I have this problem with cas 6.6.14. It doesn't accept token generated to verify registered device and return error message:
Unable to accept this token. The given token is invalid, does not belong to the device or has expired Any idea? On Fri, Dec 6, 2024 at 4:11 PM Pierre Driutti <pierred.a...@gmail.com> wrote: > Thanks for the clarification, Frédéric. > Regards, > Pierre > > Le jeudi 5 décembre 2024 à 15:19:01 UTC+1, Frédéric Dussurget a écrit : > >> Hi Pierre, >> oh I mean by accessing directly to a service protected by mfa-gauth, just >> after the login/pwd form : You have the ability to register a new device >> here. >> The other way is to register your device thru the /cas/login page (in >> case you added this functionnality ...) >> it does not work for every MFA technology : for instance MFA webauthn >> registering thru the /cas/login page is not working yet (well since my last >> try ...) >> >> >> Le mardi 3 décembre 2024 à 16:47:11 UTC+1, Pierre Driutti a écrit : >> >>> Hello Frederic, >>> >>> I am new to CAS, and am also having this issue. >>> >>> I'd be curious though. How could one register a gauth device « on the >>> fly » ? >>> >>> Thanks in advance >>> >>> regards, >>> >>> Pierre >>> Le mardi 3 décembre 2024 à 15:02:36 UTC+1, Frédéric Dussurget a écrit : >>> >>>> Hi Bruno, >>>> on my side, I'm able to register new gauth devices on a clean fresh >>>> 7.1.2 clone (without overriding >>>> casGoogleAuthenticatorRegistrationView.html) : I can register gauth >>>> device both "on the fly" and through the /cas/login page. >>>> >>>> Notice I have turned on CasFeatureModule.AccountManagement.enabled to >>>> be ablme to register thru the /cas/login page. >>>> >>>> I cannot try with 7.2.x because I still have an issue with reddis and >>>> 'void >>>> io.lettuce.core.StatefulRedisConnectionImpl.<init>(io.lettuce.core.RedisChannelWriter, >>>> io.lettuce.core.protocol.PushHandler, io.lettuce.core.codec.RedisCodec, >>>> java.time.Duration)' >>>> Regards >>>> >>>> >>>> >>>> Le vendredi 29 novembre 2024 à 14:58:51 UTC+1, Bruno Elie a écrit : >>>> >>>>> Hi all, >>>>> It seems that this problem of flow is not resolved yet. >>>>> I'm actually testing mfa with gauth on CAS v7.1 (also tested on v7.2) >>>>> and i still have to make this change in the forms action on file >>>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html.. >>>>> With this change i can successfully register my device but that's all, >>>>> just after this step i encouter an error 500 also linked to the flow: >>>>> >>>>> Error: jakarta.servlet.ServletException: Request processing failed: >>>>> org.springframework.webflow.execution.ActionExecutionException: Exception >>>>> thrown executing >>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@342fddc >>>>> in state 'accountRegistrationCheck' of flow 'mfa-gauth' -- action >>>>> execution >>>>> attributes were 'map[[empty]]' >>>>> >>>>> Any news here ? >>>>> >>>>> >>>>> Regards, >>>>> >>>>> Bruno >>>>> >>>>> Le mardi 2 juillet 2024 à 12:03:20 UTC+2, Frédéric Dussurget a écrit : >>>>> >>>>>> Hi Artur, >>>>>> I gave it a try this morning, this is exactly what I've done : >>>>>> >>>>>> - I flushed the db before >>>>>> - cloned a brand new cas-overlay-template version=*7.1.0-SNAPSHOT* >>>>>> and springBootVersion=3.3.1 (this morning master branch) >>>>>> - First I gave it a try and *I can confirm to you that I could not >>>>>> registered my device with this version*. >>>>>> - Then I edited >>>>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>>>> : >>>>>> nano >>>>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>>>> changed line 20 from <form method="post" id="fm1" class="fm-v >>>>>> clearfix" th:action="@{${'/' + activeFlowId} }"> to <form >>>>>> method="post" id="fm1" class="fm-v clearfix" th:action="@{/login}"> >>>>>> - build and deployed again the .war into tomcat (gradlew then mv as >>>>>> you did) >>>>>> - flushed my former cas entry in my device (google authenticator on >>>>>> my mobile phone) >>>>>> >>>>>> Then I was able to register my mobile phone again and was able to log >>>>>> in. >>>>>> >>>>>> After that, and because like gaming, I deleted the >>>>>> src/main/resources/templates/gauth/casGoogleAuthenticatorRegistrationView.html >>>>>> and regradlewed again all that stuff nut I did not flushed the db so my >>>>>> device is still registered : I'm able to log in but cannot register any >>>>>> other devices ... >>>>>> >>>>>> I would not submit a PR, because it looks more like a new mfa