Hi Pierre, oh I mean by accessing directly to a service protected by mfa-gauth, just after the login/pwd form : You have the ability to register a new device here. The other way is to register your device thru the /cas/login page (in case you added this functionnality ...) it does not work for every MFA technology : for instance MFA webauthn registering thru the /cas/login page is not working yet (well since my last try ...)
Le mardi 3 décembre 2024 à 16:47:11 UTC+1, Pierre Driutti a écrit : > Hello Frederic, > > I am new to CAS, and am also having this issue. > > I'd be curious though. How could one register a gauth device « on the fly > » ? > > Thanks in advance > > regards, > > Pierre > Le mardi 3 décembre 2024 à 15:02:36 UTC+1, Frédéric Dussurget a écrit : > >> Hi Bruno, >> on my side, I'm able to register new gauth devices on a clean fresh 7.1.2 >> clone (without overriding casGoogleAuthenticatorRegistrationView.html) >> : I can register gauth device both "on the fly" and through the /cas/login >> page. >> >> Notice I have turned on CasFeatureModule.AccountManagement.enabled to be >> ablme to register thru the /cas/login page. >> >> I cannot try with 7.2.x because I still have an issue with reddis and 'void >> io.lettuce.core.StatefulRedisConnectionImpl.<init>(io.lettuce.core.RedisChannelWriter, >> >> io.lettuce.core.protocol.PushHandler, io.lettuce.core.codec.RedisCodec, >> java.time.Duration)' >> Regards >> >> >> >> Le vendredi 29 novembre 2024 à 14:58:51 UTC+1, Bruno Elie a écrit : >> >>> Hi all, >>> It seems that this problem of flow is not resolved yet. >>> I'm actually testing mfa with gauth on CAS v7.1 (also tested on v7.2) >>> and i still have to make this change in the forms action on file >>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html.. >>> With this change i can successfully register my device but that's all, >>> just after this step i encouter an error 500 also linked to the flow: >>> >>> Error: jakarta.servlet.ServletException: Request processing failed: >>> org.springframework.webflow.execution.ActionExecutionException: Exception >>> thrown executing >>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@342fddc >>> >>> in state 'accountRegistrationCheck' of flow 'mfa-gauth' -- action execution >>> attributes were 'map[[empty]]' >>> >>> Any news here ? >>> >>> >>> Regards, >>> >>> Bruno >>> >>> Le mardi 2 juillet 2024 à 12:03:20 UTC+2, Frédéric Dussurget a écrit : >>> >>>> Hi Artur, >>>> I gave it a try this morning, this is exactly what I've done : >>>> >>>> - I flushed the db before >>>> - cloned a brand new cas-overlay-template version=*7.1.0-SNAPSHOT* and >>>> springBootVersion=3.3.1 (this morning master branch) >>>> - First I gave it a try and *I can confirm to you that I could not >>>> registered my device with this version*. >>>> - Then I edited >>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>> >>>> : >>>> nano >>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>> changed line 20 from <form method="post" id="fm1" class="fm-v >>>> clearfix" th:action="@{${'/' + activeFlowId} }"> to <form >>>> method="post" id="fm1" class="fm-v clearfix" th:action="@{/login}"> >>>> - build and deployed again the .war into tomcat (gradlew then mv as you >>>> did) >>>> - flushed my former cas entry in my device (google authenticator on my >>>> mobile phone) >>>> >>>> Then I was able to register my mobile phone again and was able to log >>>> in. >>>> >>>> After that, and because like gaming, I deleted the >>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>> >>>> and regradlewed again all that stuff nut I did not flushed the db so my >>>> device is still registered : I'm able to log in but cannot register any >>>> other devices ... >>>> >>>> I would not submit a PR, because it looks more like a new mfa global >>>> strategy change than a typo ... >>>> >>>> >>>> >>>> Le jeudi 27 juin 2024 à 15:29:56 UTC+2, artur mis a écrit : >>>> >>>>> I have changed casGoogleAuthenticatorRegistrationView.html >>>>> /gradlew getResource >>>>> -PresourceName=casGoogleAuthenticatorRegistrationView.html >>>>> Edit >>>>> changes to: >>>>> <form method="post" id="fm1" class="fm-v clearfix" >>>>> th:action="@{/login}"> >>>>> ./gradlew clean build >>>>> ./gradlew run >>>>> logs: >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>> >>>>> - <Getting FlowDefinition with id 'login'> >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>> >>>>> - <Getting FlowDefinition with id 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Resuming >>>>> in >>>>> org.springframework.webflow.mvc.servlet.MvcExternalContext@43d3c39c> >>>>> 2024-06-27 15:04:38,064 