Hello Benjamin, this is my CAS 6.6 management configuration:
#--------------------------------------------- # config for cas management webapp logging.config=file:/etc/cas/config/log4j2-management.xml server.servlet.context-path=/cas-management cas.server.name=https://www.domain.tld cas.server.prefix=${cas.server.name}/cas mgmt.server-name=https://www.domain.tld # for testing only : no login required #mgmt.cas-sso=false #mgmt.authz-ip-regex=.* mgmt.user-properties-file=file:/etc/cas/config/adminUsers.json mgmt.admin-roles[0]=ROLE_ADMIN mgmt.user-roles[0]=ROLE_USER cas.serviceRegistry.initFromJson=true cas.serviceRegistry.json.location=file:///etc/cas/services-repo mgmt.ldap.ldap-url=ldap://192.168.2.1/ mgmt.ldap.bind-dn=uid=cas,ou=accounts,dc=de mgmt.ldap.bind-credential=xxxxxxxxxxxx #mgmt.ldap.use-ssl=false mgmt.ldap.use-start-tls=false mgmt.ldap.block-wait-time=3000 mgmt.ldap.connect-timeout=2000 mgmt.ldap.validate-on-checkout=false mgmt.ldap.validate-periodically=true mgmt.ldap.validate-period=300 mgmt.ldap.idle-time=600 mgmt.ldap.max-pool-size=10 mgmt.ldap.min-pool-size=1 mgmt.ldap.prune-period=300 mgmt.ldap.ldapAuthz.base-dn=ou=people,dc=domain,dc=tld mgmt.ldap.ldapAuthz.search-filter=uid={user} mgmt.ldap.ldapAuthz.allow-multiple-results=false #--------------------------------------------- Hartmut Benjamin Renard schrieb am Donnerstag, 28. März 2024 um 20:46:46 UTC+1: > Hello Hartmut, > > From my side, I can't observe this interesting error in my logs, even if > enabling debuging on spring webflow & security. In fact, I also try to > enable debug on root logger and I obtain nothing more than I have initialy > posted here. > > Could you share your operational configuration in v6 ? I would like to > know what look like a operational configuration :) > > Thanks ! > > Le jeudi 28 mars 2024 à 12:31:35 UTC+1, Hartmut Trüe a écrit : > >> After playing a bit with the loglevels (debug for >> spring.webflow.log.level and spring.security.log.level), I found this. But >> I have no idea, if that is the problem or what to do. >> As explained earlier, 6.6.x is running fine with the same configuration. >> >> ... >> 2024-03-28 09:43:41,073 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Executing >> org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0> >> 2024-03-28 09:43:41,073 INFO >> [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - >> <No credentials could be extracted/detected from the current request> >> 2024-03-28 09:43:41,073 INFO >> [org.apereo.cas.web.flow.TokenAuthenticationAction] - <Action execution >> disallowed; pre-execution result is 'error'> >> 2024-03-28 09:43:41,073 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Finished >> executing org.apereo.cas.web.flow.TokenAuthenticationAction@7db98da0; >> result = error> >> 2024-03-28 09:43:41,073 DEBUG >> [org.springframework.webflow.execution.ActionExecutor] - <Finished >> executing [EvaluateAction@763bc2b expression = tokenAuthenticationAction, >> resultExpression = [null]]; result = error> >> 2024-03-28 09:43:41,073 DEBUG >> [org.springframework.webflow.engine.Transition] - <Executing >> [Transition@1b2a72b9 on = *, to = >> initialAuthenticationRequestValidationCheck]> >> 2024-03-28 09:43:41,073 DEBUG >> [org.springframework.webflow.engine.Transition] - <Exiting state >> 'tokenAuthenticationCheck'> >> ... >> >> Benjamin Renard schrieb am Mittwoch, 27. März 2024 um 17:40:40 UTC+1: >> >>> Thank Mohamed, >>> >>> What do you mean about enabling SSL ? My CAS management app is >>> accessible via an Apache HTTPS VirtualHost that proxypass requests to a >>> Tomcat's AJP Connector. It's "SSL enabled" for you ? :) >>> >>> Note: My CAS server use the same Apache HTTPS VirtualHost and Tomcat AJP >>> connector, but is deploy another context (/cas vs /cas-management). >>> >>> Le mercredi 27 mars 2024 à 12:01:20 UTC+1, Mohamed Amdouni a écrit : >>> >>>> Hello, >>>> >>>> I had a similar issue running cas management 6.6.4 and it was related >>>> to https. >>>> >>>> My cas management was started with ssl disabled and this version of cas >>>> management requires SSL (see the security adapter ) and in the logs it >>>> says >>>> requires secure channel. >>>> >>>> I tried to override the adapter but finally ended up by activating ssl >>>> to avoid the redirects … >>>> >>>> Hope it helps… >>>> >>>> >>>> >>>> >>>> Le mer. 27 mars 2024 à 08:22, Hartmut Trüe <htr...