global >>>>>> strategy change than a typo ... >>>>>> >>>>>> >>>>>> >>>>>> Le jeudi 27 juin 2024 à 15:29:56 UTC+2, artur mis a écrit : >>>>>> >>>>>>> I have changed casGoogleAuthenticatorRegistrationView.html >>>>>>> /gradlew getResource >>>>>>> -PresourceName=casGoogleAuthenticatorRegistrationView.html >>>>>>> Edit >>>>>>> changes to: >>>>>>> <form method="post" id="fm1" class="fm-v clearfix" >>>>>>> th:action="@{/login}"> >>>>>>> ./gradlew clean build >>>>>>> ./gradlew run >>>>>>> logs: >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>>>> - <Getting FlowDefinition with id 'login'> >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] >>>>>>> - <Getting FlowDefinition with id 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Resuming >>>>>>> in >>>>>>> org.springframework.webflow.mvc.servlet.MvcExternalContext@43d3c39c> >>>>>>> 2024-06-27 15:04:38,064 DEBUG >>>>>>> [org.springframework.webflow.engine.Flow] - <Restoring >>>>>>> [FlowVariable@72d57e64 name = 'credential', valueFactory = >>>>>>> [BeanFactoryVariableValueFactory@54271a0 type = >>>>>>> GoogleAuthenticatorTokenCredential]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <Processing >>>>>>> user >>>>>>> event 'submit'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.mvc.view.AbstractMvcView] - <No model to >>>>>>> bind >>>>>>> to; done processing user event> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ViewState] - <Event 'submit' >>>>>>> returned >>>>>>> from view [CasMvcViewFactoryCreator.CasServletMvcView@19fcc87f view >>>>>>> = org.thymeleaf.spring6.view.ThymeleafView@20a0257c]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@78d19fd5 on = submit, to = saveRegistration]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'viewRegistration'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>> 'saveRegistration' of flow 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [EvaluateAction@2858a08b expression = >>>>>>> googleSaveAccountRegistrationAction, resultExpression = [null]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d >>>>>>> > >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator] >>>>>>> - <Authorizing token [442461] against account >>>>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>>>> username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> 2024-06-27 15:04:38,065 WARN >>>>>>> [org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction] >>>>>>> - >>>>>>> <Unable to authorize given token [442461] for account >>>>>>> [OneTimeTokenAccount(id=1719493478065, validationCode=583590, >>>>>>> username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> 2024-06-27 15:04:38,065 ERROR >>>>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] >>>>>>> - >>>>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing >>>>>>> org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction@accba2d; >>>>>>> result = error> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [EvaluateAction@2858a08b expression = >>>>>>> googleSaveAccountRegistrationAction, resultExpression = [null]]; result >>>>>>> = >>>>>>> error> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@21706f35 on = *, to = accountRegistrationCheck]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'saveRegistration'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ActionState] - <Entering state >>>>>>> 'accountRegistrationCheck' of flow 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [EvaluateAction@27d141a0 expression = >>>>>>> googleAccountCheckRegistrationAction, resultExpression = [null]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a >>>>>>> > >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing >>>>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction@d6db36a; >>>>>>> result = register> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [EvaluateAction@27d141a0 expression = >>>>>>> googleAccountCheckRegistrationAction, resultExpression = [null]]; >>>>>>> result = >>>>>>> register> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Executing >>>>>>> [Transition@27ba422f on = register, to = viewRegistration]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.Transition] - <Exiting state >>>>>>> 'accountRegistrationCheck'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.engine.ViewState] - <Entering state >>>>>>> 'viewRegistration' of flow 'mfa-gauth'> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [SetAction@28627feb name = viewScope.principal, value = >>>>>>> conversationScope.authentication.principal]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Finished >>>>>>> executing [SetAction@28627feb name = viewScope.principal, value = >>>>>>> conversationScope.authentication.principal]; result = success> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> [EvaluateAction@127cb29e expression = >>>>>>> googleAccountCreateRegistrationAction, resultExpression = [null]]> >>>>>>> 2024-06-27 15:04:38,065 DEBUG >>>>>>> [org.springframework.webflow.execution.ActionExecutor] - <Executing >>>>>>> org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction@3208f7f >>>>>>> > >>>>>>> 2024-06-27 15:04:38,071 DEBUG >>>>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] >>>>>>> - >>>>>>> <Registration key URI is >>>>>>> [otpauth://totp/CASLabel:casuser?secret=****************]> >>>>>>> >>>>>>> >>>>>>> I was thinking that i have wrong sync time becouse : >>>>>>> 2024-06-27 15:04:38,065 ERROR >>>>>>> [org.apereo.cas.otp.web.flow.OneTimeTokenAccountSaveRegistrationAction] >>>>>>> - >>>>>>> <Unable to validate account [OneTimeTokenAccount(id=1719493478065, >>>>>>> validationCode=583590, username=casuser, name=serene_faraday, >>>>>>> registrationDate=2024-06-27T13:04:38.065457164Z, lastUsedDateTime=null, >>>>>>> source=null)]> >>>>>>> LOGS are in CEST but some internal logs are UTC but they look like >>>>>>> the same after calculation. >>>>>>> >>>>>>> >>>>>>> Finally: I havent recive logs like before with 403 but : >>>>>>> 024-06-27 15:25:53,702 DEBUG >>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Completed 401 >>>>>>> UNAUTHORIZED> >>>>>>> So i'm still in black ass. >>>>>>> >>>>>>> On Thursday, June 27, 2024 at 1:11:29 PM UTC+2 artur mis wrote: >>>>>>> >>>>>>>> Could anybody confirm that this issue still appear itself in >>>>>>>> v7.1. Ii seems i have the same . My logs : >>>>>>>> >>>>>>>> [env : simple as posible casuser:Mellon with mf-gauth run by >>>>>>>> ./gradlew run debug,time synced with ntpd server] >>>>>>>> >>>>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-06-27 12:09:08,262 DEBUG >>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping >>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>> 2024-06-27 12:09:08,263 DEBUG >>>>>>>> [org.springframework.boot.actuate.audit.listener.AuditListener] - >>>>>>>> <AuditEvent [timestamp=2024-06-27T10:09:08.263569200Z, >>>>>>>> principal=anonymousUser, type=AUTHORIZATION_FAILURE, >>>>>>>> data={details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, >>>>>>>> SessionId=null]}]> >>>>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" >>>>>>>> dispatch for >>>>>>>> POST "/cas/error", parameters={masked}> >>>>>>>> 2024-06-27 12:09:08,266 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>> - <Mapped to >>>>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>>>> 2024-06-27 12:09:08,267 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and supported >>>>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>>>> application/*+json, >>>>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>>>> application/*+xml;charset=UTF-8]> >>>>>>>> 2024-06-27 12:09:08,268 DEBUG >>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>> - <Writing [{timestamp=Thu Jun 27 12:09:08 CEST 2024, status=403, >>>>>>>> error=Forbidden, message=Access Denied, path=/ (truncated)...]> >>>>>>>> 2024-06-27 12:09:08,269 DEBUG >>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>>>> "ERROR" >>>>>>>> dispatch, status 403> >>>>>>>> 2024-06-27 12:09:16,765 DEBUG >>>>>>>> [org.apereo.cas.otp.repository.token.OneTimeTokenRepositoryCleaner] - >>>>>>>> <Starting to clean previously used authenticator tokens from >>>>>>>> [BaseOneTimeTokenRepository()] at >>>>>>>> [2024-06-27T12:09:16.765857631+02:00[Europe/Warsaw]]> >>>>>>>> >>>>>>>> On Wednesday, January 10, 2024 at 7:52:52 PM UTC+1 Al Faller wrote: >>>>>>>> >>>>>>>>> Did some http level comparison between 6.6 and 7.0 - >>>>>>>>> 6.6 sends the POST to /cas/login, whereas >>>>>>>>> 7.0 sends the POST to /cas/mfa-gauth >>>>>>>>> >>>>>>>>> So, editing the form action in the html for the device >>>>>>>>> registration, I set the action=/cas/login on my 7.0 test and it >>>>>>>>> worked! >>>>>>>>> >>>>>>>>> Looks like the form was changed in commit 15580dc in October, for >>>>>>>>> "allow account profile to allow users to register devices with >>>>>>>>> gauth". I don't pretend to understand how the flow was changed, but >>>>>>>>> maybe >>>>>>>>> this will help someone with straightening this out. Unfortunately my >>>>>>>>> hack >>>>>>>>> works fine with a vanilla version of CAS running, but does not work >>>>>>>>> once I >>>>>>>>> turn on all of the features I need (I get different errors though, >>>>>>>>> which is >>>>>>>>> likely related to the flow changes). >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Jan 10, 2024 at 11:00 AM Al Faller <fal...