DEBUG >>>>> [org.springframework.webflow.engine.Flow] - <Restoring >>>>> [FlowVariable@72d57e64 name = 'credential', valueFactory = >>>>> [BeanFactoryVariableValueFactory@54271a0 type = >>>>> GoogleAuthenticatorTokenCredential]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <Processing user >>>>> event 'submit'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <No model to >>>>> bind >>>>> to; done processing user event> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ViewState] - <Event 'submit' returned >>>>> from view [CasMvcViewFactoryCreator.CasServletMvcView@19fcc87f view = >>>>> org.thymeleaf.spring6.view.ThymeleafView@20a0257c]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@78d19fd5 on = submit, to = saveRegistration]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'viewRegistration'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>> 'saveRegistration' of flow 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [EvaluateAction@2858a08b expression = >>>>> googleSaveAccountRegistrationAction, >>>>> resultExpression = [null]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator] >>>>> >>>>> - <Authorizing token [442461] against account >>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>> username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> 2024-06-27 15:04:38,065 WARN >>>>> [org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction] >>>>> - >>>>> <Unable to authorize given token [442461] for account >>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>> username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> 2024-06-27 15:04:38,065 ERROR >>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] - >>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing >>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d; >>>>> >>>>> result = error> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [EvaluateAction@2858a08b expression = >>>>> googleSaveAccountRegistrationAction, resultExpression = [null]]; result = >>>>> error> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@21706f35 on = *, to = accountRegistrationCheck]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'saveRegistration'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>> 'accountRegistrationCheck' of flow 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [EvaluateAction@27d141a0 expression = >>>>> googleAccountCheckRegistrationAction, >>>>> resultExpression = [null]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a; >>>>> >>>>> result = register> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [EvaluateAction@27d141a0 expression = >>>>> googleAccountCheckRegistrationAction, resultExpression = [null]]; result >>>>> = >>>>> register> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>> [Transition@27ba422f on = register, to = viewRegistration]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>> 'accountRegistrationCheck'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.engine.ViewState] - <Entering state >>>>> 'viewRegistration' of flow 'mfa-gauth'> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [SetAction@28627feb name = viewScope.principal, value = >>>>> conversationScope.authentication.principal]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>> executing [SetAction@28627feb name = viewScope.principal, value = >>>>> conversationScope.authentication.principal]; result = success> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> [EvaluateAction@127cb29e expression = >>>>> googleAccountCreateRegistrationAction, resultExpression = [null]]> >>>>> 2024-06-27 15:04:38,065 DEBUG >>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction@3208f7f> >>>>> 2024-06-27 15:04:38,071 DEBUG >>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] >>>>> - >>>>> <Registration key URI is >>>>> [otpauth://totp/CASLabel:casuser?secret=****************]> >>>>> >>>>> >>>>> I was thinking that i have wrong sync time becouse : >>>>> 2024-06-27 15:04:38,065 ERROR >>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] - >>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>> source=null)]> >>>>> LOGS are in CEST but some internal logs are UTC but they look like >>>>> the same after calculation. >>>>> >>>>> >>>>> Finally: I havent recive logs like before with 403 but : >>>>> 024-06-27 15:25:53,702 DEBUG >>>>> [org.springframework.web.servlet.DispatcherServlet] - <Completed 401 >>>>> UNAUTHORIZED> >>>>> So i'm still in black ass. >>>>> >>>>> On Thursday, June 27, 2024 at 1:11:29 PM UTC+2 artur mis wrote: >>>>> >>>>>> Could anybody confirm that this issue still appear itself in >>>>>> v7.1. Ii seems i have the same . My