@gmail.com> a écrit : >>>> >>>>> Same problem on my CAS Management webapp, it ends in "too many >>>>> redirects". The same configuration is working fine with CAS 6.6.x and >>>>> Management 6.6.x and the certificate is valid. >>>>> >>>>> I can't find errors, and the ticket seems to be valid: >>>>> ... >>>>> 2024-03-27 07:39:34,185 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0> >>>>> 2024-03-27 07:39:34,185 DEBUG >>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested >>>>> original ticket id [TGT-1-********PD8Hl30-cas-dev] to >>>>> [064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b]> >>>>> 2024-03-27 07:39:34,185 DEBUG >>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Attempting to >>>>> decode >>>>> [DefaultEncodedTicket(id=064acf194234da9769678f2ebd62453deb710c2e92966a30be34acbb8cfa49a4f519faf61342285493cbf82baf4805e7712a29381b064d68d10c19d2bce67e5b)]> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket >>>>> to [TGT-1-********PD8Hl30-cas-dev]> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing >>>>> org.apereo.cas.web.flow.login.TicketGrantingTicketCheckAction@f63ecb0; >>>>> result = valid> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [EvaluateAction@698bdaf2 expression = >>>>> ticketGrantingTicketCheckAction, resultExpression = [null]]; result = >>>>> valid> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@109de836 on = valid, to = hasServiceCheck]> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'ticketGrantingTicketCheck'> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.DecisionState] - <Entering state >>>>> 'hasServiceCheck' of flow 'login'> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@5efaf8bd on = flowScope.service != null, to = >>>>> renewRequestCheck]> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'hasServiceCheck'> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>> 'renewRequestCheck' of flow 'login'> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [EvaluateAction@42900422 expression = >>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy] >>>>> >>>>> - <Evaluating authentication policy >>>>> [DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[], >>>>> >>>>> excludedAuthenticationHandlers=[], criteria=null)] for [CasClient]> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing >>>>> org.apereo.cas.web.flow.actions.RenewAuthenticationRequestCheckAction@1ab38eaf; >>>>> >>>>> result = proceed> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [EvaluateAction@42900422 expression = >>>>> renewAuthenticationRequestCheckAction, resultExpression = [null]]; result >>>>> = >>>>> proceed> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@1ad0074 on = proceed, to = generateServiceTicket]> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'renewRequestCheck'> >>>>> 2024-03-27 07:39:34,187 DEBUG >>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>> 'generateServiceTicket' of flow 'login'> >>>>> ... >>>>> >>>>> Regards, >>>>> Hartmut >>>>> Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: >>>>> >>>>>> Benjamin, >>>>>> >>>>>> The behaviour you describe happens when the service ticket can not be >>>>>> validated. >>>>>> cas management submits the ST to cas through a back channel over >>>>>> https. >>>>>> If there is nothing in cas audit log about validation / failed >>>>>> validation (which would give a reason for failure), it could be a >>>>>> certificate problem. >>>>>> >>>>>> Do you have a proper/valid certificate for idp.example.tld (i.e. cert >>>>>> signed by an authority)? >>>>>> >>>>>> If not, you may have to add it to the java keystore (assuming you >>>>>> have already added it to tomcat config). >>>>>> >>>>>> Ray >>>>>> >>>>>> On Tue, 2024-03-26 at 05:02 -0700, Benjamin Renard wrote: >>>>>> >>>>>> Notice: This message was sent from outside the University of Victoria >>>>>> email system. Please be cautious with links and sensitive information. >>>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> I'm trying to install a CAS server (v7) on a Debian 12 host. I using >>>>>> the Debian's tomcat10 package, Apache2 as reverse proxy (AJP), the >>>>>> Oracle >>>>>> JDK 21.0.2 and a CAS Initializr overlay to build the cas.war file. My >>>>>> CAS >>>>>> server run well, but I have problem with the authentication of the >>>>>> management app. I use a CAS Initializr overlay for the CAS management >>>>>> 7.0.0-SNAPSHOT and I have no problem to build the war and deploy it in >>>>>> the >>>>>> same context. I configure CAS client in the management app : >>>>>> >>>>>> cas.server.name=https://idp.example.tld >>>>>> cas.server.prefix=${cas.server.name}/cas >>>>>> >>>>>> When I try to access to the management app, I'm entering in a loop : >>>>>> I'm redirect to the CAS server that authenticate me and redirect me to >>>>>> the >>>>>> management app on its callback URL with a ticket ( >>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-53-oxTcezruW9p3hhw5YBRWDXF4HUk-cas1-preprod) >>>>>> >>>>>> and I'm redirect again to the CAS server for authentication, that >>>>>> redirect >>>>>> me back with a new ticket and etc. >>>>>> >>>>>> I have no error in logs