Could anybody confirm that this issue still appear itself in v7.1. Ii
seems i have the same . My logs :
[env : simple as posible casuser:Mellon with mf-gauth run by ./gradlew run
debug,time synced with ntpd server]
2024-06-27 12:09:08,262 DEBUG
[org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,262 DEBUG
[org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
2024-06-27 12:09:08,263 DEBUG
[org.springframework.boot.actuate.audit.listener.AuditListener] -
<AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z,
principal=anonymousUser, type=AUTHORIZATION_FAILURE,
data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1,
SessionId=null]}]>
2024-06-27 12:09:08,266 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for
POST "/cas/error", parameters={masked}>
2024-06-27 12:09:08,266 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
- <Mapped to
org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
2024-06-27 12:09:08,267 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
- <Using 'application/vnd.cas.services+yaml', given [*/*] and supported
[application/vnd.cas.services+yaml, application/json, application/*+json,
application/xml;charset=UTF-8, text/xml;charset=UTF-8,
application/*+xml;charset=UTF-8]>
2024-06-27 12:09:08,268 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
- <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403,
error=Forbidden, message=Access Denied, path=/ (truncated)...]>
2024-06-27 12:09:08,269 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR"
dispatch, status 403>
2024-06-27 12:09:16,765 DEBUG
[org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] -
<Starting to clean previously used authenticator tokens from
[BaseOneTimeTokenRepository()] at
[2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]>
On Wednesday, January 10, 2024 at 7:52:52 PM UTC+1 Al Faller wrote:
> Did some http level comparison between 6.6 and 7.0 -
> 6.6 sends the POST to /cas/login, whereas
> 7.0 sends the POST to /cas/mfa-gauth
>
> So, editing the form action in the html for the device registration, I set
> the action=/cas/login on my 7.0 test and it worked!
>
> Looks like the form was changed in commit 15580dc in October, for "allow
> account profile to allow users to register devices with gauth". I don't
> pretend to understand how the flow was changed, but maybe this will help
> someone with straightening this out. Unfortunately my hack works fine with
> a vanilla version of CAS running, but does not work once I turn on all of
> the features I need (I get different errors though, which is likely related
> to the flow changes).
>
>
>
>
>
> On Wed, Jan 10, 2024 at 11:00 AM Al Faller <fal...@gmail.com> wrote:
>
>> HI All -
>>
>> Turned on debugging for spring and it looks like spring is sending the
>> error:
>>
>> 2024-01-10 15:49:02,787 INFO
>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0]
>> expired tickets removed.>
>> 2024-01-10 15:49:10,713 DEBUG
>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
>> 2024-01-10 15:49:10,715 DEBUG
>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping
>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'>
>> 2024-01-10 15:49:10,716 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Trying to match
>> request against DefaultSecurityFilterChain [RequestMatcher=any request,
>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd,
>>
>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381,
>>
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e,
>>
>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c,
>>
>> org.springframework.web.filter.CorsFilter@3baaf6b3,
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b,
>>
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8,
>>
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0,
>>
>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa,
>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]]
>>
>> (1/1)>
>> 2024-01-10 15:49:10,716 DEBUG
>> [org.springframework.security.web.FilterChainProxy] - <Securing POST
>> /mfa-gauth>
>> 2024-01-10 15:49:10,716 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> DisableEncodeUrlFilter (1/10)>
>> 2024-01-10 15:49:10,717 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ChannelProcessingFilter (2/10)>
>> 2024-01-10 15:49:10,717 TRACE
>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource]
>>
>> - <Did not match request to
>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16
>>
>> - [REQUIRES_SECURE_CHANNEL] (1/1)>
>> 2024-01-10 15:49:10,718 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> WebAsyncManagerIntegrationFilter (3/10)>
>> 2024-01-10 15:49:10,718 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderFilter (4/10)>
>> 2024-01-10 15:49:10,718 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter
>> (5/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> RequestCacheAwareFilter (6/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
>> <matchingRequestParameterName is required for getMatchingRequest to lookup
>> a value, but not provided>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderAwareRequestFilter (7/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AnonymousAuthenticationFilter (8/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ExceptionTranslationFilter (9/10)>
>> 2024-01-10 15:49:10,719 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AuthorizationFilter (10/10)>
>> 2024-01-10 15:49:10,720 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[
>> org.apache.catalina.connector.RequestFacade@4d5329b9]]>
>> 2024-01-10 15:49:10,739 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Denying request since did not find matching RequestMatcher>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository]
>>
>> - <No HttpSession currently exists>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,459 TRACE
>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>>
>> - <Set SecurityContextHolder to AnonymousAuthenticationToken
>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true,
>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
>> 2024-01-10 15:49:13,460 TRACE
>> [org.springframework.security.web.access.ExceptionTranslationFilter] -
>> <Sending AnonymousAuthenticationToken [Principal=anonymousUser,
>> Credentials=[PROTECTED], Authenticated=true,
>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication
>> entry point since access is denied>
>> org.springframework.security.access.AccessDeniedException: Access Denied
>> at
>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
>> at
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
>> at
>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
>> at
>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
>> at
>> org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
>> at
>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
>> at
>> org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
>> at
>> org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>> at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
>> at
>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
>> at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)
>> at
>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
>> at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)
>> at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
>> at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)
>> 2024-01-10 15:49:13,462 TRACE
>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
>> <Did not save request since it did not match [And [Not [Ant
