.
So indeed, I have those two important keys in there. However, the line which I'm not entirely sure about, is this one: cas.authn.mfa.gauth.core.scratch-codes.encryption.key=1234567890123456 The documentation says that this is a required property and it "must be randomly-generated string whose length is defined by the encryption key size setting". Since the key size in EncryptionRandomizedCryptoProperties is 16, I figured I'm just gonna put a random 16-character string in that property which is that "1234567890123456" above. But I'm not sure if it's correct that way. No errors are thrown if I put a longer string in there. But if I leave that property completely out, I get a startup WARN saying its' required. Funny thing is that it all works and accounts are persisted when I let CAS use a JSON file as the GAuth registry, like this: cas.authn.mfa.gauth.json.location=file:/etc/cas/mfa.json But it's the JPA that is problematic. cheers, Jaanus On Thursday 14 March 2024 at 17:19:04 UTC+2 King, Robert wrote: > Those specific keys are not included in your application.properties that > you originally provided. Only encryption keys in the file are for cas.tgc > and cas.webflow. > > > > *From:* Jaanus Heinlaid <jaanus....@gmail.com> > *Sent:* Thursday, March 14, 2024 11:14 AM > *To:* CAS Community <cas-...@apereo.org> > *Cc:* King, Robert <ro...@mun.ca> > *Subject:* Re: [EXTERNAL SENDER] [cas-user] Google Authenticator JPA > account not persisted > > > > Yes, I do have them defined, as I already learned my lesson back in ver > 6.5.0 :) > > You can see these and other properties in the attachment of my previous > post. > > So it's not the missing encryption keys this time, but rather some other > anomaly > > which I cannot figure out. > > > > cheers, > > Jaanus > > On Thursday 14 March 2024 at 14:26:09 UTC+2 King, Robert wrote: > > Do you have the following defined in your properties? > > > > cas.authn.mfa.gauth.crypto.encryption.key > > cas.authn.mfa.gauth.crypto.signing.key > > > > Maybe not relevant to the missing DB write, but exhibits the same behavior > of MFA not persisting past restart. If you do not define the keys in your > properties file they typically get regenerated on each restart of CAS and > that will make the previously encrypted data unrecoverable. > > > > > > *From:* cas-...@apereo.org <cas-...@apereo.org> *On Behalf Of *Jaanus > Heinlaid > *Sent:* Wednesday, March 13, 2024 3:53 PM > *To:* CAS Community <cas-...@apereo.org> > *Subject:* [EXTERNAL SENDER] [cas-user] Google Authenticator JPA account > not persisted > > > > Hi all, > > > > I have upgraded to CAS 7.0.1 and using MFA provided by Google > Authenticator. > > The problem is that Google Authenticator accounts don't get persisted into > > the "google_authenticator_registration_record" database table, forcing > users > > to rescan the QR Code again after CAS is restarted. > > > > The tokens, however, get created and stored into > "google_authenticator_token" > > table without any problems. I have turned on TRACE logging and logging > Hibernate > > SQL statements. The part of the log that I think is relevant is attached. > > > > You can clearly see from the log that first a token is created and > successfully > > persisted into "Google_Authenticator_Token" table. After that we can see > that > > OneTimeTokenAccountSaveRegistrationAction is logging "Storing account > ...". > > It must be this line in code: > > https://github.com/apereo/cas/blob/7.0.x/support/cas-server-support-otp-mfa-core/src/main/java/org/apereo/cas/otp/web/flow/OneTimeTokenAccountSaveRegistrationAction.java#L75 > > However, no account is actually created in the DB :( > > > > Tried this with both MySQL and PostgreSQL, same thing happens in both. > > Attached is the relevant part of my application.properties. > > As you can see, all the required encryption keys are also nicely provided. > > > > And no errors are thrown. I'm out of ideas :( > This used to work nicely in CAS 6.5.0. > > And works when I'm using JSON file for the GAuth registry. > > But I need to get it working with JPA. > > Any ideas? > > > > cheers, > > jaa...@cas.user.since.2016 > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fca213e-e1a4-4731-8370-4f9ca83e5ce1n%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fca213e-e1a4-4731-8370-4f9ca83e5ce1n%40apereo.org?utm_medium=email&utm_source=footer> > . > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/35056e95-dd63-4fe6-96d8-efe8652151bdn%40apereo.org.
application.properties
Description: Binary data