and I tried to enable debugging and I can't >>>>>> find any indication about my problem (see logs below). Do you have any >>>>>> idea >>>>>> ? >>>>>> >>>>>> Futhermore, It's a good idea for you to run CAS server & management >>>>>> apps version 7 in production or I have to use version 6 ? >>>>>> >>>>>> Thanks ! >>>>>> >>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>> [org.springframework.security.web.FilterChainProxy] - Securing GET >>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>> 2024-03-26 12:45:29,508 DEBUG >>>>>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] >>>>>> - >>>>>> Request: filter invocation [GET >>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod]; >>>>>> >>>>>> ConfigAttributes: [REQUIRES_SECURE_CHANNEL] >>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>> >>>>>> - Set SecurityContextHolder to anonymous SecurityContext >>>>>> 2024-03-26 12:45:29,509 DEBUG >>>>>> [org.springframework.security.web.FilterChainProxy] - Secured GET >>>>>> /callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>> 2024-03-26 12:45:29,510 DEBUG >>>>>> [org.springframework.web.servlet.DispatcherServlet] - GET >>>>>> "/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod", >>>>>> >>>>>> parameters={masked} >>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>> [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] - >>>>>> Mapped >>>>>> to ResourceHttpRequestHandler [classpath [dist/], classpath [static/]] >>>>>> 2024-03-26 12:45:29,512 DEBUG >>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - === SECURITY === >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - url: >>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - clients: null | matchers: >>>>>> null >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Provided >>>>>> clientNames: null >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Default >>>>>> security clients: null >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - Only >>>>>> client: >>>>>> CasClient >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - >>>>>> clientNameOnRequest: Optional.empty >>>>>> 2024-03-26 12:45:29,513 DEBUG [org.pac4j.core.client.Clients] - Found >>>>>> client: CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>> >>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>> >>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>> nbAttempts=0, lastAttempt=null, >>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>> >>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>> multiProfile=false, saveProfileInSession=true, >>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>> https://idp.example.tld/cas-management/callback, >>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>> >>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>> >>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>> >>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>> >>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>> https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), >>>>>> checkAuthenticationAttempt=true), >>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>> https://idp.example.tld/cas/, restUrl= >>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>> allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, >>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>> hostnameVerifier=null, sslSocketFactory=null)) for name: CasClient >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.client.finder.DefaultSecurityClientFinder] - result: >>>>>> [CasClient] >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - currentClients: >>>>>> [CasClient(super=IndirectClient(super=BaseClient(name=CasClient, >>>>>> authorizationGenerators=[org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator@3a1a130f, >>>>>> >>>>>> org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator@693918b7], >>>>>> credentialsExtractor=org.pac4j.cas.credentials.extractor.CasCredentialsExtractor@463e523, >>>>>> >>>>>> authenticator=InitializableObject(initialized=false, maxAttempts=3, >>>>>> nbAttempts=0, lastAttempt=null, >>>>>> minTimeIntervalBetweenAttemptsInMilliseconds=5000), >>>>>> profileCreator=org.pac4j.core.profile.creator.AuthenticatorProfileCreator@356f4a7b, >>>>>> >>>>>> customProperties={}, profileFactoryWhenNotAuthenticated=null, >>>>>> multiProfile=false, saveProfileInSession=true, >>>>>> config=org.pac4j.core.config.Config@3236bd7d), callbackUrl= >>>>>> https://idp.example.tld/cas-management/callback, >>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>> callbackUrlResolver=org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@4a2a083e, >>>>>> >>>>>> ajaxRequestResolver=org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@3f402824, >>>>>> >>>>>> redirectionActionBuilder