>> [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher
>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6,
>>
>> matchingMediaTypes=[application/json], useEquals=false,
>> ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher
>> [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]],
>> Not [MediaTypeRequestMatcher
>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6,
>>
>> matchingMediaTypes=[multipart/form-data], useEquals=false,
>> ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher
>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6,
>>
>> matchingMediaTypes=[text/event-stream], useEquals=false,
>> ignoredMediaTypes=[*/*]]]]]>
>> 2024-01-10 15:49:13,462 DEBUG
>> [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint]
>> - <Pre-authenticated entry point called. Rejecting access>
>> 2024-01-10 15:49:13,485 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>>
>> - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Trying to match
>> request against DefaultSecurityFilterChain [RequestMatcher=any request,
>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd,
>>
>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381,
>>
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e,
>>
>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c,
>>
>> org.springframework.web.filter.CorsFilter@3baaf6b3,
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b,
>>
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8,
>>
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0,
>>
>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa,
>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]]
>>
>> (1/1)>
>> 2024-01-10 15:49:13,503 DEBUG
>> [org.springframework.security.web.FilterChainProxy] - <Securing POST /error>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> DisableEncodeUrlFilter (1/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ChannelProcessingFilter (2/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource]
>>
>> - <Did not match request to
>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16
>>
>> - [REQUIRES_SECURE_CHANNEL] (1/1)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> WebAsyncManagerIntegrationFilter (3/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderFilter (4/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking CorsFilter
>> (5/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> RequestCacheAwareFilter (6/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
>> <matchingRequestParameterName is required for getMatchingRequest to lookup
>> a value, but not provided>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> SecurityContextHolderAwareRequestFilter (7/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AnonymousAuthenticationFilter (8/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> ExceptionTranslationFilter (9/10)>
>> 2024-01-10 15:49:13,503 TRACE
>> [org.springframework.security.web.FilterChainProxy] - <Invoking
>> AuthorizationFilter (10/10)>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[
>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]]>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager]
>>
>> - <Checking authorization on SecurityContextHolderAwareRequestWrapper[
>> FirewalledRequest[
>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]] using
>> org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b>
>> 2024-01-10 15:49:13,504 DEBUG
>> [org.springframework.security.web.FilterChainProxy] - <Secured POST /error>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed
>> cookie value [en-US] into locale 'en_US'>
>> 2024-01-10 15:49:13,504 TRACE
>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch for
>> POST "/cas/error", parameters={masked}, headers={masked} in
>> DispatcherServlet 'dispatcherServlet'>
>> 2024-01-10 15:49:13,505 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>>
>> - <2 matching mappings: [{ [/error]}, { [/error], produces [text/html]}]>
>> 2024-01-10 15:49:13,505 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>>
>> - <Mapped to
>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)>
>> 2024-01-10 15:49:13,513 TRACE
>> [org.springframework.web.method.HandlerMethod] - <Arguments:
>> [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379]>
>> 2024-01-10 15:49:13,531 DEBUG
>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
>>
>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported
>> [application/vnd.cas.services+yaml, application/json, application/*+json,
>> application/xml;charset=UTF-8, text/xml;charset=UTF-8,
>> application/*+xml;charset=UTF-8]>
>> 2024-01-10 15:49:13,531 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
>>
>> - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403,
>> error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]>
>> 2024-01-10 15:49:13,574 TRACE
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter]
>>
>> - <Applying default cacheSeconds=-1>
>> 2024-01-10 15:49:13,574 TRACE
>> [org.springframework.web.servlet.DispatcherServlet] - <No view rendering,
>> null ModelAndView returned.>
>> 2024-01-10 15:49:13,576 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from "ERROR"
>> dispatch, status 403, headers={masked}>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository]
>>
>> - <No HttpSession currently exists>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.context.SupplierDeferredSecurityContext]
>> - <Created SecurityContextImpl [Null authentication]>
>> 2024-01-10 15:49:13,576 TRACE
>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>>
>> - <Set SecurityContextHolder to AnonymousAuthenticationToken
>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true,
>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1,
>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]>
>>
>> On Wednesday, January 10, 2024 at 7:57:27 AM UTC-5 Frédéric Dussurget
>> wrote:
>>
>>> Hi Al,
>>> I've got the same issue, could not fixed it. F12 console in your browser
>>> might throw a 401 error ... (for info my db backend is redis)
>>> we have a topic here :
>>> https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M
>>> regards,
>>>
>>>
>>> Le mercredi 10 janvier 2024 à 05:26:03 UTC+1, Al Faller a écrit :
>>>
>>>> Hi -
>>>>
>>>> Trying to get mfa-gauth working with 7.0. Unfortunately when I'm
>>>> attempting to "Confirm account registration" (save my new device), I
>>>> receive a 403 error back from CAS at /cas/mfa-gauth and an error on the
>>>> screen. I can reproduce this with a clean copy of the overlay. My steps:
>>>>
>>>> - add 'implementation "org.apereo.cas:cas-server-support-gauth"' to
>>>> the build.gradle
>>>> - ./gradlew build
>>>> - add cas.authn.mfa.triggers.global.global-provider-id=mfa-gauth to
>>>> /etc/cas/config/cas.properties
>>>> - java -jar build/libs/cas.war --server.ssl.enabled=false
>>>> --server.port=8080
>>>>
>>>> From chrome developer tools, looks like the following was returned:
>>>> --- !<java.util.LinkedHashMap>
>>>> timestamp: "2024-01-09T22:48:27.384+00:00"
>>>> status: 403
>>>> error: "Forbidden"
>>>> message: "Access Denied"
>>>> path: "/cas/mfa-gauth"
>>>>
>>>> added debug logging - nothing useful shows up.
>>>>
>>>> Attached is the screenshot:
>>>> [image: Screenshot from 2024-01-09 17-45-14.png]
>>>>
>>>> Any ideas why this might be breaking? I have tried 7.0 and master with
>>>> no luck.
>>>>
>>>> Thanks in advance,
>>>>
>>>> Al
>>>>
>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fc81a5f3-e347-4f47-be3a-a81be2c0f422n%40apereo.org.