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> HI All - >>>>>>>>>> >>>>>>>>>> Turned on debugging for spring and it looks like spring is >>>>>>>>>> sending the error: >>>>>>>>>> >>>>>>>>>> 2024-01-10 15:49:02,787 INFO >>>>>>>>>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] >>>>>>>>>> expired tickets removed.> >>>>>>>>>> 2024-01-10 15:49:10,713 DEBUG >>>>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>>>> <Mapping >>>>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>>>> 2024-01-10 15:49:10,715 DEBUG >>>>>>>>>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - >>>>>>>>>> <Mapping >>>>>>>>>> request with URI '/cas/mfa-gauth' to flow with id 'mfa-gauth'> >>>>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to >>>>>>>>>> match >>>>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>>>> request, >>>>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>>>> (1/1)> >>>>>>>>>> 2024-01-10 15:49:10,716 DEBUG >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>>>> /mfa-gauth> >>>>>>>>>> 2024-01-10 15:49:10,716 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>>>> 2024-01-10 15:49:10,717 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>>>> - <Did not match request to >>>>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>>>> 2024-01-10 15:49:10,718 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> CorsFilter >>>>>>>>>> (5/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>>>> - >>>>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>>>> lookup >>>>>>>>>> a value, but not provided> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>>>> 2024-01-10 15:49:10,719 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AuthorizationFilter (10/10)> >>>>>>>>>> 2024-01-10 15:49:10,720 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>>>> FirewalledRequest[ >>>>>>>>>> org.apache.catalina.connector.RequestFacade@4d5329b9]]> >>>>>>>>>> 2024-01-10 15:49:10,739 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Denying request since did not find matching RequestMatcher> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>>>> - <No HttpSession currently exists> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,459 TRACE >>>>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], >>>>>>>>>> Authenticated=true, >>>>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>>>> 2024-01-10 15:49:13,460 TRACE >>>>>>>>>> [org.springframework.security.web.access.ExceptionTranslationFilter] >>>>>>>>>> - >>>>>>>>>> <Sending AnonymousAuthenticationToken [Principal=anonymousUser, >>>>>>>>>> Credentials=[PROTECTED], Authenticated=true, >>>>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to >>>>>>>>>> authentication >>>>>>>>>> entry point since access is denied> >>>>>>>>>> org.springframework.security.access.AccessDeniedException: Access >>>>>>>>>> Denied >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:95) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) >>>>>>>>>> at >>>>>>>>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) >>>>>>>>>> at >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735) >>>>>>>>>> at >>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) >>>>>>>>>> at >>>>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) >>>>>>>>>> at >>>>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) >>>>>>>>>> at >>>>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) >>>>>>>>>> at >>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) >>>>>>>>>> at >>>>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) >>>>>>>>>> at java.base/java.lang.VirtualThread.run(VirtualThread.java:309) >>>>>>>>>> 2024-01-10 15:49:13,462 TRACE >>>>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>>>> - >>>>>>>>>> <Did not save request since it did not match [And [Not [Ant >>>>>>>>>> [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher >>>>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>>>> matchingMediaTypes=[application/json], useEquals=false, >>>>>>>>>> ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher >>>>>>>>>> [expectedHeaderName=X-Requested-With, >>>>>>>>>> expectedHeaderValue=XMLHttpRequest]], >>>>>>>>>> Not [MediaTypeRequestMatcher >>>>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>>>> matchingMediaTypes=[multipart/form-data], useEquals=false, >>>>>>>>>> ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher >>>>>>>>>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@52ed42d6, >>>>>>>>>> matchingMediaTypes=[text/event-stream], useEquals=false, >>>>>>>>>> ignoredMediaTypes=[*/*]]]]]> >>>>>>>>>> 2024-01-10 15:49:13,462 DEBUG >>>>>>>>>> [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] >>>>>>>>>> - <Pre-authenticated entry point called. Rejecting access> >>>>>>>>>> 2024-01-10 15:49:13,485 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>>>> [text/html]}]> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Trying to >>>>>>>>>> match >>>>>>>>>> request against DefaultSecurityFilterChain [RequestMatcher=any >>>>>>>>>> request, >>>>>>>>>> Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@b09f0dd, >>>>>>>>>> org.springframework.security.web.access.channel.ChannelProcessingFilter@72011381, >>>>>>>>>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@782e15e, >>>>>>>>>> org.springframework.security.web.context.SecurityContextHolderFilter@3824c76c, >>>>>>>>>> org.springframework.web.filter.CorsFilter@3baaf6b3, >>>>>>>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465fbf9b, >>>>>>>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32ec28f8, >>>>>>>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter@336656e0, >>>>>>>>>> org.springframework.security.web.access.ExceptionTranslationFilter@2410c8fa, >>>>>>>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]] >>>>>>>>>> (1/1)> >>>>>>>>>> 2024-01-10 15:49:13,503 DEBUG >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Securing POST >>>>>>>>>> /error> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> DisableEncodeUrlFilter (1/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ChannelProcessingFilter (2/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >>>>>>>>>> - <Did not match request to >>>>>>>>>> org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter$$Lambda/0x00007f631cae9678@1cc4d16 >>>>>>>>>> - [REQUIRES_SECURE_CHANNEL] (1/1)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> WebAsyncManagerIntegrationFilter (3/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderFilter (4/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> CorsFilter >>>>>>>>>> (5/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> RequestCacheAwareFilter (6/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] >>>>>>>>>> - >>>>>>>>>> <matchingRequestParameterName is required for getMatchingRequest to >>>>>>>>>> lookup >>>>>>>>>> a value, but not provided> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> SecurityContextHolderAwareRequestFilter (7/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AnonymousAuthenticationFilter (8/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> ExceptionTranslationFilter (9/10)> >>>>>>>>>> 2024-01-10 15:49:13,503 TRACE >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Invoking >>>>>>>>>> AuthorizationFilter (10/10)> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Authorizing SecurityContextHolderAwareRequestWrapper[ >>>>>>>>>> FirewalledRequest[ >>>>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]]> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager] >>>>>>>>>> - <Checking authorization on >>>>>>>>>> SecurityContextHolderAwareRequestWrapper[ >>>>>>>>>> FirewalledRequest[ >>>>>>>>>> org.apache.catalina.core.ApplicationHttpRequest@16ba441]] >>>>>>>>>> using >>>>>>>>>> org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda/0x00007f631caeb020@73216a8b >>>>>>>>>> > >>>>>>>>>> 2024-01-10 15:49:13,504 DEBUG >>>>>>>>>> [org.springframework.security.web.FilterChainProxy] - <Secured POST >>>>>>>>>> /error> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.web.servlet.i18n.CookieLocaleResolver] - <Parsed >>>>>>>>>> cookie value [en-US] into locale 'en_US'> >>>>>>>>>> 2024-01-10 15:49:13,504 TRACE >>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <"ERROR" >>>>>>>>>> dispatch for >>>>>>>>>> POST "/cas/error", parameters={masked}, headers={masked} in >>>>>>>>>> DispatcherServlet 'dispatcherServlet'> >>>>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>>>> - <2 matching mappings: [{ [/error]}, { [/error], produces >>>>>>>>>> [text/html]}]> >>>>>>>>>> 2024-01-10 15:49:13,505 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] >>>>>>>>>> - <Mapped to >>>>>>>>>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)> >>>>>>>>>> 2024-01-10 15:49:13,513 TRACE >>>>>>>>>> [org.springframework.web.method.HandlerMethod] - <Arguments: >>>>>>>>>> [org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper@3b6c3379 >>>>>>>>>> ]> >>>>>>>>>> 2024-01-10 15:49:13,531 DEBUG >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>>>> - <Using 'application/vnd.cas.services+yaml', given [*/*] and >>>>>>>>>> supported >>>>>>>>>> [application/vnd.cas.services+yaml, application/json, >>>>>>>>>> application/*+json, >>>>>>>>>> application/xml;charset=UTF-8, text/xml;charset=UTF-8, >>>>>>>>>> application/*+xml;charset=UTF-8]> >>>>>>>>>> 2024-01-10 15:49:13,531 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] >>>>>>>>>> - <Writing [{timestamp=Wed Jan 10 15:49:13 UTC 2024, status=403, >>>>>>>>>> error=Forbidden, message=Access Denied, path=/cas/mfa-gauth}]> >>>>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter] >>>>>>>>>> - <Applying default cacheSeconds=-1> >>>>>>>>>> 2024-01-10 15:49:13,574 TRACE >>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <No view >>>>>>>>>> rendering, >>>>>>>>>> null ModelAndView returned.> >>>>>>>>>> 2024-01-10 15:49:13,576 DEBUG >>>>>>>>>> [org.springframework.web.servlet.DispatcherServlet] - <Exiting from >>>>>>>>>> "ERROR" >>>>>>>>>> dispatch, status 403, headers={masked}> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >>>>>>>>>> - <No HttpSession currently exists> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.context.SupplierDeferredSecurityContext] >>>>>>>>>> - <Created SecurityContextImpl [Null authentication]> >>>>>>>>>> 2024-01-10 15:49:13,576 TRACE >>>>>>>>>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>>>>>>>>> - <Set SecurityContextHolder to AnonymousAuthenticationToken >>>>>>>>>> [Principal=anonymousUser, Credentials=[PROTECTED], >>>>>>>>>> Authenticated=true, >>>>>>>>>> Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, >>>>>>>>>> SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]> >>>>>>>>>> >>>>>>>>>> On Wednesday, January 10, 2024 at 7:57:27 AM UTC-5 Frédéric >>>>>>>>>> Dussurget wrote: >>>>>>>>>> >>>>>>>>>>> Hi Al, >>>>>>>>>>> I've got the same issue, could not fixed it. F12 console in your >>>>>>>>>>> browser might throw a 401 error ... (for info my db backend is >>>>>>>>>>> redis) >>>>>>>>>>> we have a topic here : >>>>>>>>>>> https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M >>>>>>>>>>> regards, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Le mercredi 10 janvier 2024 à 05:26:03 UTC+1, Al Faller a écrit : >>>>>>>>>>> >>>>>>>>>>>> Hi - >>>>>>>>>>>> >>>>>>>>>>>> Trying to get mfa-gauth working with 7.0. Unfortunately when >>>>>>>>>>>> I'm attempting to "Confirm account registration" (save my new >>>>>>>>>>>> device), I >>>>>>>>>>>> receive a 403 error back from CAS at /cas/mfa-gauth and an error >>>>>>>>>>>> on the >>>>>>>>>>>> screen. I can reproduce this with a clean copy of the overlay. >>>>>>>>>>>> My steps: >>>>>>>>>>>> >>>>>>>>>>>> - add 'implementation >>>>>>>>>>>> "org.apereo.cas:cas-server-support-gauth"' to the build.gradle >>>>>>>>>>>> - ./gradlew build >>>>>>>>>>>> - add >>>>>>>>>>>> cas.authn.mfa.triggers.global.global-provider-id=mfa-gauth to >>>>>>>>>>>> /etc/cas/config/cas.properties >>>>>>>>>>>> - java -jar build/libs/cas.war --server.ssl.enabled=false >>>>>>>>>>>> --server.port=8080 >>>>>>>>>>>> >>>>>>>>>>>> From chrome developer tools, looks like the following was >>>>>>>>>>>> returned: >>>>>>>>>>>> --- !<java.util.LinkedHashMap> >>>>>>>>>>>> timestamp: "2024-01-09T22:48:27.384+00:00" >>>>>>>>>>>> status: 403 >>>>>>>>>>>> error: "Forbidden" >>>>>>>>>>>> message: "Access Denied" >>>>>>>>>>>> path: "/cas/mfa-gauth" >>>>>>>>>>>> >>>>>>>>>>>> added debug logging - nothing useful shows up. >>>>>>>>>>>> >>>>>>>>>>>> Attached is the screenshot: >>>>>>>>>>>> [image: Screenshot from 2024-01-09 17-45-14.png] >>>>>>>>>>>> >>>>>>>>>>>> Any ideas why this might be breaking? I have tried 7.0 and >>>>>>>>>>>> master with no luck. >>>>>>>>>>>> >>>>>>>>>>>> Thanks in advance, >>>>>>>>>>>> >>>>>>>>>>>> Al >>>>>>>>>>>> >>>>>>>>>>>> -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e8c8240-315a-4e5d-83b7-4ae9a3b0d397n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e8c8240-315a-4e5d-83b7-4ae9a3b0d397n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Seyyed Mohsen Saeedi سید محسن سعیدی -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE0qWrwim7-ted%3D1seMtV1JXJUJMDPa88xfXGakft1nYFmvy8w%40mail.gmail.com.