=org.pac4j.cas.redirect.CasRedirectionActionBuilder@31d3b75f, >>>>>> >>>>>> logoutProcessor=org.pac4j.cas.logout.processor.CasLogoutProcessor@5083e21e, >>>>>> >>>>>> logoutActionBuilder=CasLogoutActionBuilder(serverLogoutUrl= >>>>>> https://idp.example.tld/cas/logout, postLogoutUrlParameter=service), >>>>>> checkAuthenticationAttempt=true), >>>>>> configuration=CasConfiguration(encoding=UTF-8, loginUrl= >>>>>> https://idp.example.tld/cas/login, prefixUrl= >>>>>> https://idp.example.tld/cas/, restUrl= >>>>>> https://idp.example.tld/cas/v1/tickets, timeTolerance=1000, >>>>>> protocol=CAS30, renew=false, gateway=false, acceptAnyProxy=false, >>>>>> allowedProxyChains=[], defaultTicketValidator=null, proxyReceptor=null, >>>>>> urlResolver=org.pac4j.core.http.url.DefaultUrlResolver@4c65ba89, >>>>>> postLogoutUrlParameter=service, customParams={}, method=null, >>>>>> privateKeyPath=null, privateKeyAlgorithm=null, privateKey=null, >>>>>> hostnameVerifier=null, sslSocketFactory=null))] >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get sessionId: >>>>>> 0D8A24DA3779DDC589CC82A00D7121ED >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>> matcher: org.pac4j.core.matching.matcher.CacheControlMatcher@62ab3f9d -> >>>>>> true >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>> matcher: >>>>>> org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher@ba6fb34 >>>>>> -> true >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>> matcher: StrictTransportSecurityMatcher(maxAge=15768000) -> true >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>> matcher: org.pac4j.core.matching.matcher.XFrameOptionsMatcher@57ab0e5b >>>>>> -> >>>>>> true >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>> matcher: org.pac4j.core.matching.matcher.XSSProtectionMatcher@2471fb38 >>>>>> -> >>>>>> true >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,513 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: >>>>>> 93cdd09ba2c74a3d9235b3c71fb3e8dd for key: pac4jCsrfToken >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>> previous >>>>>> CSRF token: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>> pac4jPreviousCsrfToken for value: 93cdd09ba2c74a3d9235b3c71fb3e8dd >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator] - >>>>>> generated CSRF token: 2af42c4e87984404bcc144ac7034dbc3 for current URL: >>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>> pac4jCsrfToken >>>>>> for value: 2af42c4e87984404bcc144ac7034dbc3 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>> pac4jCsrfTokenExpirationDate for value: 1711467929514 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.core.matching.checker.DefaultMatchingChecker] - Checking >>>>>> matcher: >>>>>> CsrfTokenGeneratorMatcher(csrfTokenGenerator=org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator@690fdeb, >>>>>> >>>>>> domain=null, path=/, httpOnly=true, secure=true, maxAge=null, >>>>>> sameSitePolicy=null, addTokenAsAttribute=true, addTokenAsHeader=false, >>>>>> addTokenAsCookie=true) -> true >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>> key: >>>>>> pac4jUserProfiles >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Loaded profiles (from >>>>>> session: true): [] >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.core.engine.DefaultSecurityLogic] - Starting authentication >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler] - >>>>>> requestedUrl: >>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: true, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Set key: >>>>>> pac4jRequestedUrl for value: >>>>>> https://idp.example.tld/cas-management/callback?client_name=CasClient&ticket=ST-10-ipOZZ-cIopn56--P0uA0wBlejuw-cas1-preprod >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - createSession: false, >>>>>> retrieved session: >>>>>> org.apache.catalina.session.StandardSessionFacade@730d8632 >>>>>> 2024-03-26 12:45:29,514 DEBUG >>>>>> [org.pac4j.jee.context.session.JEESessionStore] - Get value: null for >>>>>> key: >>>>>> CasClient$attemptedAuthentication >>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>> [org.pac4j.cas.redirect.CasRedirectionActionBuilder] - redirectionUrl: >>>>>> https://idp.example.tld/cas/login?service=https%3A%2F%2Fidp.example.tld%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient >>>>>> 2024-03-26 12:45:29,515 DEBUG >>>>>> [org.springframework.web.servlet.DispatcherServlet] - Completed 302 FOUND >>>>>> >>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to cas-user+u...@apereo.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org >>>>> >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9f29a19-e216-4305-8027-fbaec2d873cbn%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/846f5824-cd0b-4d47-8071-ab7cd5a9d1fcn%40apereo.org.