logs : >>>>>> >>>>>> [env : simple as posible casuser:Mellon with mf-gauth run by >>>>>> ./gradlew run debug,time synced with ntpd server] >>>>>> >>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>> 2024-06-27 12:09:08,263 DEBUG >>>>>> [org.springframework.boot.actuate.audit.listener.AuditListener] - >>>>>> <AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z, >>>>>> principal=anonymousUser, type=AUTHORIZATION_FAILURE, >>>>>> data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, >>>>>> SessionId=null]}]> >>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" dispatch >>>>>> for >>>>>> POST "/cas/error", parameters={masked}> >>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>> >>>>>> - <Mapped to >>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>> 2024-06-27 12:09:08,267 DEBUG >>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>> >>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported >>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>> application/*+json, >>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>> application/*+xml;charset=UTF-8]> >>>>>> 2024-06-27 12:09:08,268 DEBUG >>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>> >>>>>> - <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403, >>>>>> error=Forbidden, message=Access Denied, path=/ (truncated)...]> >>>>>> 2024-06-27 12:09:08,269 DEBUG >>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>> "ERROR" >>>>>> dispatch, status 403> >>>>>> 2024-06-27 12:09:16,765 DEBUG >>>>>> [org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] - >>>>>> <Starting to clean previously used authenticator tokens from >>>>>> [BaseOneTimeTokenRepository()] at >>>>>> [2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]> >>>>>> >>>>>> On Wednesday, January 10, 2024 at 7:52:52 PM UTC+1 Al Faller wrote: >>>>>> >>>>>>> Did some http level comparison between 6.6 and 7.0 - >>>>>>> 6.6 sends the POST to /cas/login, whereas >>>>>>> 7.0 sends the POST to /cas/mfa-gauth >>>>>>> >>>>>>> So, editing the form action in the html for the device registration, >>>>>>> I set the action=/cas/login on my 7.0 test and it worked! >>>>>>> >>>>>>> Looks like the form was changed in commit 15580dc in October, for >>>>>>> "allow >>>>>>> account profile to allow users to register devices with gauth". I >>>>>>> don't >>>>>>> pretend to understand how the flow was changed, but maybe this will >>>>>>> help >>>>>>> someone with straightening this out. Unfortunately my hack works fine >>>>>>> with >>>>>>> a vanilla version of CAS running, but does not work once I turn on all >>>>>>> of >>>>>>> the features I need (I get different errors though, which is likely >>>>>>> related >>>>>>> to the flow changes). >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Jan 10, 2024 at 11:00 AM Al Faller <fal...@gmail.com> wrote: >>>>>>> >>>>>>>> HI All - >>>>>>>> >>>>>>>> Turned on debugging for spring and it looks like spring is sending >>>>>>>> the error: >>>>>>>> >>>>>>>> 2024-01-10 15:49:02,787 INFO >>>>>>>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] >>>>>>>> expired tickets removed.> >>>>>>>> 2024-01-10 15:49:10,713 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>> <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-01-10 15:49:10,715 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>> <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to match >>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>> request, >>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>> >>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>> >>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>> >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>> >>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>> >>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>> >>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>> >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>> >>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>> >>>>>>>> (1/1)> >>>>>>>> 2024-01-10 15:49:10,716 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>> /mfa-gauth> >>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>> >>>>>>>> - <Did not match request to >>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>> >>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> CorsFilter >>>>>>>> (5/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>> - >>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>> lookup >>>>>>>> a value, but not provided> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AuthorizationFilter (10/10)> >>>>>>>> 2024-01-10 15:49:10,720 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>> FirewalledRequest[ >>>>>>>> org.apache.catalina.connector.RequestFacade@4d5329b9]]> >>>>>>>> 2024-01-10 15:49:10,739 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Denying request since did not find matching RequestMatcher> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>> >>>>>>>> - <No HttpSession currently exists> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>> >>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, >>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>> 2024-01-10 15:49:13,460 TRACE >>>>>>>> [org.springframework.security.web.access.ExceptionTranslationFilter] - >>>>>>>> <Sending AnonymousAuthenticationToken [Principal=anonymousUser, >>>>>>>> Credentials=[PROTECTED], Authenticated=true, >>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to >>>>>>>> authentication >>>>>>>> entry point since access is denied> >>>>>>>> org.springframework.security.access.AccessDeniedException: Access >>>>>>>> Denied >>>>>>>> at >>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) >>>>>>>> at >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224) >>>>>>>> at >>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>> at >>>>>>>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) >>>>>>>> at >>>>>>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>> at >>>>>>>> org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) >>>>>>>> at >>>>>>>> org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) >>>>>>>> at >>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) >>>>>>>> at >>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) >>>>>>>> at >>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) >>>>>>>> at >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) >>>>>>>> at >>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735) >>>>>>>> at >>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) >>>>>>>> at >>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) >>>>>>>> at >>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) >>>>>>>> at >>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) >>>>>>>> at java.base/java.lang.VirtualThread.run(VirtualThread.java:309) >>>>>>>> 2024-01-10 15:49:13,462 TRACE >>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>> - >>>>>>>> <Did not save request since it did not match [And [Not [Ant >>>>>>>> [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher >>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>> >>>>>>>> matchingMediaTypes=[application/json], useEquals=false, >>>>>>>> ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher >>>>>>>> [expectedHeaderName=X-Requested-With, >>>>>>>> expectedHeaderValue=XMLHttpRequest]], >>>>>>>> Not [MediaTypeRequestMatcher >>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>> >>>>>>>> matchingMediaTypes=[multipart/form-data], useEquals=false, >>>>>>>> ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher >>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>> >>>>>>>> matchingMediaTypes=[text/event-stream], useEquals=false, >>>>>>>> ignoredMediaTypes=[*/*]]]]]> >>>>>>>> 2024-01-10 15:49:13,462 DEBUG >>>>>>>> [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] >>>>>>>> >>>>>>>> - <Pre-authenticated entry point called. Rejecting access> >>>>>>>> 2024-01-10 15:49:13,485 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> >>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>> [text/html]}]> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to match >>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>> request, >>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>> >>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>> >>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>> >>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>> >>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>> >>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>> >>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>> >>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>> >>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>> >>>>>>>> (1/1)> >>>>>>>> 2024-01-10 15:49:13,503 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>> /error> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>> >>>>>>>> - <Did not match request to >>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>> >>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> CorsFilter >>>>>>>> (5/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>> - >>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>> lookup >>>>>>>> a value, but not provided> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>> AuthorizationFilter (10/10)> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>> FirewalledRequest[ >>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]]> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>> >>>>>>>> - <Checking authorization on SecurityContextHolderAwareRequestWrapper[ >>>>>>>> FirewalledRequest[ >>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]] using >>>>>>>> org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b> >>>>>>>> 2024-01-10 15:49:13,504 DEBUG >>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Secured POST >>>>>>>> /error> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed >>>>>>>> cookie value [en-US] into locale 'en_US'> >>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" >>>>>>>> dispatch for >>>>>>>> POST "/cas/error", parameters={masked}, headers={masked} in >>>>>>>> DispatcherServlet 'dispatcherServlet'> >>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> >>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>> [text/html]}]> >>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> >>>>>>>> - <Mapped to >>>>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>>>> 2024-01-10 15:49:13,513 TRACE >>>>>>>> [org.springframework.web.method.HandlerMethod] - <Arguments: >>>>>>>> [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379]> >>>>>>>> 2024-01-10 15:49:13,531 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> >>>>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and >>>>>>>> supported >>>>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>>>> application/*+json, >>>>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>>>> application/*+xml;charset=UTF-8]> >>>>>>>> 2024-01-10 15:49:13,531 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> >>>>>>>> - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403, >>>>>>>> error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]> >>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter] >>>>>>>> >>>>>>>> - <Applying default cacheSeconds=-1> >>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <No view >>>>>>>> rendering, >>>>>>>> null ModelAndView returned.> >>>>>>>> 2024-01-10 15:49:13,576 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>>>> "ERROR" >>>>>>>> dispatch, status 403, headers={masked}> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>> >>>>>>>> - <No HttpSession currently exists> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>> >>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>> >>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, >>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>> >>>>>>>> On Wednesday, January 10, 2024 at 7:57:27 AM UTC-5 Frédéric >>>>>>>> Dussurget wrote: >>>>>>>> >>>>>>>>> Hi Al, >>>>>>>>> I've got the same issue, could not fixed it. F12 console in your >>>>>>>>> browser might throw a 401 error ... (for info my db backend is redis) >>>>>>>>> we have a topic here : >>>>>>>>> https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M >>>>>>>>> regards, >>>>>>>>> >>>>>>>>> >>>>>>>>> Le mercredi 10 janvier 2024 à 05:26:03 UTC+1, Al Faller a écrit : >>>>>>>>> >>>>>>>>>> Hi - >>>>>>>>>> >>>>>>>>>> Trying to get mfa-gauth working with 7.0. Unfortunately when I'm >>>>>>>>>> attempting to "Confirm account registration" (save my new device), I >>>>>>>>>> receive a 403 error back from CAS at /cas/mfa-gauth and an error on >>>>>>>>>> the >>>>>>>>>> screen. I can reproduce this with a clean copy of the overlay. My >>>>>>>>>> steps: >>>>>>>>>> >>>>>>>>>> - add 'implementation >>>>>>>>>> "org.apereo.cas:cas-server-support-gauth"' to the build.gradle >>>>>>>>>> - ./gradlew build >>>>>>>>>> - add cas.authn.mfa.triggers.global.global-provider-id=mfa-gauth >>>>>>>>>> to >>>>>>>>>> /etc/cas/config/cas.properties >>>>>>>>>> - java -jar build/libs/cas.war --server.ssl.enabled=false >>>>>>>>>> --server.port=8080 >>>>>>>>>> >>>>>>>>>> From chrome developer tools, looks like the following was >>>>>>>>>> returned: >>>>>>>>>> --- !<java.util.LinkedHashMap> >>>>>>>>>> timestamp: "2024-01-09T22:48:27.384+00:00" >>>>>>>>>> status: 403 >>>>>>>>>> error: "Forbidden" >>>>>>>>>> message: "Access Denied" >>>>>>>>>> path: "/cas/mfa-gauth" >>>>>>>>>> >>>>>>>>>> added debug logging - nothing useful shows up. >>>>>>>>>> >>>>>>>>>> Attached is the screenshot: >>>>>>>>>> [image: Screenshot from 2024-01-09 17-45-14.png] >>>>>>>>>> >>>>>>>>>> Any ideas why this might be breaking? I have tried 7.0 and >>>>>>>>>> master with no luck. >>>>>>>>>> >>>>>>>>>> Thanks in advance, >>>>>>>>>> >>>>>>>>>> Al >>>>>>>>>> >>>>>>>>>> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/15e92fd9-f51c-4eab-bf55-2af4fb4ef1a2n%40apereo.org.
