I have regenerated the webflow and tgc keys. Users are still reporting the same behavior. I have narrowed it down to “mostly” the Firefox browser.
Next step is to try to go to 7.1.x. Thanks for all of the input. If anyone else has other ideas, please let me know. Thanks, -Jeremy From: cas-user@apereo.org <cas-user@apereo.org> On Behalf Of Eugene Willis Sent: Wednesday, February 5, 2025 8:05 PM To: cas-user@apereo.org Subject: Re: [cas-user] RE: Odd mfa-duo behavior May need to update webflo and tgc keys for version 7 cas . Comment the old keys out to get the new ones. Sent from my iPhone On Feb 5, 2025, at 7:51 PM, Wickham, Jeremy <jeremy.wick...@msstate.edu<mailto:jeremy.wick...@msstate.edu>> wrote: I added some more classes into my log4j2.xml file and it is now printing a bit more information other than null – 2025-02-05 10:55:56,226 TRACE [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] - <Received Duo Security state [REDACTED]> 2025-02-05 10:55:56,226 WARN [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] - <java.lang.IllegalArgumentException: org.jooq.lambda.UncheckedException: org.jose4j.lang.JoseException: A JWS Compact Serialization must have exactly 3 parts separated by period ('.') characters> org.apereo.cas.util.crypto.DecryptionException: java.lang.IllegalArgumentException: org.jooq.lambda.UncheckedException: org.jose4j.lang.JoseException: A JWS Compact Serialization must have exactly 3 parts separated by period ('.') characters at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:96) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:36) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:140) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:156) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.pac4j.BrowserWebStorageSessionStore.buildFromTrackableSession(BrowserWebStorageSessionStore.java:68) ~[cas-server-support-pac4j-api-7.0.9.jar:7.0.9] at org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.handleDuoSecurityUniversalPromptResponse(DuoSecurityUniversalPromptValidateLoginAction.java:96) ~[cas-server-support-duo-core-7.0.9.jar:7.0.9] at org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.doExecuteInternal(DuoSecurityUniversalPromptValidateLoginAction.java:72) ~[cas-server-support-duo-core-7.0.9.jar:7.0.9] Would appreciate any insight anyone might have. Thanks, -Jeremy From: cas-user@apereo.org<mailto:cas-user@apereo.org> <cas-user@apereo.org<mailto:cas-user@apereo.org>> On Behalf Of Wickham, Jeremy Sent: Tuesday, February 4, 2025 5:04 PM To: cas-user@apereo.org<mailto:cas-user@apereo.org> Subject: [cas-user] Odd mfa-duo behavior Here for the past week or so I have had quite a few users receive the MFA Unavailable screen after they Duo Authenticate. Duo shows a successful authentication, but when it is returned back to CAS, it appears to throw a DecryptionException. I cannot recreate this behavior myself, but I do have one coworker who can. I have turned on trace on quite a few packages to attempt to, I have found the following stacktrace, Any idea how I can diagnose this? 2025-02-04 15:09:52,977 TRACE [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] - <Received Duo Security state [XXXXXXXXXXXXXXXXXXXXXXXXX]> 2025-02-04 15:09:52,977 WARN [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] - <DecryptionException> org.apereo.cas.util.crypto.DecryptionException: null at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:96) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:36) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:140) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:156) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.pac4j.BrowserWebStorageSessionStore.buildFromTrackableSession(BrowserWebStorageSessionStore.java:68) ~[cas-server-support-pac4j-api-7.0.9.jar:7.0.9] at org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.handleDuoSecurityUniversalPromptResponse(DuoSecurityUniversalPromptValidateLoginAction.java:96) ~[cas-server-support-duo-core-7.0.9.jar:7.0.9] Thanks, -Jeremy ________________________ Jeremy Wickham Mississippi State University jeremy.wick...@msstate.edu<mailto:jeremy.wick...@msstate.edu> Webex Personal Room: https://msstate.webex.com/meet/jrw16 -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB83129872901186AC0E8E0E2899F42%40CYYPR01MB8312.prod.exchangelabs.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB83129872901186AC0E8E0E2899F42%40CYYPR01MB8312.prod.exchangelabs.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB831236C71C686D9D13257A6B99F72%40CYYPR01MB8312.prod.exchangelabs.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB831236C71C686D9D13257A6B99F72%40CYYPR01MB8312.prod.exchangelabs.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/AA9FE9F7-D1CC-4143-AC35-64A74173564A%40gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/AA9FE9F7-D1CC-4143-AC35-64A74173564A%40gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB831275F53F7345E7FC61A35099F22%40CYYPR01MB8312.prod.exchangelabs.com.
